A simple script to create Gaia-X Self Descriptions

Summary

Hi! I have some problems when I try to use this signing tool (I was follow gx-compliance repository).

I tried to generate private/public keys using openSSL and then generate a self signed certificate, the content of these keys are used in .env file.

I used the following script to generate keys/cert:

openssl genrsa -out keypair.pem 2048
openssl rsa -in keypair.pem -pubout -out publickey.crt
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in keypair.pem -out pkcs8.key

openssl req -new -key pkcs8.key -out my_request.csr
openssl x509 -req -days 3650 -in my_request.csr -signkey pkcs8.key -out cert.key

rm my_request.csr

So, using the previous script the key was in PKCS8 format. I think thats correct. Isnt it? Anyway, I have modified the code (env and index.js) to add a variable JWT_ALGORITHM inside the .env file (so I can switch to use for example X509)... but I have tried to change this variable and change the method to generate keys and it still fails.

Current Behavior

Fails when try to check self description with the Compliance Service:

📝 Loaded ./config/self-description.json
📈 Hashed canonized SD 1efd1a5039805ed10455271e11ade83d2a6e044761c25da5cb1ecc4b6294e8b1
🔒 SD signed successfully (local)
✅ Verification successful (local)
📁 ./output/1663918326577_self-signed_LegalPerson.json saved
📁 ./output/1663918326577_did.json saved

🔍 Checking Self Description with the Compliance Service...
'Something went wrong:'
{
  statusCode: 409,
  message: 'Verification for the given jwk and jws failed.',
  error: 'Conflict'
}

Expected Behavior

A successful process

Steps to Reproduce

node ./index.js after modify self-description.json and env file.

Environment

PRIVATE_KEY="-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCz8c/UjRnLRIm0
V5XZrX+YtEe57pjtjkjhs3kDpKI8gw04jtr+XHtxF1dPykdYG/WzIpk8KNW5U6Ci
...
Q7RgZby31d1Sok6YubMMdtDa0eDVaSdFEIfr+LdFzBHC9RGt/FJLvdhHCOUNHnAl
FKYM055z0JJC4wZdCSYmPQSumIPHfcJWaKKMnDvsVHoh7tNtOLAX9BrFgHolsY3+
+1zPmXn1KZuyolUXHKpMjPRc
-----END PRIVATE KEY-----"
CERTIFICATE="-----BEGIN CERTIFICATE-----
MIIDfTCCAmUCFEb5J7SaEulAVI/WltT09D4cWBT7MA0GCSqGSIb3DQEBCwUAMHsx
...
nMO89712xzIR64Ch5DI5yKCQ5NVFDUUrcfqvrWd2hzAU723VxPEHu6jlD8ISKTJI
MwGwF/i9VqRwGiAMv6+1QjqXazjCiXX4KJQP2czY1fSN
-----END CERTIFICATE-----"
JWT_ALGORITH="PS256" #PS256 or ES256 (X509)
VERIFICATION_METHOD="did:web:compliance.gaia-x.eu"
X5U_URL="https://compliance.gaia-x.eu/.well-known/x509CertificateChain.pem"
API_VERSION="2204"
BASE_URL="https://compliance.gaia-x.eu"

Anything else

When i used yours Hackaton tool everything works!

Also, my self description is the following one:

{
    "@context": [
        "http://www.w3.org/ns/shacl#", 
        "http://www.w3.org/2001/XMLSchema#", 
        "http://w3id.org/gaia-x/participant#"
    ],
    "@id": "http://example.org/participant-dp6gtq7i75lmk9p4j2tfgCTICTICTIC2",
    "@type": [
        "VerifiableCredential", 
        "LegalPerson"
    ],
    "credentialSubject": {
      "id": "did:web:examnple.com",
      "gx-participant:registrationNumber": {
        "@value": "G-33906637",
        "@type": "xsd:string"
    }, 
      "gx-participant:headquarterAddress": {
        "@type": "gx-participant:Address",
        "gx-participant:country": {
          "@type": "xsd:string",
          "@value": "ES"
        },
        "gx-participant:street-address": {
            "@value": "C. Ada Byron, 39",
            "@type": "xsd:string"
        },
        "gx-participant:postal-code": {
            "@value": "33203",
            "@type": "xsd:string"
        },
        "gx-participant:locality": {
            "@value": "Gijon",
            "@type": "xsd:string"
        }
      },
      "gx-participant:legalAddress": {
        "@type": "gx-participant:Address",
        "gx-participant:country": {
          "@type": "xsd:string",
          "@value": "ES"
        },
        "gx-participant:street-address": {
            "@value": "C. Ada Byron, 39",
            "@type": "xsd:string"
        },
        "gx-participant:postal-code": {
            "@value": "33203",
            "@type": "xsd:string"
        },
        "gx-participant:locality": {
            "@value": "Gijon",
            "@type": "xsd:string"
        }
      }
    }
  }

Thanks a lot!!!

Proposed Changes

Switch the value of id and controller in did verfication method to conform to the specification.

A controller is an entity that is authorized to make changes to a DID Document (https://www.w3.org/TR/did-core/#did-controller)

A DID is expressed using ID and which allows theoretically DID that are not part of the subject DID (https://www.w3.org/TR/did-core/#did-subject) but since for Assertion Methods (https://www.w3.org/TR/did-core/#assertion) when used in the short form of "did:example..." the allowed did must match an ID of an Verification Method (or explicit define a new Verification Method under Assertion) even on the earlier stages it makes more sence to have the ID from the DID Subject and the Controller to be the complicance service.

