revise and generalize language around publicKeyPem format

PKCS-8 is evidently only for private keys, the public key format is X.509 SPKI. background: https://matrix.to/#/!uHqAjmOtrLtidOiczC:matrix.org/$VmLjzi4xFKJme9xxP12en_Wj2HuJ_JS4pSIrQjOX2Qo?via=matrix.org&via=mozilla.org&via=decentsocial.net . thanks vladimyr! for #7
swicg · Apr 11, 2024 · b739fb9 · b739fb9
1 parent 87c4133
commit b739fb9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/index.html b/index.html
@@ -172,7 +172,7 @@ <h3>How to obtain a signature's public key</h3>
 <li>If it's a raw <a href="https://w3c-ccg.github.io/security-vocab/#Key"><code>Key</code> object</a>, use its <code>controller</code> or <code>owner</code> property as the new key id, jump back to step 2, and repeat. (This is necessary to confirm that the owner actually owns and uses this key.)</li>
 <li>Otherwise, the key can't be fetched at this time, and the signature verification fails.</li>
 <li>The public key object will be in the actor's <code>publicKey</code> property. If there are multiple values, find the one whose <code>id</code> matches the original <code>keyId</code>.</li>
-<li>Decode the <a href="https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail">PEM-encoded</a> public key in the key object's <code>publicKeyPem</code> property. This is based on <a href="https://w3c-ccg.github.io/security-vocab/#publicKey">LD Security Vocabulary v1</a>. If it starts with <code>-----BEGIN RSA PUBLIC KEY-----</code>, it's <a href="https://datatracker.ietf.org/doc/html/rfc3447">PKCS-1</a>. If it starts with <code>-----BEGIN PUBLIC KEY-----</code> (no <code>RSA</code>), it's <a href="https://datatracker.ietf.org/doc/html/rfc5208">PKCS-8</a>.</li>
+<li>The <a href="https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail">PEM-encoded</a> public key will be in the key object's <code>publicKeyPem</code> property. This is based on <a href="https://w3c-ccg.github.io/security-vocab/#publicKey">LD Security Vocabulary v1</a>. Use your cryptography library to decode it as a PEM public key. (It may be encoded as <a href="https://datatracker.ietf.org/doc/html/rfc3447">PKCS-1</a>, <a href="https://datatracker.ietf.org/doc/html/rfc5280#appendix-A">X.509 SPKI</a>, or something else; your library should detect its format automatically.)</li>
 </ol>
 <p>Note that a <a href="https://w3c.github.io/vc-data-integrity/vocab/security/vocabulary.html">newer version of the LD Security Vocabulary</a> (part of <a href="https://w3c.github.io/vc-data-integrity/">Verifiable Credential Data Integrity</a>) removes the <code>publicKey</code> property. <a href="https://codeberg.org/fediverse/fep/src/branch/main/fep/521a/fep-521a.md">FEP-521a</a> is an alternative that supports key objects anywhere in actors, eg in the <code>assertionMethod</code> property, but it's not yet widely supported in the fediverse.</p>
     </section>