It looks like neither Hyperledger Aries Go framework, nor the Google Tink crypto library, which it uses under the hood, provide helper functions to convert public key bytes to JWK format (or I haven’t found the way). When you export public key bytes from the KSM, they are unmarshalled from their internal representation and serialized using x509.MarshalPKIXPublicKey()
, elliptic.Marshal()
, and some are marshalled as JSON using json.Marshal()
to custom Aries PublicKey struct. This means that we can’t use standard Go JOSE libraries to convert these public keys to JWK directly.
This post shows how to make two kinds of keys to JWK, but I’ll try to explain the process I followed to discover them, so if you need to export other public key types, you’ll probably know where to look.
One of the key types - NISTP256ECDHKWType - is mandatory in the current implementation of Hyperledger Aries Go if you want to use authenticated encryption (authcrypt) of DIDComm messages and follow the DIDComm V2 spec.
Why would you want to convert Aries public keys to JWK?
To use them as verification methods in DID documents. It is a common and widely supported encoding of public keys in DID documents (
publicKeyJwk
)
Below are example functions to convert ECDSA and ECDSA-ECDH-KW keys:
|
|
How to find serializations for other supported key types?
By looking at the public key serialization process for your needed key type.
Keys are created by different KeyManager implementations.
Public keys are serialized in the pubkey_writer.go file. Best to checkout the Hyperledger Aries Go github repo and dive into this file and follow the different serialization functions for the key types you need.