Skip to content

Commit

Permalink
Describe encrypting secured credentials and presentations (#293)
Browse files Browse the repository at this point in the history
* Describe encrypting secured credentials and presentations

* Apply suggestions from code review

Co-authored-by: Ted Thibodeau Jr <[email protected]>

---------

Co-authored-by: Gabe <[email protected]>
Co-authored-by: Ted Thibodeau Jr <[email protected]>
  • Loading branch information
3 people authored Aug 26, 2024
1 parent 52a5f38 commit ca8fa18
Showing 1 changed file with 51 additions and 0 deletions.
51 changes: 51 additions & 0 deletions index.html
Original file line number Diff line number Diff line change
Expand Up @@ -263,6 +263,14 @@ <h2 id="securing-with-jose">Securing JSON-LD Verifiable Credentials with JOSE</h
A [=conforming JWS verifier implementation=] MUST use [[RFC7515]] to verify [=conforming JWS documents=]
that use this media type.
</p>
<p>
To encrypt a secured [=verifiable credential=]
when transmitting over an insecure channel,
implementers MAY use JSON Web Encryption (JWE) [[RFC7516]]
by nesting the secured [=verifiable credential=]
as the plaintext payload of a JWE,
per the description of Nested JWTs in [[RFC7519]].
</p>
<pre class="example nohighlight vc" data-vc-tabs="jose" title="A simple example of a verifiable credential secured with JOSE">
{
"@context": [
Expand Down Expand Up @@ -333,6 +341,14 @@ <h2 id="securing-vps-with-jose">Securing JSON-LD Verifiable Presentations with J
Credentials in verifiable presentations MUST be secured.
These credentials are secured using JWS in this case.
<p>
<p>
To encrypt a secured [=verifiable presentation=]
when transmitting over an insecure channel,
implementers MAY use JSON Web Encryption (JWE) [[RFC7516]]
by nesting the secured [=verifiable presentation=]
as the plaintext payload of a JWE,
per the description of Nested JWTs in [[RFC7519]].
</p>

<pre class="example nohighlight vc" data-vc-tabs="jose"
title="A simple example of a verifiable presentation secured with JOSE with the EnvelopedVerifiableCredential type">
Expand Down Expand Up @@ -476,6 +492,14 @@ <h2 id="securing-with-sd-jwt">Securing JSON-LD Verifiable Credentials with SD-JW
limited to <a data-cite="VC-DATA-MODEL-2.0#status"><code>credentialStatus</code></a>
and <a data-cite="VC-DATA-MODEL-2.0#data-schemas"><code>credentialSchema</code></a>.
</p>
<p>
To encrypt a secured [=verifiable credential=]
when transmitting over an insecure channel,
implementers MAY use JSON Web Encryption (JWE) [[RFC7516]]
by nesting the secured [=verifiable credential=]
as the plaintext payload of a JWE,
per the instructions in Section 11.2 of [[SD-JWT]].
</p>

<pre class="example nohighlight vc" data-vc-tabs="sd-jwt"
title="A simple example of a verifiable credential secured with SD-JWT">
Expand Down Expand Up @@ -555,6 +579,15 @@ <h2 id="securing-vps-sd-jwt">Securing JSON-LD Verifiable Presentations with SD-J
limited to <a data-cite="VC-DATA-MODEL-2.0#status"> <code>credentialStatus</code></a>
and <a data-cite="VC-DATA-MODEL-2.0#data-schemas"> <code>credentialSchema</code></a>.
</p>
<p>
To encrypt a secured [=verifiable presentation=]
when transmitting over an insecure channel,
implementers MAY use JSON Web Encryption (JWE) [[RFC7516]]
by nesting the secured [=verifiable presentation=]
as the plaintext payload of a JWE,
per the instructions in Section 11.2 of [[SD-JWT]].
</p>

<pre class="example nohighlight vc" data-vc-tabs="sd-jwt"
title="A simple example of a verifiable presentation secured with SD-JWT using the EnvelopedVerifiableCredential type">
{
Expand Down Expand Up @@ -630,6 +663,15 @@ <h2 id="securing-vcs-with-cose">Securing JSON-LD Verifiable Credentials with COS
A [=conforming COSE verifier implementation=] MUST use COSE_Sign1 as specified in [[RFC9052]] to verify
[=conforming COSE documents=] that use this media type.
</p>
<p>
To encrypt a secured [=verifiable credential=]
when transmitting over an insecure channel,
implementers MAY use COSE encryption,
as defined in Section 5 of [[RFC9052]],
by nesting the secured [=verifiable credential=]
as the plaintext payload of an encrypted COSE object.
</p>

<pre class="example nohighlight vc" data-vc-tabs="cose"
title="A simple example of a verifiable credential secured with COSE">
{
Expand Down Expand Up @@ -699,6 +741,15 @@ <h2 id="securing-vps-with-cose">Securing JSON-LD Verifiable Presentations with C
Credentials in verifiable presentations MUST be secured.
These credentials are secured using COSE in this case.
<p>
<p>
To encrypt a secured [=verifiable presentation=]
when transmitting over an insecure channel,
implementers MAY use COSE encryption,
as defined in Section 5 of [[RFC9052]],
by nesting the secured [=verifiable presentation=]
as the plaintext payload of an encrypted COSE object.
</p>

<pre class="example nohighlight vc" data-vc-tabs="cose"
title="A simple example of a verifiable presentation secured with COSE using the EnvelopedVerifiableCredential type">
{
Expand Down

0 comments on commit ca8fa18

Please sign in to comment.