w3c-ccg/security-vocab

Proposal for deterministic IDs for Sha256HmacKey2019

OR13 opened this issue · 4 comments

OR13 commented 
{
"id":"urn:digest:6a8fdcd1377afccf388999796e278cfb2768cce7b8f2534b7f281d91934b3be4",
"type":"Sha256HmacKey2019",
"privateValueBase58": "..."
}

where id is sha256 of privateValueBase58....

We need this for secure data stores....

@dlongley @dmitrizagidulin

dlongley commented

We need this for secure data stores....

Can you link to more information on this?

OR13 commented

@dlongley https://identity.foundation/secure-data-store/#datavaultconfiguration

https://github.com/digitalbazaar/edv-client/blob/master/tests/MockHmac.js#L6

How to represent the hmac key in JSON (in some ways related to the KeyPair vs VerificationKey debate)...

IMO, JSON-LD can and should be used for describing data models for things that are fully private... I know @msporny thinks privateKeyPem was a mistake... but I don't agree... especially if we persist in the use of the name "VerificationKey"... I think we are implying an incomplete vocabulary, that requires a defintion of a "KeyPair"....

@tplooker and I discussed this as it related to JsonWebKey2020 and the BlsKeys....

Seems like we have 2 options:

Option 1 Define a KeyPair + PublicKey

"Ed25519KeyPair2020" -> contains -> "privateKeyBase58" + "publicKeyBase58"
"Ed25519PublicKey2020" -> contains -> "publicKeyBase58"
"JsonWebKeyPair2020" -> contains -> "privateKeyJwk" + "publicKeyJwk"
"JsonWebPublicKey2020" -> contains -> "publicKeyJwk"
"Sha256HmacKey2019" -> contains -> "privateKeyBase58" (is there public representation of an Hmac, like a salted hash of the key?)

Option 2 Keep doing what we are doing, but relax the naming conventions....

"Ed25519VerificationKey2018" -> contains -> "privateKeyBase58" + "publicKeyBase58"
"JsonWebKey2020" -> contains -> "privateKeyJwk" + "publicKeyJwk"
"Sha256HmacKey2019" -> contains -> "privateKeyBase58"

Write spec text noting that all verification methods never contain "privateKeyBase58", or "privateKeyJwk", etc...

OR13 commented

Perhaps support for hmac / symmetic keys should be defined in JSON-LD as well... see https://transmute-industries.github.io/universal-wallet/#Key