chore: clarify usage of JWK epk and proof types for signing

decentralized-identity · Jun 1, 2021 · 86df3b0 · 86df3b0
1 parent 47a70a5
commit 86df3b0
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 7 deletions.
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "did-jwt",
   "version": "5.5.0",
-  "description": "Library for Signing and Verifying JWTs that use DIDs as issuers",
+  "description": "Library for Signing and Verifying JWTs that use DIDs as issuers and JWEs that use DIDs as recipients",
   "source": "src/index.ts",
   "main": "./lib/index.js",
   "exports": "./lib/index.modern.js",

diff --git a/src/JWE.ts b/src/JWE.ts
@@ -3,10 +3,19 @@ import { base64ToBytes, bytesToBase64url, decodeBase64url, toSealed } from './ut
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 export type ProtectedHeader = Record<string, any>
 
+/**
+ * The JWK representation of an ephemeral public key.
+ * See https://www.rfc-editor.org/rfc/rfc7518.html#section-6
+ */
 interface EphemeralPublicKey {
-  kty: string
-  crv: string
-  x: string
+  kty?: string
+  //ECC
+  crv?: string
+  x?: string
+  y?: string
+  //RSA
+  n?: string
+  e?: string
 }
 
 interface RecipientHeader {

diff --git a/src/JWT.ts b/src/JWT.ts
@@ -10,7 +10,7 @@ export type SignerAlgorithm = (payload: string, signer: Signer) => Promise<strin
 export type ProofPurposeTypes =
   | 'assertionMethod'
   | 'authentication'
-  | 'keyAgreement'
+  // | 'keyAgreement' // keyAgreement VerificationMethod should not be used for signing
   | 'capabilityDelegation'
   | 'capabilityInvocation'
 

diff --git a/src/xc20pEncryption.ts b/src/xc20pEncryption.ts
@@ -270,7 +270,7 @@ export function x25519Decrypter(secretKey: Uint8Array): Decrypter {
   ): Promise<Uint8Array | null> {
     validateHeader(recipient?.header)
     recipient = <Recipient>recipient
-    if (recipient.header.epk?.crv !== crv) return null
+    if (recipient.header.epk?.crv !== crv || typeof recipient.header.epk.x == 'undefined') return null
     const publicKey = base64ToBytes(recipient.header.epk.x)
     const sharedSecret = sharedKey(secretKey, publicKey)
 
@@ -306,7 +306,7 @@ export function xc20pAuthDecrypterEcdh1PuV3x25519WithXc20PkwV2(
   ): Promise<Uint8Array | null> {
     recipient = <Recipient>recipient
     validateHeader(recipient.header)
-    if (recipient.header.epk?.crv !== crv) return null
+    if (recipient.header.epk?.crv !== crv || typeof recipient.header.epk.x == 'undefined') return null
     // ECDH-1PU requires additional shared secret between
     // static key of sender and static key of recipient
     const publicKey = base64ToBytes(recipient.header.epk.x)