This specification describes a Linked Data vocabulary for asserting Verifiable Credentials related to PGP.

Terminology

The following terms are used to describe concepts involved in the generation and verification of the Linked Data Proof signature suite.

Please review [[LD-PROOFS]] for more details regarding linked data proof suites.

canonical form
The output of applying a canonicalization algorithm to an input document.
canonicalization algorithm
An algorithm that takes an input document that has more than one possible representation and always transforms it into a canonical form. This process is sometimes also called normalization.
digest algorithm
An algorithm that takes a input message and produces a cryptographic output message that is often many orders of magnitude smaller than the input message. These algorithms are often 1) very fast, 2) non-reversible, 3) cause the output to change significantly when even one bit of the input message changes, and 4) make it infeasible to find two different inputs for the same output.
signature algorithm
An algorithm that takes an input message and produces an output value where the receiver of the message can mathematically verify that the message has not been modified in transit and came from someone possessing a particular secret.
signature suite
A specified set of cryptographic primitives typically consisting of a canonicalization algorithm, a message digest algorithm, and a signature algorithm that are bundled together by cryptographers for developers for the purposes of safety and convenience.

The PGP Vocabulary

The PGP Vocabulary is available via: 

        {
          "@context": ["https://w3id.org/pgp/v1"]
        }

The following classes are available for specifying information related to PGP.

publicKeyPgp

An ascii armored public PGP key.

Term publicKeyPgp
URL https://w3id.org/security#publicKeyPgp
Expected Value Ascii armored public PGP Key

privateKeyPgp

An ascii armored private PGP key.

Term privateKeyPgp
URL https://w3id.org/security#privateKeyPgp
Expected Value Ascii armored private PGP Key

PgpVerificationKey2021

A verificationMethod type for PGP.

Term PgpVerificationKey2021
URL https://w3id.org/security#PgpVerificationKey2021
Expected Value Class

PgpSignature2021

A linked data proof type for PGP.

Term PgpSignature2021
URL https://w3id.org/security#PgpSignature2021
Expected Value Class

Linked Data Suite Definition

The PGP vocabulary defined in this document may be used to construct linked data proofs.

Parameter Value Specification
canonicalization algorithm https://w3id.org/security#URDNA2015 [[RDF-DATASET-NORMALIZATION]]
digest algorithm SHA-256 [[SHA-3]]
signature algorithm PGP Detached Signatures [[RFC4880]] 
        {
          "id": "https:/w3id.org/security#PgpSignature2021",
          "type": "SignatureSuite",
          "canonicalizationAlgorithm": "https://w3id.org/security#URDNA2015",
          "digestAlgorithm": "https://tools.ietf.org/html/rfc5754#section-2.2",
          "signatureAlgorithm": "https://tools.ietf.org/html/rfc4880#section-11.4"
        }

Examples

This specification describes a Linked Data vocabulary for asserting Verifiable Credentials related to PGP.

DID Document

The PGP vocabulary can be used with decentralized identifiers. 

{
  "@context": ["https://www.w3.org/ns/did/v1", "https://w3id.org/pgp/v1"],
  "id": "did:example:123",
  "assertionMethod": [
    {
      "id": "did:example:123#test-id",
      "type": "PgpVerificationKey2021",
      "controller": "did:example:123",
      "publicKeyPgp": "-----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: OpenPGP.js v4.10.9\r\nComment: https://openpgpjs.org\r\n\r\nxjMEYASIXxYJKwYBBAHaRw8BAQdAiEDH3eDo954hWbnf5srnHwL6WfTKXEwu\r\noeGIK39k7DPNG0pvbiBTbWl0aCA8am9uQGV4YW1wbGUuY29tPsKPBBAWCgAg\r\nBQJgBIhfBgsJBwgDAgQVCAoCBBYCAQACGQECGwMCHgEAIQkQNzyO0OYKPDsW\r\nIQSPfkGb1dh1xq44qq03PI7Q5go8Ox6tAQDWfWPrPn2dCNU4pWmn7WtZZBpr\r\nsTkZ+B91uV7Rc1YtAwEA6mBHjiudCfx5qjnPdfpg/Q7+AoVyoN32YOKitFQR\r\n0gfOOARgBIhfEgorBgEEAZdVAQUBAQdAs9lCd2o023BMxfLWFDNr+7vtZ1PV\r\nVEUbSSK1GvkEFikDAQgHwngEGBYIAAkFAmAEiF8CGwwAIQkQNzyO0OYKPDsW\r\nIQSPfkGb1dh1xq44qq03PI7Q5go8O/+XAP9MqQ6E8zHJD+JdKhCqOOol11lB\r\nenlTbeZqHllv7xdGpAD/dOElSqr+Eslk0squxsIaglX39oh2wGcmMQrqvlbT\r\nKAA=\r\n=DVI0\r\n-----END PGP PUBLIC KEY BLOCK-----\r\n"
    }
  ]
}

Verifiable Credential

The PGP vocabulary can be used with verifiable credentials. 

{
    "@context": [
        "https://www.w3.org/2018/credentials/v1",
        "https://w3id.org/pgp/v1"
    ],
    "id": "http://example.gov/credentials/3732",
    "type": ["VerifiableCredential"],
    "issuer": {
        "id": "did:example:123"
    },
    "issuanceDate": "2020-03-10T04:24:12.164Z",
    "credentialSubject": {
        "id": "did:example:456"
    },
    "proof": {
        "type": "PgpSignature2021",
        "created": "2019-12-11T03:50:55Z",
        "proofPurpose": "assertionMethod",
        "proofValue": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v4.10.9\r\nComment: https://openpgpjs.org\r\n\r\nwnUEABYKAAYFAmAEmXwAIQkQNzyO0OYKPDsWIQSPfkGb1dh1xq44qq03PI7Q\r\n5go8O2UlAQDfPySvUIsTjXHYW+BmIipUC204GP+i014oBRwkp3mcvQD9HDFx\r\nm8P8aO6TCDtembKj/Bca7u3/99CNQjtQwkvOvAo=\r\n=QZTK\r\n-----END PGP SIGNATURE-----\r\n",
        "verificationMethod": "did:example:123#test-id"
    }
}

Privacy Considerations

Do not include PII in PGP Keys.

Security Considerations

Avoid using PGP keys with weak security, such as RSA keys of less than 2048 bits.

Review safecurves.cr.yp.to before selecting eliptic curve types.