did-method-key icon indicating copy to clipboard operation
did-method-key copied to clipboard

Published 20 hours ago verified publisher icon w3c-ccg

Can RSA keys be expressed as did:key ?

Open bblfish opened this issue 3 years ago • 9 comments

It's a bit difficult to work out from the spec if this is possible or not. If there is a way to express an RSA key as a did:key is there any other information in that key? In particular the Signing HTTP Messages requires one not just to pass a keyId for a key but for it to refer to a subset of the product cryptographic key × signatureAlgorithm where the second part involves the hashing function needed. This would suggest that a did:key could not be used directly as a URL for Signing HTTP Messages as discussed in Issue 31.

bblfish avatar Mar 21 '21 21:03 bblfish

I think it depends on this issue to assign a multicodec entry for RSA keys: https://github.com/multiformats/multicodec/pull/195 That should allow using a RSA public key encoded as DER in a did:key.

clehner avatar Mar 22 '21 12:03 clehner

Thanks. Would that then also contain information about the hashing algorithm to use? ie. rsaSha512, rsaSha384, etc... see RsaTest.

bblfish avatar Mar 22 '21 13:03 bblfish

@bblfish If the DID just has the RSA public key, I don't think that would include the hash algorithm, or whether to use PSS or PKCS1-v1_5. did:key could specify some specific algorithm, or to represent it in the DID with some additional fields.

There is also a question of what linked data signature suite to use for the verification methods in the resulting DID document. If the key size is 2048, for JWS algorithm RS256 (PKCS1-v1_5 + SHA256) there is RSA Signature Suite 2018; for PS256 (PSS and SHA256), there is JSON Web Signature 2020. For other parameters, I'm not aware of existing linked data proof signature suite that could be used.

clehner avatar Mar 22 '21 21:03 clehner

RSA public key (X.509 encoded) is now in multicodec: https://github.com/multiformats/multicodec/pull/226

clehner avatar Sep 02 '21 12:09 clehner

@clehner you should provide test vectors for RSA here.

OR13 avatar Sep 23 '21 17:09 OR13

@OR13 Test vector proposed in #41.

I'm unsure, however, if it is the correct use of the registered multicodec value. Feedback on that and/or here would be welcome: https://github.com/multiformats/multicodec/issues/230.

I assumed that like the other listed did:key types, the DID should encode the public key value. However it does result in a somewhat long DID (381 chars for a 2048-bit key). But if the value is a digest, we could not use simply use JsonWebKey2020 in the DID document, right?

clehner avatar Sep 24 '21 14:09 clehner

@clehner your test vectors look correct, and as long as you provide the JWK values for the multiformat encoding, they will be sufficient for proving interop.

You should add a 4096 key for the sake of completness.

OR13 avatar Sep 28 '21 15:09 OR13

@OR13 thanks for reviewing it. A 4096 key has been added. The PR is still in draft, pending changes in multicodec.

clehner avatar Sep 29 '21 20:09 clehner

This was done in https://github.com/w3c-ccg/did-method-key/pull/41, https://github.com/multiformats/multicodec/pull/233, and https://github.com/w3c-ccg/did-method-key/pull/45.

@bblfish does this answer you question(s)?

clehner avatar May 25 '22 19:05 clehner