This package implements the FAIR protocol. Security design decisions are dictated by a combination of the FAIR protocol spec, the PLC DID spec, and restrictions of the PHP ecosystem.

Rotation keys are implemented with ECDSA as required by the FAIR protocol spec and use the recommended secp256k1 curve. The secp256k1 signing implementation is provided by @noble/curves via the @atproto/crypto wrapper which uses the low-S form of signatures encoded in IEEE-P1363 format. secp256k1 signatures generated by @noble/curves use deterministic k, conforming to RFC 6979.

Verification keys are implemented using Ed25519, the implementation of which is also provided by @noble/curves. The FAIR protocol spec imposes no constraints on which algorithms can be used for verification keys. Ed25519 was chosen for interoperability with the PHP ecosystem:

1. FAIR originated as a protocol to be used within the WordPress ecosystem, which uses PHP. The Sodium extension and the sodium_compat library -- both widely used within the WordPress and PHP ecosystems -- provide Ed25519 as the only algorithm for public key cryptography.
2. Both WordPress core and the FAIR Connect plugin for WordPress use Ed25519 to verify signatures for the same reason. Interoperability with existing FAIR tooling for WordPress is a key requirement of this package.

Private keys are stored in PEM format, which enables detection by secret scanning services and tools:

Key files are written with mode 0600 (owner read/write only).

DID operations (creation, updates, key rotation) are performed via the @did-plc/lib library, which handles DAG-CBOR encoding, operation signing, and communication with the PLC directory.

All DID update operations must be signed by a rotation key. The package enforces safety constraints such as preventing revocation of the last rotation key or self-revocation of the signing key.

If you discover a security vulnerability in this package please report it via the private security vulnerability reporting mechanism here on GitHub.