Giter Club home page Giter Club logo

scala-did's Introduction

SCALA DID

A Scala/ScalaJS library for DID and DIDcomm. The one of the main goals of this library is to make DID Comm v2 type safety and easy to use. Made for developers by developers.

LIVE DEMO (DIDComm's Sandbox)

Scala-DID Documentation

Maven Central CI Scala Steward

did Scala version support did Scala version support

  • CI automate builds and tests all pushes to the master branch also as all PRs created.
  • Scala Steward automate the creation of pull requests for libraries with updated dependencies, saving maintainers time and effort. It can also help ensure that libraries are kept up-to-date, improving their reliability and performance.

The future version of DID Comm v2.1 is been track&develop in the branch didcomm-v2.1

More documentation:

Adopters

Following is a partial list of companies and project using DID Comm to craft applications.

Want to see your project here? [Submit a PR]

Protocols

TODO/WIP

Benefits of type safety

  • It would help prevent errors by ensuring that only valid DIDs are used, and that the library does not attempt to perform any invalid operations on them. This could help ensure that the library functions correctly and reliably.

  • It would make the code easier to read and understand, by making it clear what types of values are being used and what operations are being performed on them. This could make it easier for developers to work with the library and understand its functionality. Speeding up the development of applications

  • It could make the library more efficient, by allowing the compiler to optimize the code for working with DIDs. This could make the library run faster and more efficiently.

  • It could improve the reliability and correctness of the library, by catching any errors or bugs related to invalid DIDs or invalid operations at compile time. This could save time and effort in the development process and help prevent potential issues in the final library.

I usually say if it compiles it probably also works!

Project Structure and Dependencies Graph

flowchart BT

  zhttp --> zio
  did --> zio
  zio-json --> zio
  did --> zio-json
  did-resolver-web ----> zhttp:::JVM

  subgraph fmgp libraries
    did-resolver-peer --> multibase
    subgraph platform specific
      did-imp
      did-imp-hw:::Others -.-> did-imp
      did-imp_js:::JS ==>|compiles together| did-imp
      did-imp_jvm:::JVM ==>|compiles together| did-imp
    end
    did-resolver-peer --> did
    did-resolver-web --> did
    did-framework --> did
    did-imp --> did
  end

  did-example ----> did
  did-example --> did-imp
  demo --> did-imp 

  did-imp_jvm:::JVM ----> nimbus-jose-jwt:::JVM --> google-tink:::JVM
  did-imp_jvm:::JVM ---> google-tink

  did-imp_js ----> jose:::JS

  %% subgraph demo/docs
    webapp:::JS --> did-framework
    demo --> did-framework
    demo --> did-resolver-web
    demo --> did-resolver-peer
    webapp:::JS --> did-imp_js
    webapp:::JS  --> did-resolver-web
    webapp:::JS  --> did-resolver-peer
    webapp:::JS  --> did-example
    demo  --> did-example
    demo -.->|uses\serves| webapp

    demo_jvm(demo_jvm\nA server):::JVM ==>|compiles together| demo

    did-example  --> did-resolver-peer
    did-example  --> did-resolver-web
  %% end

  classDef JVM fill:#141,stroke:#444,stroke-width:2px;
  classDef JS fill:#05a,stroke:#444,stroke-width:2px;
  classDef Others fill:#222,stroke:#444,stroke-width:2px,stroke-dasharray: 5 5;
Loading

NOTES:

  • The things inside the group box (fmgp) are implemented on this repository and that are intended to be published as a library.
  • Green boxes is JVM's platform specific.
  • Blue boxes is JavaScript's platform specific.
  • Other boxes are not platform specific.
  • The did-imp-hw is a idea how to extend for other implementation. Lika a Hardware/platform specific.
  • did-resolver-web & did-resolver-peer are implementations of the respective did methods.

scala-did's People

Contributors

fabiopinheiro avatar wojciechmazur avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

mineme0110 wojciechmazur shaileshp0110

scala-did's Issues

Java 17 remove support for curve secp256k1

DIDComm uses curve secp256k1

https://docs.oracle.com/en/java/javase/17/migrate/removed-tools-and-components.html#GUID-F182E075-858A-4468-9434-8FC1704E7BB7

Test that fail

fmgp.crypto.JWMSuiteJVM:
==> X fmgp.crypto.JWMSuiteJVM.sign and verify plaintextMessage with Curve SECP256K1  0.202s com.nimbusds.jose.JOSEException: Curve not supported: java.security.spec.ECParameterSpec@7a8b5147
    at com.nimbusds.jose.crypto.ECDSASigner.sign(ECDSASigner.java:287)
    at com.nimbusds.jose.JWSObject.sign(JWSObject.java:299)
    at fmgp.crypto.UtilsJVM$.ecKeySign(UtilsJVM.scala:160)
    at fmgp.crypto.JWMSuiteJVM.$init$$$anonfun$1(JWMSuiteJVM.scala:34)
Caused by: java.security.SignatureException: Curve not supported: java.security.spec.ECParameterSpec@7a8b5147
    at sun.security.ec.ECDSASignature.engineSign(ECDSASignature.java:466)
    at java.security.Signature$Delegate.engineSign(Signature.java:1410)
    at java.security.Signature.sign(Signature.java:713)
    at com.nimbusds.jose.crypto.ECDSASigner.sign(ECDSASigner.java:283)
    ... 3 more

Address did:peer:2 spec changes

There are some spec changes for did:peer:2... that are breaking changes for DID Comm.

