Comments (6)
TallTed
commented on June 25, 2024
I think this is what you're referring to --
<p>
The `proofValue` property of the proof MUST be a detached ECDSA
produced according to [[FIPS-186-5]], encoded according to [[MULTIBASE]] using
the base58-btc base encoding.
</p>
Are you asking that this entire paragraph be deleted? Can you provide a reason for this?
from vc-di-ecdsa.
JSAssassin
commented on June 25, 2024
@TallTed, not the entire paragraph but the statement "The proofValue property of the proof MUST be a detached ECDSA produced according to [[FIPS-186-5]]". @msporny suggested raising this issue since he thinks that the statement is probably unnecessary.
from vc-di-ecdsa.
TallTed
commented on June 25, 2024
@JSAssassin — So are you suggesting that the paragraph should be reduced to the following, by deleting the entire "statement" you've quoted?
<p>
encoded according to [[MULTIBASE]] using the base58-btc base encoding.
</p>
Or the following, which removes only the phrase, a detached ECDSA produced according to [[FIPS-186-5]], which appears to be the salient portion of that quoted "statement"?
<p>
The `proofValue` property of the proof MUST be
encoded according to [[MULTIBASE]] using the base58-btc base encoding.
</p>
from vc-di-ecdsa.
JSAssassin
commented on June 25, 2024
@TallTed Sorry for the confusion. The second option is what I am suggesting. The phrase a detached ECDSA produced according to [[FIPS-186-5]] can be removed, leaving the paragraph with the text:
The proofValue property of the proof MUST be encoded according to [[MULTIBASE]] using the base58-btc base encoding.
from vc-di-ecdsa.
dlongley
commented on June 25, 2024
Perhaps the statement should just remove "detached":
The
proofValueproperty of the proof MUST be an ECDSA signature
produced according to [[FIPS-186-5]], encoded according to [[MULTIBASE]] using
the base58-btc base encoding.
This may also be insufficient since FIPS-186-5 just says to output the r and s components. What we really want to say (if we want to be extra clear), is that the IEEE P1363 format is used for the signature and then it is encoded using the multibase base58-btc base encoding. We can perhaps reuse some language or references mentioned in this MDN docs article around producing an ECDSA signature using Web Crypto, which uses the same (and most commonly used) format as we do here:
https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/sign#ecdsa
We could also leave this to tests to confirm if that's more appropriate. Here's all the Web Crypto spec has to say: https://www.w3.org/TR/WebCryptoAPI/#ecdsa-description
As another example, the http signatures talks about the concatenation of r and s here:
https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-17.html#section-3.3.4
The signature algorithm returns two integer values,
rands. These are both encoded as big-endian unsigned integers, zero-padded to 32-octets each. These encoded values are concatenated into a single 64-octet array consisting of the encoded value ofrfollowed by the encoded value ofs.
from vc-di-ecdsa.
msporny
commented on June 25, 2024
PR #18 has been merged to address this issue. Closing.
from vc-di-ecdsa.
Related Issues (20)
- Was this really created in 2019? HOT 2
- Excelsior Pass divergence HOT 3
- Initial Review, Suggestions, Test Vectors... HOT 2
- ECDSA Signature and Curve Definition/Terminology HOT 1
- Confirming `EcdsaSecp256r1VerificationKey2019` -> `Multikey` transition HOT 13
- Clarifying `publicKeyMultibase` encoding: `did:key` style with multicodec code, or not? HOT 3
- Add normative guidance that Deterministic signatures SHOULD be used HOT 2
- Point Privacy and Security Considerations section back to Data Integrity HOT 2
- Ensure to pass SHA-384 param and fetch verification method early to get key size HOT 2
- Add definition for secretKeyMultibase serialization HOT 1
- Remove references to MULTIBASE and MULTICODEC HOT 3
- Ensure `created` proof option is optional HOT 4
- Ensure additional custom proof options provided via `proof` are included in the proof configuration HOT 3
- "Section 4: Retrieving Cryptographic Material" => "Section 4: Retrieve Verification Method" HOT 1
- Tell implementers to use major type 2 encoding (not tag 64 -- Uint8Array) for CBOR HOT 9
- Update contexts in examples HOT 3
- Update DataIntegrityProof proofValue admissible encodings
- Recommended HMAC key length for ecdsa-sd-2023? HOT 4
- Unify Error Handling Language HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vc-di-ecdsa.