Encoding Attestation in URI

Encoding an attestation in URI format that is colloquially called MagicLink.

Encoding takes as argument the address of `a smart contract which the attestation should be encoded towards.

The encoding then proceeds as follows:

  1. signatureAlgorithm is defined in Sec. 4.1.1.2 of RFC 5280. If the algorithm has OID 1.2.840.10045.4.3.2 (ECDSA with SHA256), then remove signatureAlgorithm. Curve choice is not possible under OID 1.2.840.10045.4.3.2 and will be assumed to be secp256k1. Similarly for the optional field algorithm in SubjectPublicKeyInfo.
  2. signature is defined in Sec. 4.1.2.3 of RFC 5280. It must contain the same value as signatureAlgortihm and is thus always removed.
  3. The remaining structure is DER encoded.
  4. The DER encoding is then base64 encoded, with the following exceptions:
    • The content of dataObject is decoded back into its human readable ASCII representation. It is furthermore moved to the beginning of the encoding (i.e. before the base64 encoding starts) and appended an exclamation point, !.
    • If the signatureAlgorithm has OID 1.2.840.10045.4.3.2 then the data in the CommonName field within the Name structure of the issuer field is decoded back into ASCII (which implicitly is actually a hex encoding, and thus human readable). It is appended an exclamation point, !, and then moved to be right after the exclamation point ending the dataObject encoding. Thus the format of the encoding is now:
    The format of the encoding is now
    <dataObject>!0x<fingerprint>!<base64 of DER encoding>
  5. URL sensitive characters of the ASCII representation are escaped using the URL percent encoding approach as specified in RFC 3986 section 2.1.
  6. The address of the smart contract which the attestation is being linked to is appended with an exclamation point, !. Finally the address and exclamation point is prepended to the encoding of the attestation.
  7.  URL sensitive characters of the encoding (specifically the base64 encoded part) are substituted according to the following rules:
    • Addition sign, +, is replaced with the minus sign, -.
    • Forward slash, /, is replaced with the underscore, _.
    • Equality, =, is replaced with the multiplication sign, *.

    That is, an attestation will look something like the following when the smart contract address is assumed to be 0x34288B5B65D616B746AE, the fingerprint of the public is 0xAB89BBEF99736629DC23, the dataObject has the following ASN.1 form:

    "dataObject":{
        "match":1,
        "class":"lounge/lobby",
        "admission":1
                          }

    The URI being:

    0x34288B5B65D616B746AE!match=1;class=lounge%2Flobby;admission=1;0xAB89BBEF99736629DC23!CICyyZb8QcHv0k0bDUV3T0W_EVGGMWOwKD_RIpnbFT_cTAiBsZiTXYqH870YYKE6tjwhnis-BbE8hCNfFlTmrRaCM-gg\*\*