The changes were merged in this commit decentralized-identity/peer-did-method-spec@a5eca6b

Both issues have possible mitigation solutions that allow a smoother migration.
Although previous implementations are considered faulty! Since DID methods have no version.
This is important to be fixed to achieve interoperability

Dependencies

Issue 1

The first is to fix the encoding to follow the DID Document.
The DID Document's service example in did:peer looks like

"service":{
  ...
  "serviceEndpoint": "https://example.com/endpoint",
  "routingKeys": [...],
  "accept": [...]
}

But it should instead look like

"service":{
  ...
  "serviceEndpoint": {
    "uri":"https://example.com/endpoint",
    "routingKeys": [...],
    "accept": [...]
  }
}

We should make sure that our did:peer used on the applications are encoded correctly.
when decrypting you look for that key

Issue 2

The second problem is about the id of the keys (kid).
It was unspecified before. So each library generates the kid in its own way.

The major problem is that the kid is used on the DID Comm message itself. More specifically the field skid in the message's Protected Header is the kid. Because when decrypting you look for that key.
So the agent encrypting and the agent decrypting MUST have the same or an equivalent resolver (the key id needs to be deterministic).

Remove default field 'typ' from the message structures

Currently some DID Comm libraries require, the field typ to exist on the plaintext message inside of the encrypted message to have the value application/didcomm-plain+json.
The field typ does not even exist on the specification.

This ticket is just to remove all reference to this field 'typ' from the message structures:

// temporary field to mitigate limitations on other libraries
typ: Option[String] = Some("application/didcomm-plain+json")

Starting point to start removing https://github.com/FabioPinheiro/scala-did/blob/v0.1.0-M12/did/shared/src/main/scala/fmgp/did/comm/PlaintextMessageClass.scala#L40-L41

I added this field and default value. To mitigate interoperability problems from other libraries.
The intention is to remove this before version 0.1.0.

Verify signed messaged

https://did.fmgp.app/#/
The live demo tool is missing verification of the signed message
It will be nice to have along with Encrypt and Decrypt, an easier way to verify a signed message
For e.g below is a signed message

{
  "payload" : "eyJpZCI6IjA3NzIzMjQwLTQxNWEtNGJlOC1iZmViLTk3NzRjYjFmODU5YyIsInR5cGUiOiJiYXNpYyIsInRvIjpbImRpZDpleGFtcGxlOmJvYiJdLCJmcm9tIjoiZGlkOmV4YW1wbGU6YWxpY2UiLCJ0aGlkIjoidGhpZC1yZXNwb25kaW5nLXRvLW1zZy1pZCIsImNyZWF0ZWRfdGltZSI6MTIzNDU2Nzg5LCJleHBpcmVzX3RpbWUiOjEyMzQ1Njc4OSwiYm9keSI6e30sImF0dGFjaG1lbnRzIjpbXSwicmV0dXJuX3JvdXRlIjoiYWxsIiwiYWNjZXB0LWxhbmciOlsiUFQiXSwibGFuZyI6IlBUIiwidHlwIjoiYXBwbGljYXRpb24vZGlkY29tbS1wbGFpbitqc29uIn0",
  "signatures" : [
    {
      "protected" : "eyJraWQiOiJkaWQ6cGVlcjoyLkV6NkxTZ2h3U0U0Mzd3bkRFMXB0M1g2aFZEVVF6U2pzSHppbnBYM1hGdk1qUkFtN3kuVno2TWtoaDFlNUNFWVlxNkpCVWNUWjZDcDJyYW5DV1JydjdZYXgzTGU0TjU5UjZkZC5TZXlKMElqb2laRzBpTENKeklqb2lhSFIwY0hNNkx5OWhiR2xqWlM1a2FXUXVabTFuY0M1aGNIQXZJaXdpY2lJNlcxMHNJbUVpT2xzaVpHbGtZMjl0YlM5Mk1pSmRmUSNrZXktMiIsImFsZyI6IkVkRFNBIn0",
      "signature" : "Y0WV-_0rrnHWwMg_pJ0x3prXwjnKqbbQ22OuPQNc2Z46L_udhYnHPIGNnRynNsFYZXuFxVP7nJXVagjdv4VgCg"
    }
  ]
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.