-
Notifications
You must be signed in to change notification settings - Fork 244
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add RSA did:key #277
Add RSA did:key #277
Conversation
The resolver throws a
|
@clehner @BernhardFuchs I just tried it as well with the new example DID, and it didn't work for me either:
Gives:
Maybe DockerHub doesn't have the latest DIDKit driver image? |
The |
Sorry about that. Marking this as draft until the Docker image is updated. |
The didkit-http Docker image has been updated, so I think this should work now. |
Great, @BernhardFuchs could you try it? |
RSA test vectors were added to the
did:key
specification in w3c-ccg/did-method-key#41.DIDKit got support for RSA
did:key
via spruceid/ssi#309.This PR updates UR's config to try to use DIDKit for resolving RSA
did:key
DIDs. The 2048-bit test vector from the specification is added as a test identifier.I did not find a way to match a RSA did:key with a regex for a key of arbitrary length - only for specific lengths (e.g.
z4MX
for 2048-bit,z2W
for 3072-bit,zgg
for 4096-bit - as seen in the specification draft). So this PR matches based on length instead. The length of 200 or greater after the "z" should match a key with modulus of 1024-bits or longer. This is also longer than the other longest did:key seen so far, the uncompressed P-521 (which was removed in w3c-ccg/did-method-key#36 in favor of the compressed one; DIDKit doesn't yet support P-521 in any case). JsonWebSignature2020 and JWS specifications recommend or require 2048-bit modulus for RSA, so this length minimum of 1024 should be compatible with practical usage.