Support for RsaVerificationKey2018

[fabrii]

Hello!

I am trying to use this library to load a did:web whose verificationMethod type is an RsaVerificationKey2018.

I thought that having this suite loaded in the vc.verifyCredential method was enough, but it seems that the securityLoader also requires it.

My vc.verifyCredential method:

const result = await vc.verifyCredential({
    credential,
    suite: [suiteRSA, suiteEd25519],
    documentLoader,
    checkStatus: checkStatus
})

However, I am encountering the following error:

LOG  {
  "name": "VerificationError",
  "errors": [
    {
      "name": "Error",
      "message": "Support for key type \"RsaVerificationKey2018\" is not installed.",
      "stack": "Error: Support for key type \"RsaVerificationKey2018\" is not installed.\n    at _suiteForType

I might need to add it here:

security-document-loader/src/documentLoader.ts

Lines 26 to 29 in 28db64f

	const cryptoLd = new CryptoLD();
	cryptoLd.use(Ed25519VerificationKey2020);
	cryptoLd.use(X25519KeyAgreementKey2020);
	const didWebDriver = didWeb.driver({ cryptoLd });

Should this library support adding custom verification keys for CryptoLd?

Thank you

[fabrii]

Hello!
If you find it helpful, I can submit a PR with this feature.

Thank you

[dmitrizagidulin]

Hi @fabrii! Re submitting a PR - sure, we can at least take a look!

[fabrii]

Hi @dmitrizagidulin. I have two ideas to resolve this.

First option:

npm i @sphereon/rsa-verification-key-2018, from https://www.npmjs.com/package/@sphereon/rsa-verification-key-2018.
It is a fork from https://github.com/digitalbazaar/rsa-verification-key-2018 published to npm.

Modify documentLoader.ts with:

import { RsaVerificationKey2018 } from '@sphereon/rsa-verification-key-2018';
...
const cryptoLd = new CryptoLD();
cryptoLd.use(Ed25519VerificationKey2020);
cryptoLd.use(X25519KeyAgreementKey2020);
cryptoLd.use(RsaVerificationKey2018); // new line
const didWebDriver = didWeb.driver({ cryptoLd });

Second option:

Allow to send keys by param when creating the securityDocumentLoader. Move resolver creation inside securityLoader method.

interface SecurityLoaderParams {
  fetchRemoteContexts?: boolean;
  useOBv3BetaContext?: boolean;
  verificationKeyPairLibs?: Array<any>;
}

export function securityLoader({ fetchRemoteContexts = false, useOBv3BetaContext = false, verificationKeyPairLibs}: SecurityLoaderParams = {}): IJsonLdDocumentLoader {
  const loader: IJsonLdDocumentLoader = new JsonLdDocumentLoader();

  const cryptoLd = new CryptoLD();
  cryptoLd.use(Ed25519VerificationKey2020);
  cryptoLd.use(X25519KeyAgreementKey2020);
  if (verificationKeyPairLibs){
    for (let key in verificationKeyPairLibs){
      cryptoLd.use(key);
    }
  }
  const didWebDriver = didWeb.driver({ cryptoLd });

  const didKeyDriver = didKey.driver();
  const resolver = new CachedResolver();
  resolver.use(didKeyDriver);
  resolver.use(didWebDriver);

...

If any of these options are ok, I can make a PR.

Thank you

[fabrii]

I see both proposals are not compatible with #20 made by @jchartrand. I couldn't find an implementation for the did-method-web library.

[jchartrand]

Hi @fabrii I think you'd have to make more or less the same changes to the https://www.npmjs.com/package/@sphereon/rsa-verification-key-2018 to have it work with the crypto-ld package in the currently published security-document-loader as you'd have to make to have it work in the forthcoming security-document-loader (the version I'm working on in the PR).

In particular I think you'd have to at the very least provide support for multibase/multicodec keys, and more likely also support for the multikey type. You could look at https://github.com/digitalbazaar/ed25519-multikey/tree/main for an example of this.

For reference this is the did-method-web (https://github.com/digitalcredentials/did-method-web/tree/jc-modify-for-dcc) that will be used with the 'new' security-document-loader.

[fabrii]

Hi @jchartrand. The RsaVerificationKey2018 suite publishes the key using the publicKeyPem parameter, which requires the key in PEM format. Unfortunately, it doesn't support multibase.

After reconsidering the solutions mentioned in my previous comment, I believe that sending the verification suites as a parameter (option 2) is the better approach. This would allow the library to handle custom cases more flexibly.

[fabrii]

Hello. As a follow-up, we decided to maintain a local copy of the documentLoader class with our proposed changes.

This is fine for now, as we plan to migrate to Data Model v2 in the future.

Thanks!

[alexfigtree]

@fabrii Ok, thank you, we will close the issue.