So my temp workaround:
I always have a signer, so I’m creating a temp DID using the following:
const msg = await signer.signMessage("This gives permission to read or write profile data");
const privateKey = fromString(msg.slice(2), 'base16')
const oneOffDid = new DID({
resolver: getResolver(),
provider: new Ed25519Provider(privateKey.slice(0, 32)),
})
await oneOffDid.authenticate();
return oneOffDid;
then creating the JWE with
const oneOffDid = await getOneOffEncryptDid(client);
const owners = new Set([oneOffDid.id, ...recipients])
const encrypted = await oneOffDid.createDagJWE(clean, [...owners])
It’s bit of an icky workaround, but from the it-works viewpoint… well, it works.
Is there any obvious reason this is a terrible idea? The signature should have plenty of entropy, and worst-case scenario is an attacker gaining control of the signer (at which point it is pretty hard to mitigate)