Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Standardizing PGP for Linked Data Integrity #48

Closed
OR13 opened this issue Jan 25, 2022 · 7 comments
Closed

Standardizing PGP for Linked Data Integrity #48

OR13 opened this issue Jan 25, 2022 · 7 comments

Comments

@OR13
Copy link
Contributor

OR13 commented Jan 25, 2022

https://w3id.org/security/suites/pgp-2021
https://w3id.org/security/suites/pgp-2021/v1

PGP / GPG are commonly used in software supply chain uses cases, and even in hardware thanks to Yubikey / Open PGP.

GitHub integrations with GPG

Signing Docker images with GPG

While PGP won't play nice with VC-JWT, it can play nice with LD Proofs, as shown the specs at the top of this issue.

You can even use GPG Agent to create verifiable credentials that are bound to hardware isolated keys (such as with yubikey).

Is there interest in standardizing support for PGP / GPG based Linked Data Integrity suites?

@mprorock
Copy link
Contributor

Absolutely. This could be highly valuable to us

@OR13
Copy link
Contributor Author

OR13 commented Jan 25, 2022

Here is an example CLI that works with these suites, https://github.com/OR13/lds-pgp2021/blob/main/bin/cli.js

it uses GPGAgent and Yubikey, and allows you to make a verifiable credential that is signed by a hardware isolated key on yubikey but verifiable to any DID that supports PGP. (or in the context of VCs any controller).

@OR13
Copy link
Contributor Author

OR13 commented Jan 25, 2022

Open PGP supports most of the cryptography that is popular these days.

Checkout https://openpgpjs.org/

This project is maintained by ProtonMail.

https://github.com/openpgpjs/openpgpjs

See also: https://github.com/openpgpjs/openpgpjs#security-audit

@wyc
Copy link

wyc commented Jan 25, 2022

+1, we are supporting PGP keys as well:
spruceid/ssi#373

@brentzundel
Copy link
Member

I believe that merging PR #77 will fix this issue

@brentzundel
Copy link
Member

I believe this issue has been addressed. Marking as pending close.
I will close this issue in 4 days if there are no objections.

@brentzundel
Copy link
Member

no response since marked pending close, closing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants