Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Describe encrypting secured credentials and presentations #293

Merged
merged 2 commits into from
Aug 26, 2024
Merged

Describe encrypting secured credentials and presentations #293

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7b64772
Describe encrypting secured credentials and presentations
selfissued Aug 19, 2024
f00e0d0
Apply suggestions from code review
decentralgabe Aug 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 51 additions & 0 deletions index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -263,6 +263,14 @@ <h2 id="securing-with-jose">Securing JSON-LD Verifiable Credentials with JOSE</h
A [=conforming JWS verifier implementation=] MUST use [[RFC7515]] to verify [=conforming JWS documents=]
that use this media type.
</p>
<p>
To encrypt a secured [=verifiable credential=]
when transmitting over an insecure channel,
implementers MAY use JSON Web Encryption (JWE) [[RFC7516]]
by nesting the secured [=verifiable credential=]
as the plaintext payload of a JWE,
per the description of Nested JWTs in [[RFC7519]].
</p>
<pre class="example nohighlight vc" data-vc-tabs="jose" title="A simple example of a verifiable credential secured with JOSE">
{
"@context": [
Expand Down Expand Up @@ -333,6 +341,14 @@ <h2 id="securing-vps-with-jose">Securing JSON-LD Verifiable Presentations with J
Credentials in verifiable presentations MUST be secured.
These credentials are secured using JWS in this case.
<p>
<p>
To encrypt a secured [=verifiable presentation=]
when transmitting over an insecure channel,
implementers MAY use JSON Web Encryption (JWE) [[RFC7516]]
by nesting the secured [=verifiable presentation=]
as the plaintext payload of a JWE,
per the description of Nested JWTs in [[RFC7519]].
</p>

<pre class="example nohighlight vc" data-vc-tabs="jose"
title="A simple example of a verifiable presentation secured with JOSE with the EnvelopedVerifiableCredential type">
Expand Down Expand Up @@ -476,6 +492,14 @@ <h2 id="securing-with-sd-jwt">Securing JSON-LD Verifiable Credentials with SD-JW
limited to <a data-cite="VC-DATA-MODEL-2.0#status"><code>credentialStatus</code></a>
and <a data-cite="VC-DATA-MODEL-2.0#data-schemas"><code>credentialSchema</code></a>.
</p>
<p>
To encrypt a secured [=verifiable credential=]
when transmitting over an insecure channel,
implementers MAY use JSON Web Encryption (JWE) [[RFC7516]]
by nesting the secured [=verifiable credential=]
as the plaintext payload of a JWE,
per the instructions in Section 11.2 of [[SD-JWT]].
</p>

<pre class="example nohighlight vc" data-vc-tabs="sd-jwt"
title="A simple example of a verifiable credential secured with SD-JWT">
Expand Down Expand Up @@ -555,6 +579,15 @@ <h2 id="securing-vps-sd-jwt">Securing JSON-LD Verifiable Presentations with SD-J
limited to <a data-cite="VC-DATA-MODEL-2.0#status"> <code>credentialStatus</code></a>
and <a data-cite="VC-DATA-MODEL-2.0#data-schemas"> <code>credentialSchema</code></a>.
</p>
<p>
To encrypt a secured [=verifiable presentation=]
when transmitting over an insecure channel,
implementers MAY use JSON Web Encryption (JWE) [[RFC7516]]
by nesting the secured [=verifiable presentation=]
as the plaintext payload of a JWE,
per the instructions in Section 11.2 of [[SD-JWT]].
</p>

<pre class="example nohighlight vc" data-vc-tabs="sd-jwt"
title="A simple example of a verifiable presentation secured with SD-JWT using the EnvelopedVerifiableCredential type">
{
Expand Down Expand Up @@ -630,6 +663,15 @@ <h2 id="securing-vcs-with-cose">Securing JSON-LD Verifiable Credentials with COS
A [=conforming COSE verifier implementation=] MUST use COSE_Sign1 as specified in [[RFC9052]] to verify
[=conforming COSE documents=] that use this media type.
</p>
<p>
To encrypt a secured [=verifiable credential=]
when transmitting over an insecure channel,
implementers MAY use COSE encryption,
as defined in Section 5 of [[RFC9052]],
by nesting the secured [=verifiable credential=]
as the plaintext payload of an encrypted COSE object.
</p>

<pre class="example nohighlight vc" data-vc-tabs="cose"
title="A simple example of a verifiable credential secured with COSE">
{
Expand Down Expand Up @@ -699,6 +741,15 @@ <h2 id="securing-vps-with-cose">Securing JSON-LD Verifiable Presentations with C
Credentials in verifiable presentations MUST be secured.
These credentials are secured using COSE in this case.
<p>
<p>
To encrypt a secured [=verifiable presentation=]
when transmitting over an insecure channel,
implementers MAY use COSE encryption,
as defined in Section 5 of [[RFC9052]],
by nesting the secured [=verifiable presentation=]
as the plaintext payload of an encrypted COSE object.
</p>

<pre class="example nohighlight vc" data-vc-tabs="cose"
title="A simple example of a verifiable presentation secured with COSE using the EnvelopedVerifiableCredential type">
{
Expand Down
Loading