feat: add sd-jwt with jades support package #280
Conversation
lukasjhan
requested review from
aceshim,
zustkeeper,
berendsliedrecht and
cre8
as code owners
Signed-off-by: Lukas.J Han <[email protected]>
lukasjhan
force-pushed
the
feat/sd-jwt-with-jades
branch
from
415447d to
419c7c0
Compare
Signed-off-by: Lukas.J Han <[email protected]>
Signed-off-by: Lukas.J Han <[email protected]>
packages/jades/README.md
Outdated
| # SD JWT VCDM Typescript | ||
|
|
||
| > ⚠️ **Platform Support**: This package currently supports Node.js environments only. | ||
|
|
||
| Typescript implementation of SD JWT VCDM profile. | ||
|
|
||
| A library that integrates SD-JWT with W3C Verifiable Credentials Data Model and implements JAdES digital signature standards. | ||
|
|
||
| ## Features | ||
|
|
||
| ### SD-JWT VCDM Data Model Profile | ||
|
|
||
| This library provides interoperability between SD-JWT (Selective Disclosure JWT) and W3C Verifiable Credentials Data Model: | ||
|
|
||
| - Issue Verifiable Digital Credentials in SD-JWT VC format while maintaining W3C VCDM compliance | ||
| - Support for Selective Disclosure capabilities | ||
| - Seamless integration with standard VC verification processes |
There was a problem hiding this comment.
Why is sd jwt vcdm mentioned here when this packages is just about jades signatures?
When the jads lib can be used independently from sd jwt vc or sd jwt vc dm, I would focus first only on the jades part and then in another chapter how it will be used for sd jwt vc or sd jwt vcdm
There was a problem hiding this comment.
Sry I didn't edit the readme. It's about jades only. You are right
packages/jades/README.md
Outdated
| await jades | ||
| .setProtectedHeader({ | ||
| alg: 'RS256', | ||
| typ: 'jades', |
There was a problem hiding this comment.
must the type be jades? I would assume it has to be something like dc+sd-jwt
There was a problem hiding this comment.
No, It's just an example :)
There was a problem hiding this comment.
Okay, I suggest to use the default value to not confuse people :)
packages/jades/src/present.ts
Outdated
| !generalJsonCredential.disclosures || | ||
| generalJsonCredential.disclosures.length === 0 | ||
| ) { | ||
| console.log( |
There was a problem hiding this comment.
remove console output (and the whole if statement), or change it to console.debug.
packages/jades/src/verify.ts
Outdated
|
|
||
| return isValid; | ||
| } catch (error) { | ||
| console.error('JWT token verification error:', error); |
There was a problem hiding this comment.
I would avoid to print errors to the console, it's just good for debugging, but not for production.
Signed-off-by: Lukas.J.Han <[email protected]>
Signed-off-by: Lukas.J.Han <[email protected]>
Signed-off-by: Lukas.J Han <[email protected]>
| }, | ||
| ], | ||
| }) | ||
| .sign(privateKey, kid); |
There was a problem hiding this comment.
Is it also possible to get the hash so I do not need to pass the private key? In most situations when using JADES, the key is managed in an HSM. So we need to receive the values to sign it.
There was a problem hiding this comment.
Oh I see, I didn't think about use cases with HSM.
Perhaps would signer function as a parameter be better?
There was a problem hiding this comment.
It could be implemented like: https://github.com/Xevolab/jades/blob/7f5bef00a57bef16514e988c3160ff655bde1761/src/classes/Token.ts#L97
There was a problem hiding this comment.
I see, I'll add that function :)
|
@lukasjhan can you pls fix the conflict of the lock file? |
Sure 😃 |
|
@cre8 I resolved the conflict. and I'm working on implementing getting hash function. |
For jades it's a must have to be able to use HSMs. Therefore we need to be able to extract the data without the need to pass the private key to the service. |
SD-JWT with JAdES package is moved from https://github.com/openwallet-foundation-labs/sd-jwt-vc-dm