-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Standardizing PGP for Linked Data Integrity #48
Comments
Absolutely. This could be highly valuable to us |
Here is an example CLI that works with these suites, https://github.com/OR13/lds-pgp2021/blob/main/bin/cli.js it uses GPGAgent and Yubikey, and allows you to make a verifiable credential that is signed by a hardware isolated key on yubikey but verifiable to any DID that supports PGP. (or in the context of VCs any controller). |
Open PGP supports most of the cryptography that is popular these days. Checkout https://openpgpjs.org/
https://github.com/openpgpjs/openpgpjs See also: https://github.com/openpgpjs/openpgpjs#security-audit |
+1, we are supporting PGP keys as well: |
I believe that merging PR #77 will fix this issue |
I believe this issue has been addressed. Marking as pending close. |
no response since marked |
https://w3id.org/security/suites/pgp-2021
https://w3id.org/security/suites/pgp-2021/v1
PGP / GPG are commonly used in software supply chain uses cases, and even in hardware thanks to Yubikey / Open PGP.
GitHub integrations with GPG
Signing Docker images with GPG
While PGP won't play nice with VC-JWT, it can play nice with LD Proofs, as shown the specs at the top of this issue.
You can even use GPG Agent to create verifiable credentials that are bound to hardware isolated keys (such as with yubikey).
Is there interest in standardizing support for PGP / GPG based Linked Data Integrity suites?
The text was updated successfully, but these errors were encountered: