status-im/EIPs
2
0
Fork 0
mirror of https://github.com/status-im/EIPs.git synced 2025-02-23 20:28:21 +00:00
Code Issues Projects Releases Wiki Activity
EIPs/EIPS/eip-2844.md
Alex Beregszaszi f8e7c028f5
Simplify the EIP template (#2939) 
* Try to clarify the meaning of EIP fields

* Remove unhelpful extra comments in the template

* Change EIP-1491 from CRLF to LF

* Remove template comments from EIPs

* Fix heading: Abstarct -> Abstract

* Update EIP-2014

* Change author list of EIP-1
2020-09-08 17:32:52 +08:00

8.4 KiB
Raw Blame History

eip title author discussions-to status type category created
2844 Add DID related methods to the JSON-RPC Joel Thorstensson (@oed) https://github.com/ethereum/EIPs/issues/2845 Draft Standards Track Interface 2020-08-01

Simple Summary

Add new methods to the JSON-RPC for signing and decrypting JOSE and COSE objects under a new did_* prefix.

Abstract

This EIP describes five new methods to add to the JSON-RPC that enables wallets to support Decentralized Identifiers (DIDs) as well as JSON Object Signing and Encryption (JOSE) and CBOR Object Signing and Encryption (COSE). These standards enables wallets to support data decryption as well as authenticated data, both in standard formats using JOSE and COSE. With these new methods apps can request the DID from a users wallet, from which a DID document can be resolved. The DID document contains public keys that can be used for encryption and signature verification. This enables Alice to discover Bobs public keys by only knowing Bobs DID. This EIP does not enforce the user of any particular DID method or JOSE/COSE algorithms, wallets are free to implement these however they wish.

Motivation

There has been one main previous effort (#130, #1098) to add decryption to Ethereum wallets in a standard way. This previous approach used a non standard way to encode and represent data encrypted using x25519-xsalsa20-poly1305. While this approach does provide a functional way to add encryption support to wallets, it does not take into account similar work that has gone into standardizing the way encrypted data is represented, namely using JOSE and COSE. Both of these are standards from IETF for representing signed and encrypted objects. Another shortcoming of the previous approach is that it's impossible to retrieve the x25519 public key from another user if only an Ethereum address is known. Public key discoverability is at the core of the work that is happening with the W3C DID standard, where given a DID a document which contains public keys can always be discovered. Implementations of this standard already exist and are adopted within the Ethereum community, e.g. did:ethr and did:3. Interoperability between JOSE/COSE and DIDs already exists, and work is being done to strengthen it. Adding support for JOSE/COSE and DIDs will enable Ethereum wallets to support a wide range of new use cases such as more traditional authentication using JWTs, as well as new emerging technologies such as Secure Data Stores and encrypted data in IPFS.

Specification

Five new JSON-RPC methods are specified under the new did_* prefix.

Auth

Authenticate the current rpc connection to the DID methods.

Prompt the user to give permission to the current connection to access the user DID and the given paths.

Method:

did_authenticate

Params:
  • paths - an array of strings
Returns:
  • did - the DID which authentication was given for
  • paths - the paths which was given permission for

CreateJWS

Creates a JSON Web Signature (JWS).

An additional property kid with the value which represents the DID and the key that was used to sign the JWS (details).

Method:

did_createJWS

Params:
  • payload - the payload to sign, json object
  • protected - the protected header, json object
  • did - the DID that should sign the message, may include the key fragment, string
Returns:

A JWS with compact serialization, string

Recommendation:

Use secp256k1 for signing, alternatively ed25519.

CreateCWS

Creates a CBOR Web Signature (CWS).

An additional property kid with the value which represents the DID and the key that was used to sign the CWS.

Method:

did_createCWS

Params:
  • payload - the payload to sign, json object
  • protected - the protected header, json object
  • did - the DID that should sign the message, may include the key fragment, string
Returns:

A CWE encoded as base64, string

Recommendation:

Use secp256k1 for signing, alternatively ed25519.

DecryptJWE

Decrypt the given JWE.

If the cleartext object contains a property paths that contains an array of strings and one of the paths in there are already authenticated using did_authenticate the decryption should happen without user confirmation.

Method:

did_decryptJWE

Params:
  • jwe - a JWE with compact serialization, string
  • did - the DID that should try to decrypt the JWE, string
Returns:

The decrypted cleartext, object

Recommendation:

Implement decryption using xchacha20poly1305 and x25519 for key agreement.

DecryptCWE

Decrypt the given CWE.

If the cleartext object contains a property paths that contains an array of strings and one of the paths in there are already authenticated using did_authenticate the decryption should happen without user confirmation.

Method:

did_decryptCWE

Params:
  • cwe - a CWE encoded as base64, string
  • did - the DID that should try to decrypt the CWE, string
Returns:

The decrypted cleartext, object

Recommendation:

Implement decryption using xchacha20poly1305 and x25519 for key agreement.

Rationale

This EIP chooses to rely on DIDs and JOSE/COSE since there is already support for these standards in many places, by current systems and new systems. While most systems today rely on JOSE, support for COSE is also specified because it has growing support due to it's compact encoding of data. By using DIDs and JOSE/COSE wallet implementers can also choose which signing and encryption algorithms that they want to support, since these formats are faily agnostic to specific crypto implementations.

Permission system

A simple permission system is proposed where clients can request permissions though path prefixes, e.g. /some/permission. When decryption of a JWE/CWE is requested the wallet should check if the decrypted payload contains a paths property. If this property doesn't exist the user may be prompted to confirm that the given rpc connection (app) is allowed to read the decrypted data. If the paths property is present in the decrypted data it should contain an array of string paths. If one of the these path prefixes matches with one of the path prefixes the user has already granted permission for then decryption should happen automatically without any user confirmation.

This simple permission system was inspired by some previous comments (1, 2) but avoids data lock in around origins.

Implementation

IdentityWallet: A partial implementation of the did_* methods using the 3ID DID.

js-did: A small library which consumes the did_* methods.

MinimalCipher: An implementation of DID related encryption for JWE.

Security Considerations

Both JOSE/COSE and DIDs are standards that have gone though a lot of scrutiny. Their security will not be considered in this document. In the specification section, recommendations are given for which algorithms to use. For signatures secp256k1 is already used by ethereum and for decryption xchacha20poly1305 is widely available, very performant, and already used in TLS.

The main security consideration of this EIP is the suggested permission system. Here various threat models could be considered. However, this EIP does not go into details about how it should work other than suggesting an approach. In the end it is up to wallet implementations to choose how to ask their users for consent.

Copyright

Copyright and related rights waived via CC0.