This specification describes the Ecdsa Secp256k1 Signature created in 2019 for the Linked Data Signatures specification.
This is an experimental specification and is undergoing regular revisions. It is not fit for production deployment.
This specification describes the Ecdsa Secp256k1 Signature created in 2019 for the Linked Data Signatures [[LD-SIGNATURES]] specification. It uses the RDF Dataset CANONICALIZATION Algorithm [[RDF-DATASET-CANONICALIZATION]] to transform the input document into its canonical form. It uses SHA-256 [[RFC6234]] as the message digest algorithm and ES256K JWS with Unencoded Payload Option defined in [[rfc7797]] as the signature algorithm.
The following terms are used to describe concepts involved in the generation and verification of the Linked Data Signature 2019 signature suite.
The following terms are used to describe concepts involved in the generation and verification of signatures according to EcdsaSecp256k1Signature2019.
JWK encoded public key example:
{ "@context": ["https://w3id.org/security/v1"], "id": "did:example:123456789abcdefghi#keys-1", "type": "EcdsaSecp256k1VerificationKey2019", "controller": "did:example:123456789abcdefghi", "expires": "2017-02-08T16:02:20Z", "publicKeyJwk" : { "crv": "secp256k1", "kid": "JUvpllMEYUZ2joO59UNui_XYDqxVqiFLLAJ8klWuPBw", "kty": "EC", "x": "dWCvM4fTdeM0KmloF57zxtBPXTOythHPMm1HCLrdd3A", "y": "36uMVGM7hnw-N6GnjFcihWE3SkrhMLzzLCdPMXPEXlA", } }
Note: The publicKeyJwk
property contains a key in JWK format.
Hex encoded public key example:
{ "@context": ["https://w3id.org/security/v1"], "id": "did:example:123456789abcdefghi#keys-1", "type": "EcdsaSecp256k1VerificationKey2019", "controller": "did:example:123456789abcdefghi", "expires": "2017-02-08T16:02:20Z", "publicKeyHex" : "034ee0f670fc96bb75e8b89c068a1665007a41c98513d6a911b6137e2d16f1d300" }
Note: The publicKeyHex
MUST be converted to publicKeyJwk before it can be used to verify JWS.
Note: The publicKeyHex
property contains a hex encoded compressed secp256k1 public key.
The 2019 Ecdsa Secp256k1 Signature signature suite MUST be used in conjunction with the signing and verification algorithms in the Linked Data Signatures [[LD-SIGNATURES]] specification. The suite consists of the following algorithms:
Parameter | Value | Specification |
---|---|---|
canonicalizationAlgorithm | https://w3id.org/security#GCA2015 | [[RDF-DATASET-CANONICALIZATION]] |
digestAlgorithm | https://www.ietf.org/assignments/jwa-parameters#SHA256 | [[RFC6234]] |
signatureAlgorithm | ES256K | [[rfc6979]] |
This signature suite uses ECDSA over secp256k1 as described in [[rfc6979]]. The signature algorithm relies on JWK encoded keys, and this flexibility supports integration with JOSE. The steps to construct and verify the digital signature are defined below.
The digital signature algorithm defined: Signature Algorithm takes tbs, a privateKey, and options as inputs and produces a signatureValue as output.
WpQlDT-K5bSPQwFkEKszo0XE1esubvol3K6UMe_...
.
The digital signature algorithm defined Signature Verification Algorithm takes the value to be verified, tbv, the public key to the signature algorithm and returns a boolean value.
true
, otherwise return false
.
The following section describes security considerations that developers implementing this specification should be aware of in order to create secure software.
A simple example:
{ "@context": "https://w3id.org/security/v2", "http://schema.org/action": "AuthenticateMe", "proof": { "challenge": "abc", "created": "2019-01-16T20:13:10Z", "domain": "example.com", "proofPurpose": "authentication", "verificationMethod": "https://example.com/i/alice/keys/2", "type": "EcdsaSecp256k1Signature2019", "jws": "eyJhbGciOiJFUzI1NksiLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ..QgbRWT8w1LJet_KFofNfz_TVs27z4pwdPwUHhXYUaFlKicBQp6U1H5Kx-mST6uFvIyOqrYTJifDijZbtAfi0MA" } }
An example using DIDs:
{ "@context": "https://w3id.org/security/v2", "http://schema.org/action": "AuthenticateMe", "proof": { "challenge": "abc", "created": "2019-01-16T20:13:10Z", "domain": "example.com", "proofPurpose": "authentication", "verificationMethod": "did:example:123#kid=JUvpllMEYUZ2joO59UNui_XYDqxVqiFLLAJ8klWuPBw", "type": "EcdsaSecp256k1Signature2019", "jws": "eyJhbGciOiJFUzI1NksiLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ..QgbRWT8w1LJet_KFofNfz_TVs27z4pwdPwUHhXYUaFlKicBQp6U1H5Kx-mST6uFvIyOqrYTJifDijZbtAfi0MA" } }