Including public keys in client-managed secret mode

Question

Including public keys in client-managed secret mode

Closed this issue 9 months ago · 2 comments

In the experimental client-managed secret flow with did:sov, the client can include a public key in the initial request for DID creation:

{
  "options": {
    "network": "danube",
    "clientSecretMode": true,
    "publicKey": "DHu3PwQNjEGv2qNanA7vxytLr83CLutKhqeKZwjRi2Yd"
  },
  "secret": { },
  "didDocument": { }
}

Maybe the public key should be represented as JWK, and maybe it should be possible to include multiple (named?) public keys. Their meaning and use may depend on the DID method. Also, we should explain when public keys using for creating DIDs will also show up as verificationMethods in the DID document, and when not. (I.e. sometimes the keys that control a DID are not the same as the keys that are listed in the DID document).

Example:

{
    "options": {
        "network": "danube",
        "clientSecretMode": true,
        "publicKey": {
            "mymaincontrolkey": {
                "kid": "...",
                "kty": "EC",
                "crv": "secp256k1",
                "x": "DHu3PwQNjEGv2qNanA7vxytLr83CLutKhqeKZwjRi2Yd"
            },
            "myotherkey": {
                ...
            }
        }
    },
    "secret": { },
    "didDocument": {
        "@context": ...,
        "id": ...,
        "verificationMethod": [ {
            "id": "...",
            "type": "EcdsaSecp256k1VerificationKey2019",
            "publicKeyBase58": "DHu3PwQNjEGv2qNanA7vxytLr83CLutKhqeKZwjRi2Yd"
        } ]
    }
}

Answer 1 · 2021-09-29T14:53:41.000Z

DID EBSI experimental client managed secret mode receives parameters as follows:

{
    "options": {
        "identifier": "did:ebsi:Ead23sQxsi4vHi7yi6wrTdJ3BKW5XnyEzZnxRUwqJugJ",
        "publicKey": [
            {
                "type": "JsonWebKey2020",
                "publicKeyJwk": {
                    "crv": "P-256",
                    "kty": "EC",
                    "x": "NZCE9dxni3fcJlu_bDA05uYEgZzXuO9ceYC43SfcSHg",
                    "y": "L7S_hm8m6ZMIYXUvDMxUMwNDywRpDIh7qnPY3HQDcT0"
                }
            },
            {
                "type": "EcdsaSecp256k1VerificationKey2019",
                "publicKeyJwk": {
                    "kty": "EC",
                    "crv": "secp256k1",
                    "x": "LHWO18TDcaapPjcb3pCOQO1oSa4tWICJBcP2-zQml_0",
                    "y": "l8OcTcFtPPrjprTXYZ9IpRP35KSu2QtFMtJQIBxc2B0"
                }
            }
        ],
        "clientAddress": "0x3cbd325d48f30ec35d45d3d87914bf4089c6f11d",
        "clientSideSecret": "true"
    },
    "secret": {
        "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksiLCJraWQiOiJodHRwczovL2FwaS5wcmVwcm9kLmVic2kuZXUvdHJ1c3RlZC1hcHBzLXJlZ2lzdHJ5L3YyL2FwcHMvMHgwOGMyNTg1NmZiY2JkZDA3NmM5YzM5NTEyYWJlZjYzMDk3NDk5MTBhMTEwZDlkMWE5YzlhN2QyYjI3N2I2ZDIwIn0.eyJpYXQiOjE2MzI5MjU4NjMsImV4cCI6MTYzMjkyNjc2Mywic3ViIjoiZGlkOmVic2k6RWFkMjNzUXhzaTR2SGk3eWk2d3JUZEozQktXNVhueUV6Wm54UlV3cUp1Z0oiLCJhdWQiOiJlYnNpLWNvcmUtc2VydmljZXMiLCJub25jZSI6IjhhMGVlYzAxLTc4MGUtNDI2OC05M2M1LTViMzM0NjBmN2RkMyIsImxvZ2luX2hpbnQiOiJkaWRfc2lvcCIsImlzcyI6ImRpZDplYnNpOkhDOXRtaWl0VzRTOWZZQWFqNlJZc29xYlQzczdUY3d5aHlyc2JTaXpuc2RaIn0.mvMfHABSMgbhmHhNNhXlrSatDQad5NO1T1t0FV3Pz00CvmDJp77sc2FI7JMFzoUIkX8X8nHKAPdvUyd62SJ_vg"
    }
}

Answer 2 · 2024-01-20T08:17:17.000Z

This is specified in the following section, which defines how public keys (verification methods) can be included in a request in client-managed secret mode: https://identity.foundation/did-registration/#secret.

Closing.