See also the note on the did core spec:

"NOTE: Verification method controller(s) and DID controller(s) The semantics of the controller property are the same when the subject of the relationship is the DID document as when the subject of the relationship is a verification method, such as a cryptographic public key. Since a key can't control itself, and the key controller cannot be inferred from the DID document, it is necessary to explicitly express the identity of the controller of the key. The difference is that the value of controller for a verification method is not necessarily a DID controller. DID controllers are expressed using the controller property at the highest level of the DID document (the topmost map in the data model); see § 5.1.2 DID Controller."

Proposed Changes

Added support for lacy people who don’t want to deal with node

example docker commands

docker build -t . docker run -it --mount src="$(pwd)/config",target=/usr/src/app/config,type=bind

The signer creates the DID Documents incorrectly. The Verification Relationship (asertionMethod), points to a VM that does not exist in the DID Document.

• Added new variables for a DID, which could be used as the only param for DID creation.
• Also fixed the examples and updated the self description DID to another value, as it could be highly confusing to new people to us the compliance service DID:web for the examples.

Warning: Do not merge yet as the changes have not been tested yet.

Trying to implement ECDSA because of #21

Signing works. local verification not.

In the end, it's pointless anyway, because the server part of the whole thing has to be able to do ECDSA.

THIS CODE DOES NOT WORK!

Summary

Trying to sign SD I've always got an error during the process

'Something went wrong:' undefined

after a short debugging session i saw that the sign() method did not return the jsw string and the procedure failed without triggering any error/exception. The cause of this behavior is to be found in the scope of the declaration of the variable jws which is inside a try/catch block and when it is returned is no longer valued(=undefined).

The workaround I've adopted to fix the problem is to move the declaration of jws outside the try/catch block.

I hypothesize that this behavior is due to the relatively new version of Node.js (16.16.0) that I have been using lately.

Hope this help.

Regards

Pietro

Environment

• OS: Windows 11
• Node: 16.16.0
• npm: 8.11.0

Motivation / Problem

The Eclipse Dataspace Connector (EDC) requires the users to use EC signatures instead of RSA. The self-description-signer does not support EC keys:

❯ node index.js
📝 Loaded ./config/self-description.json
📈 Hashed canonized SD 8fc77f3ec2a1add9803dd55cc8d833c916521d2310f7e93e8310c5f21920e07c
TypeError: Invalid key for this operation, its asymmetricKeyType must be rsa or rsa-pss
    at keyForCrypto (self-description-signer/node_modules/jose/dist/node/cjs/runtime/node_key.js:53:23)
    at sign (self-description-signer/node_modules/jose/dist/node/cjs/runtime/sign.js:23:91)
    at FlattenedSign.sign (self-description-signer/node_modules/jose/dist/node/cjs/jws/flattened/sign.js:68:55)
    at CompactSign.sign (self-description-signer/node_modules/jose/dist/node/cjs/jws/compact/sign.js:14:43)
    at sign (self-description-signer/index.js:48:14)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async createProof (self-description-signer/index.js:63:10)
    at async main (self-description-signer/index.js:173:19)

Therefore I can't use the web:dids for EDC.

Solution

self-description-signer should support EC keys.

Alternatives

None

Additional context

Pull request for logging key signing errors: https://github.com/deltaDAO/self-description-signer/pull/22

Summary

I want to supply the name of the file containing my self description as a command line parameter. From the index.js I see, that this is supposed to work as third parameter.

I keep the program in a unmodified subdirectory self-description-signer (created by git submodule add) - all files that I work with are outside of this git repo.

My config therefore is in ./config (outside of self-description-signer)

Current Behavior

I call this command:

❯ node self-description-signer/index.js ./participant-self-description.json
node:internal/modules/cjs/loader:936
  throw err;
  ^

Error: Cannot find module './participant-self-description.json'
Require stack:
- /Users/volker/Huawei/Boot-X/boot-x-iac/Self Description Signing/self-description-signer/index.js
    at Function.Module._resolveFilename (node:internal/modules/cjs/loader:933:15)
    at Function.Module._load (node:internal/modules/cjs/loader:778:27)
    at Module.require (node:internal/modules/cjs/loader:1005:19)
    at require (node:internal/modules/cjs/helpers:102:18)
    at Object.<anonymous> (/Users/volker/Huawei/Boot-X/boot-x-iac/Self Description Signing/self-description-signer/index.js:10:25)
    at Module._compile (node:internal/modules/cjs/loader:1101:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
    at Module.load (node:internal/modules/cjs/loader:981:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12) {
  code: 'MODULE_NOT_FOUND',
  requireStack: [
    '/Users/volker/Huawei/Boot-X/boot-x-iac/Self Description Signing/self-description-signer/index.js'
  ]
}

and get an error. The same with node self-description-signer/index.js participant-self-description.json or with node self-description-signer/index.js $PWD/participant-self-description.json

Expected Behavior

I would expect my file ./participant-self-description.json to be signed. Strangely, if I leave out the third parameter, it will sign the example in self-description-signer/config and put the output to output

Steps to Reproduce

Enter the above commands.

Environment

❯ node -v
v16.13.0

Anything else

Good morning,

This is Mario from Arsys Spain, I belong to Sara Madariaga's team and I recently started working in Arsys self-descriptions files for the Gaia-X project.

First of all, let me thank you for sharing this tool, We've been working on this issue just for a few weeks and it's been really useful for us to understand how the signing process works and all the steps we have to follow to complete it.

I would like to share a little update we developed in our side for testing our files, maybe it may be helpful for other people who are getting into Gaia-X world and begin to use this tool.

In short, the generated DID file can be uploaded directly to the server (if configuration is enabled) so it's not neccesary for you to run the script twice to complete the process.

I hope we can keep in touch, and thanks a lot for your time.

Take care and best regards,

Proposed Changes

• library ssh2-sftp-client
• FTP config values in .env file
• index.js will try to update the file if FTP_ENABLED is set to true