feat: Examples / Implementations for key request

[cre8]

Section 3.5 lists 3 options to receive the key of an issuer:

• JWT VC Issuer Metadata
• X.509 Certificates
• DID Document resolution

Right now the library defines "bring your own crypto". Meaning the the user has to implement the getVerifier(publicKeyJWK: object): Promise<(data: string, signatureBase64url: string) => Promise<boolean>>; by himself. The data field includes the encoded header and payload field, therefore all three options can be implemented.

@lukasjhan do you think it makes sense? We can not implement to resolve all did elements, but we could give some examples for this.

[lukasjhan]

Yeah we could give them examples or implementations.

We already provide implementation for crypto. An example is the ES256 algorithm available in nodejs and broswer. And also we plan to support React Native env.

I think it's better to provide simple implemenation in our package.

[lukasjhan]

I think we can make them by platform(nodejs, web etc.) or we can make pass the signer or verifier as a param.
Which way do you prefer? @cre8

[cre8]

maybe it's enough to mention it in a readme, since the demanded implementation can be different: some are fine with the universal resolver, others want to resolve it locally. So we tell them how to implement it to give some hints.

[lukasjhan]

maybe it's enough to mention it in a readme, since the demanded implementation can be different: some are fine with the universal resolver, others want to resolve it locally. So we tell them how to implement it to give some hints.

Okay I'll write a brief explanation on docs. Then Let's talk about more with the PR

[fabrii]

Hi. I was also looking for the JWT VC Issuer Metadata functionality.

Just as a side note, I looked at this implementation https://github.com/cre8/credhub/blob/72d1cf974af085fbecdd7537e5053e7de287ce86/apps/verifier-backend/src/app/resolver/resolver.service.ts#L60 and it seems that the vc-issuer-metadata is not taking into account the case where iss has a path.

From the docs:

The following is a non-normative example of a HTTP request for the JWT VC Issuer Metadata configuration when iss is set to
https://example.com/tenant/1234

  GET /.well-known/jwt-vc-issuer/tenant/1234 HTTP/1.1
  Host: example.com

[cre8]

Hi @fabrii ,

this library will not auto resolve the the public key, it has to be implemented by the getVerifier like:

import { ES256, digest, generateSalt } from '@sd-jwt/crypto-nodejs';
export { digest, generateSalt, ES256 };

export const createSignerVerifier = async () => {
  const { privateKey, publicKey } = await ES256.generateKeyPair();
  return {
    signer: await ES256.getSigner(privateKey),
    verifier: await ES256.getVerifier(publicKey),
  };
};

It can be implemented as in the reference you shared, so when you think it should be added as a helper, feel free to open a pull request.