JS>> lds-gpg2020>> 返回
项目作者: transmute-industries

项目描述 :
Linked Data Signatures for GPG
高级语言: JavaScript
项目地址: git://github.com/transmute-industries/lds-gpg2020.git
创建时间: 2020-02-16T00:04:08Z
项目社区:https://github.com/transmute-industries/lds-gpg2020
开源协议:Apache License 2.0
下载


Linked Data Signatures for GPG

Integration Tests codecov

View On Github

Security Considerations

Supported GPG Keys

ed25519, secp256k1, rsa, p256, p384, p521

You should be aware that some of the crypto supported by GPG may not be considered safe:

If you will only ever need to support Ed25519 or only Secp256k1, you should consider using a restricted Linked Data Signature Suite like:

Getting Started

  1. npm i
  2. npm run test
  3. npm run coverage
  4. npm run docs

CLI Usage

Normal

  1. npm i @transmute/lds-gpg2020 -g
  2. gpg2020 sign -u "3BCAC9A882DEFE703FD52079E9CB06E71794A713" $(pwd)/docs/example/doc.json did:btcr:xxcl-lzpq-q83a-0d5#yubikey

Helpful Testing Commands

  1. npm run gpg2020 -- import-gpg-keys-from-json $(pwd)/docs/example/key.json
  3. VERIFICATION_METHOD=$(cat $(pwd)/docs/example/key.json | jq '.id')
  4. npm run gpg2020 -- sign -u "114FAE6216DE45B78A611D22227982B2ECAFBD45" $(pwd)/docs/example/doc.json $VERIFICATION_METHOD -o $(pwd)/docs/example/doc.signed.json
  5. npm run gpg2020 -- verify $(pwd)/docs/example/doc.signed.json
  7. npm run gpg2020 -- sign -u "FDDB584BDF141F95" $(pwd)/docs/example/doc.json did:example:123#yolo -o $(pwd)/docs/example/doc.signed.json
  9. gpg --armor --output public-key.gpg --export james@example.com
  10. npm run gpg2020 -- make-json-key ./public-key.gpg did:btcr:xxcl-lzpq-q83a-0d5
  13. npm run gpg2020 -- resolve did:web:did.or13.io
  15. npm run gpg2020 -- sign -u "20A968A458342F6B1A822C5BFDDB584BDF141F95" $(pwd)/docs/example/doc.json  did:web:did.or13.io#20a968a458342f6b1a822c5bfddb584bdf141f95 -o $(pwd)/docs/example/doc.signed.yubikey.json
  17. npm run gpg2020 -- verify $(pwd)/docs/example/doc.signed.yubikey.json

Suite Details

Per ld-signatures, this Signature Suite defines the following:

  1. {
  2.   "id": "https://gpg.jsld.org/contexts/#GpgSignature2020",
  3.   "type": "SignatureSuite",
  4.   "canonicalizationAlgorithm": "https://w3id.org/security#URDNA2015",
  5.   "digestAlgorithm": "https://www.ietf.org/assignments/jwa-parameters#SHA256",
  6.   "signatureAlgorithm": "https://tools.ietf.org/html/rfc4880#section-11.4"
  7. }

See the Linked Data Signature Suite Vocabulary.

Example Data

Yubikey

Connect Yubikey

See Generating a key on yubikey

  1. gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye
  2. gpg --card-edit
  3. generate

Follow instructions:

Make sure to choose to export your keys, you will not be able to access them again if you do not.

At the end you should see:

  1. gpg: Note: backup of card key saved to '/Users/USER/.gnupg/sk_3AF00854CF8D9237.gpg'
  2. gpg: revocation certificate stored as '/Users/USER/.gnupg/openpgp-revocs.d/F1BD12F71206FAA1F236997D60042D876C326166.rev'
  3. public and secret key created and signed.

Show the keys on the card:

  1. list

General GPG Commands

Export a public key:

  1. gpg --armor --export james@example.com

Encrypt and decrypt:

  1. echo "test message string" | gpg --encrypt --armor -u 3AF00854CF8D9237 --recipient 3AF00854CF8D9237 -o encrypted.txt
  3. gpg --decrypt --armor encrypted.txt

Sign and Verify:

  1. echo "test message string" | gpg --sign --armor -u 3AF00854CF8D9237  -o signed.txt
  2. cat signed.txt | gpg --verify --armor

Credits and Support

Works with: