javakotlincredentialsjson-ldcanonicalization

How to apply canonicalization before signing JSON-LD Verifiable Credential?


I want to sign Verifiable Credential in JSON structure with Linked Data (JSON-LD) like below:

{
    "@context":[
        "https://www.w3.org/2018/credentials/v1",
        "https://w3id.org/security/bbs/v1"
    ],
    "id":"1234",
    "type":[
        "VerifiableCredential"
    ],
    "issuer":"exampleIssuer",
    "validFrom":"2022-06-30T00:00:00Z+01:00",
    "expirationDate":"2022-07-30T00:00:00Z+01:00",
    "credentialSubject":{
        "customerId":"123456",
        "name":"Test User",
        "birthDate":"1.1.1991"
    },
    "proof":{
        "type":"BbsBlsSignatureProof2020",
        "verificationMethod":"did:example:489398593#test",
        "created":"2021-12-31T10:54:18Z+01:00",
        "proofPurpose":"assertionMethod",
        "proofValue":"...",
        "nonce":"..."
    }
}

The signing itself is not a problem. The problem is the canonicalization = how to prepare the data before signing.

The BbsBlsSignatureProof2020 specifies to use https://w3id.org/security#URDNA2015 (aka URDCA2015) canonicalization algorithm following the RDF Dataset Canonicalization. (the same is for EcdsaSecp256k1RecoverySignature2020 and JsonWebSignature2020).

Is this a must-do or is it just default canonicalization algorithm and I can use any other?

The thing is, RDF is rather complex when working with JSON-LD and seems to have quite some flaws. I would really like to use much easier JCS (JSON Canonicalization Scheme) instead, which works only with syntax of the JSON.

Any feedback on this would be highly appreciated.


Solution

  • As @Rein pointed out it's better to use existing JSON-LD library. Some are listed here: https://json-ld.org/ (Titanium library is available for Java, but there are also libraries using different languages).

    However, I've found out that the best option for Java devs is to use this library: iron-vc