Enhancing Flexibility in Credential Signing with Key Pair Selection

[thackerronak]

In current system, the default key pair algorithm set at the wallet level is used to sign credentials.

While this approach ensures consistency, it also has limitations, such as lack of flexibility. To address this issue, I propose offering issuers the choice of which key pair to use for signing credentials. This can be achieved through two methods: Algorithm-based selection and Key ID-based selection.

1. Algorithm-Based Selection:
   With this method, issuers can choose the cryptographic algorithm they wish to use. If multiple key pairs exist for the same algorithm, the system defaults to the first key pair (index 0). This approach is straightforward and easy to implement, providing a balance between flexibility and simplicity.

2. Key ID-Based Selection:
   Alternatively, issuers can select the specific key pair by using a unique Key ID. This method offers precise control, allowing issuers to choose exactly which key pair to use for each credential. This level of specificity can be crucial for ensuring the right key pair is used for the right purpose, enhancing security and operational efficiency.

3. Above both solutions

Advantages of Providing Choice:

• Enhanced Security: Allowing issuers to select the most appropriate key pair for each credential can reduce the risk associated with key compromise and improve overall security.
• Flexibility: Different use cases may require different cryptographic strengths or compatibility considerations. Providing a choice allows issuers to adapt to these varying requirements.
• Better Key Management: Utilizing different key pairs for different purposes can lead to more effective key management practices.

Please share your thoughts on this proposed feature.