Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[proposal] Add support for full publicKey identifiers

See original GitHub issue

Problem

There is an inherent limitation to ethr-did regarding the types of keys that can be expressed in the default DID document. The default DID document lists the ethereumAddress backing up the DID as a signature verification key, but it is not a full public key, only the truncated hash of one. Therefore it cannot be used for Diffie Hellman negotiations, nor for direct signature checks using ecVerify(), or any encoding transformation, like key-material -> JWK representation.

In most cases the ethereumAddress of an identifier comes from a publicKey and not from a contract. Of course, it is possible to add the full secp256k1 key but that requires a transaction and gas, going against a first principle of did:ethr which is onboarding without gas.

Proposal

The same infrastructure(ERC1056 contract) that is now used to resolve ethr-dids could support DIDs that are based on secp256k1 public keys. The queries to the erc1056 contract would be the same, it would be up to the resolver to compute the corresponding ethereumAddress to be able to perform the queries.

Example DID

  • existing ethr-did: did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74 did:ethr:0x4:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74 did:ethr:rinkeby:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74
  • proposed DID using publicKeyHex (compressed):
    • generic (mainnet) did:ethr:0x02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71
    • with chainID did:ethr:0x4:0x02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71
    • with network name did:ethr:rinkeby:0x02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71

Example default DID document

(the newer format from W3C is a separate line of work)

{
  "@context": "https://w3id.org/did/v1",
  "id": "did:ethr:0x02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71",
  "publicKey": [
    {
         "id": "did:ethr:0x02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71#owner",
         "type": "Secp256k1VerificationKey2018",
         "publicKeyHex": "0x02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71"
    },
    {
         "id": "did:ethr:0x02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71#key-1",
         "type": "Secp256k1VerificationKey2018",
         "ethereumAddress": "0xf3beac30c498d9e26865f34fcaa57dbb935b0d74"
    }
  ],
  "authentication": [
    {
         "type": "Secp256k1SignatureAuthentication2018",
         "publicKey": "did:ethr:0x02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71#owner"
    },
    {
         "type": "Secp256k1SignatureAuthentication2018",
         "publicKey": "did:ethr:0x02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71#key-1"
    }
  ]
}

Details

Owner changes

The present ERC1056 contract can only list an ethereumAddress as owner so changing owner MUST invalidate the publicKey identifier as well as the corresponding ethereumAddress from the list of publicKey and authentication sections (and any other corresponding entries that may appear in newer W3C docs). Ownership changes that would automatically list a full public key would require changes to the contract code which is not an intent of this proposal. If an owner needs to be changed, the assumption is that they already have access to gas, so they could first add the new publicKey as attribute and then shift ownership.

Multi-network

Multi-network support MUST NOT be affected by this change. the format did:ethr[:<network>]:<identifier> is preserved, only the identifier can now be of 2 formats.

  • 42 chars -> ethereumAddress
  • 68 chars -> compressed publicKey

Steps

  • resolve("did:ethr:pubKey")
    • pubKey -> uncompressed pubKey -> origAddress
    • query ERC1056 contract with origAddress to get owner, delegates and attribute history
    • if owner is origAddress, add entries for both pubKey and origAddress to the publicKey and authentication sections in the resulting DID doc, otherwise, add only the new owner address
    • if origAddress is one of the delegates, add pubKey to the publicKey section of the resulting DID doc
    • continue building the rest of the document by existing rules
  • resolve("did:ethr:ethereumAddress")
    • no changes to functionality expected; resolve by existing rules

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:1
  • Comments:5 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
uport-automation-botcommented, Aug 21, 2020

🎉 This issue has been resolved in version 2.4.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

1reaction
awoiecommented, Mar 23, 2020

@mirceanis we should already remove ethereumAddress from the publicKey section and just add it to the authentication section. You would then embed the whole value of the entry there.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Support Decentralized Identifiers (DIDs) in addition to Web IDs ...
This is a placeholder proposal for the Solid project to support Decentralized Identifiers (DIDs), in addition to Web IDs. Similarities: Both DIDs and...
Read more >
Web Authentication: An API for accessing Public Key ... - W3C
This updated version of the Web IDL standard adds support for Promise s, which are now the preferred mechanism for asynchronous interaction ...
Read more >
The did:key Method v0.7
This specification describes a non-registry based DID Method based on expanding a cryptographic public key into a DID Document.
Read more >
Use ssh-keygen to create SSH key pairs and more - TechTarget
SSH authenticates using public keys, and the utility ssh-keygen makes SSH key pairs possible. Find out how ssh-keygen works and what else it...
Read more >
What is SSH Public Key Authentication?
Only a user in possession of a private key that corresponds to the public key at the server will be able to authenticate...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Verification method using EIP-712

Next page

Infura token needs to be configurable