Add JWT VC support for RSA keys; enable ZKP tests #24
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Re: #3 - Pass jwt tests in vc-test-suite - Added RSA key for testing - Convert RSA key to DER for use with jsonwebtoken/ring - Consolidate OneOrMany enums - Add Error type
|
Thank you for your work! The tests pass, and we are even closer to finishing the test suite--good job. We are getting from 0 to 1, so testing isn't the focus right now, but I wanted to make an issue to make sure this gets addressed prior to release: #25 Still walking through the code and will likely approve today or ask for minor changes. |
|
@wyc I hope you don't mind I pushed another commit to this branch, as it is relatively minor and depends on these changes. It is to enable passing the remaining vc-test-suite tests - the |
clehner
changed the title
wyc
approved these changes
Aug 27, 2020
|
Thanks @wyc |
|
Thanks for adding the DER tags. LGTM |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#3
This adds the ability to encode a VC as a JWT (without or without signing) and decode a JWT as a VC (with or without signature verification). It also adds the ability to encode and sign a VP as a JWT. This uses the jsonwebtoken library, which uses the crypto library ring.
This implementation is focused on passing the jwt tests in vc-test-suite. The interface could probably be improved for library users that are not vc-test-suite.
For JWS algorithms, currently only RSA (RS256) is supported. Next should probably be HS256 and ES256 (Required, and Recommended+, respectively, by RFC 7518); and/or ES256K/secp256k1 ("P-256K"), which is the other one besides RS256 that is supported by vc-test-suite.
The implementation includes encoding JWK parameters into DER/ASN.1 format, since jsonwebtoken/ring doesn't yet support creating a RSA private key from components (briansmith/ring#699), only from DER or PEM.
Other code changes are also included in the single squashed commit: most notably, the various OneOrMany enums are consolidated into a single type, with helper functions; and we now have an Error type to contain the various errors from our modules and wrapping errors from the external libraries.
For tests, I added an RSA private key that I generated locally with openssl.