Signed Attachments

slides: https://hackmd.io/p/La5laiA6StidONmxAEGdrg --- #### Current embedded attachment ```jsonc "report~attach": { "mime-type": "application/pdf", "filename": "Garcia-inspection-March-25.pdf", "data": { "base64": "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9...", } } ``` #### Current external attachment ```jsonc "request~attach": { "data": { "sha256": "1d4db525c5ee4a2d42899040cd3728c0f0...", "links": ["https://mydomain.example.org/1214-7265-8462"] } } ``` --- #### JWS basics ```jsonc { "payload": "", // payload in base64-url format "signatures": [ { "header": {}, "protected": "", // protected headers in base64-url "signature": "" // signature in base64-url } ] } ``` #### Flattened (single signature) ```jsonc { "header": {}, "payload": "", "protected": "", "signature": "" } ``` --- #### Signed embedded attachment ```jsonc "report~attach": { "mime-type": "application/pdf", "data": { "base64": "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9n...", "jws": { // payload: ..., <-- intentionally omitted "header": { "kid": "did:key:z6MkmjY8GnV5i9YTDtPETC2uUAW6ej84..." }, "protected": "eyJhbGciOiJFZERTQSIsImlhdCI6MTU4Mzg4...", "signature": "3dZWsuru7QAVFUCtTd0s7uc1peYEijx4eyt5..." } } } ``` --- #### Signed external attachment ```jsonc "request~attach": { "data": { "sha256": "1d4db525c5ee4a2d42899040cd3728c0f0...", "links": ["https://mydomain.example.org/1214-7265-8462"], "jws": { "header": { "kid": "did:key:z6MkmjY8GnV5i9YTDtPETC2uUAW6ej84..." }, "protected": "eyJhbGciOiJFZERTQSIsImlhdCI6MTU4Mzg4...", "signature": "3dZWsuru7QAVFUCtTd0s7uc1peYEijx4eyt5..." } } } ``` --- #### JWS protected headers ```jsonc { "alg": "EdDSA", // EC key types "iat": 1583880608 // issuance time & nonce } ``` #### JWS unprotected headers ```jsonc { // probably not both "jwk": { "crv": "Ed25519", "kty": "OKP", "x": "Yg8MYXrPmSQiPMxPzKlXmW2NuJ-Gnl1bn7F-PBFsTd0" }, "kid": "did:key:z6MkmjY8GnV5i9YTDtPETC2uUAW6ejwn..." } ``` --- ### References - [`did:key` usage RFC](https://github.com/hyperledger/aries-rfcs/tree/master/features/0360-use-did-key) - [JWS Detached Content](http://self-issued.info/docs/draft-ietf-jose-json-web-signature.html#DetachedContent) - [Signature Decorator RFC](https://github.com/hyperledger/aries-rfcs/tree/master/features/0234-signature-decorator) - [Signed Attachments Closed PR](https://github.com/dhh1128/aries-rfcs/blob/1f8a4c87a632c9ce0e1eff80a4c91d279ef4005f/concepts/0017-attachments/README.md)