WEB4Signature2025

January 26, 2025

The WEB4Signature2025 protocol is designed to sign documents and enable verification of the signature by referencing a specific DID (Decentralized Identifier) identity. The key elements for this process are as follows:

Steps Involved:

1. Signing the Document:

   • The document is signed using a private key corresponding to a specific DID identity (e.g., did:web4:wlpv3-196.local#sig).
   • This signature is captured as a JWT (JSON Web Token) in the proof section of the document.

2. Verification Process:

   • To verify the signature, we must first retrieve the latest DID document from the corresponding DID URL (e.g., wlpv3-196.local/.well-known/did.json).
   • This document contains the public key associated with did:web4:wlpv3-196.local#sig, which we use to validate the signature.

3. Decoding the Signature:

   • The signatureValue in the JWT is the cryptographic signature of the document, and if you decode it, you’ll find key data, including the hash of the document.

   Here’s an example of what you would decode:

   {
     "sha3-512-hash": "167c1c378696419b5939866f8ed2ff00a088000933ba367bea87f698ba407c9912dc9020ebcdfe6242b2fdb0d5a370c7a05da38291c4e01d107993aecdc1fa2b",
     "created": 1737889351,
     "type": "WEB4Signature2025",
     "did": "did:web4:wlpv3-196.local#sig"
   }

   • The most important element here is the "sha3-512-hash". This is the hash of the entire document (excluding the proof section), and it serves as a cryptographic fingerprint that ensures document integrity.

4. Signing the Entire JWT:

   • Rather than just signing the document’s hash, the entire JWT (including metadata like created, type, and did) is signed. This provides an extra layer of security, as it ties the metadata to the document itself.

5. Action Identification:

   • The sha3-512-hash can also be seen as an action identifier. This makes it versatile for signing actions, not just documents. In this case, the same verification process applies to ensure that actions, such as transactions or smart contract executions, are properly authenticated.

In Summary:

• The protocol leverages the DID system, where you fetch the latest DID document to obtain the public key.
• You then use the public key to verify the signature, which is stored as a JWT containing the hash of the document and other metadata.
• The sha3-512-hash serves as the identifier for both the document and actions, enabling a flexible approach to signing and verifying content in a decentralized environment.

By following this process, you can be confident in verifying the authenticity of documents and actions, with the added benefit of decentralization and cryptographic security.