Verifiable Credentials DIDKit (Rust) and Sign-and-verify (JS) comparison

During VC implementation for Open edX, we have faced a problem that LC Wallet (JS based) doesn’t verify VC signed by DIDKit library.

Below, you can see an example of the same credential, signed by two different services.

Credential JSON-LD

Note: Only the issuer ID is different for sign-and-verify and DIDKit

{ "@context": [ "https://www.w3.org/2018/credentials/v1", "https://purl.imsglobal.org/spec/ob/v3p0/context.json", "https://w3id.org/security/suites/ed25519-2020/v1" ], "id": "urn:uuid:69bd185b-9863-4935-bdd6-95c4fb39b033", "type": [ "VerifiableCredential", "OpenBadgeCredential" ], "credentialSubject": { "id": "did:key:z6MkkePoGJV8CQJJULSHHUEv71okD9PsrqXnZpNQuoUfb3id", "type": "AchievementSubject", "achievement": { "id": "59703bad-6f06-4a0b-9d32-857cff023714", "type": "Achievement" } }, "issuer": { "id": "did:key:z6MkhVTX9BF3NGYX6cc7jWpbNnR7cAjH8LUffabZP8Qu4ysC", "type": "Profile", "name": "Default verifiable credentials issuer" }, "issuanceDate": "2023-04-17T20:38:24Z", "validFrom": "2023-04-17T20:38:24Z", "issued": "2023-04-17T20:38:24Z", "name": "Program Certificate" }

 

Signed with Sign-and-verify

Signed with DIDKit

Signed with Sign-and-verify

Signed with DIDKit

{ "@context": [ "https://www.w3.org/2018/credentials/v1", "https://purl.imsglobal.org/spec/ob/v3p0/context.json", "https://w3id.org/security/suites/ed25519-2020/v1" ], "id": "urn:uuid:69bd185b-9863-4935-bdd6-95c4fb39b033", "type": [ "VerifiableCredential", "OpenBadgeCredential" ], "credentialSubject": { "id": "did:key:z6MkkePoGJV8CQJJULSHHUEv71okD9PsrqXnZpNQuoUfb3id", "achievement": { "id": "59703bad-6f06-4a0b-9d32-857cff023714", "type": "Achievement" }, "type": "AchievementSubject" }, "issuer": { "id": "did:key:z6MkhVTX9BF3NGYX6cc7jWpbNnR7cAjH8LUffabZP8Qu4ysC", "type": "Profile", "name": "Default verifiable credentials issuer" }, "issuanceDate": "2023-04-17T13:46:21Z", "name": "Program Certificate", "issued": "2023-04-17T13:46:21Z", "validFrom": "2023-04-17T13:46:21Z", "proof": { "type": "Ed25519Signature2020", "created": "2023-04-17T18:59:57Z", "verificationMethod": "did:key:z6MkhVTX9BF3NGYX6cc7jWpbNnR7cAjH8LUffabZP8Qu4ysC#z6MkhVTX9BF3NGYX6cc7jWpbNnR7cAjH8LUffabZP8Qu4ysC", "proofPurpose": "assertionMethod", "proofValue": "z35SiCqJ5zxotffd6wCNRXSJzhWtkSG1b8WafReXKe3334ZdyRCCVCAgHZyre7vmsHM5482Ud4N9PnAGnPi9xtaMp" } }
{ "@context": [ "https://www.w3.org/2018/credentials/v1", "https://purl.imsglobal.org/spec/ob/v3p0/context.json" ], "id": "urn:uuid:69bd185b-9863-4935-bdd6-95c4fb39b033", "type": [ "VerifiableCredential", "OpenBadgeCredential" ], "credentialSubject": { "id": "did:key:z6MkkePoGJV8CQJJULSHHUEv71okD9PsrqXnZpNQuoUfb3id", "type": "AchievementSubject", "achievement": { "id": "59703bad-6f06-4a0b-9d32-857cff023714", "type": "Achievement" } }, "issuer": { "id": "did:key:z6MkkePoGJV8CQJJULSHHUEv71okD9PsrqXnZpNQuoUfb3id", "type": "Profile", "name": "Default verifiable credentials issuer" }, "issuanceDate": "2023-04-17T20:38:24Z", "proof": { "@context": [ "https://w3id.org/security/suites/ed25519-2020/v1" ], "type": "Ed25519Signature2020", "proofPurpose": "assertionMethod", "proofValue": "z8CUP1dYx2Q3skeaZtvw9u22pLaRYvTmjSP9SLfV3dNXPfhDg3UofCRZdKRhSPQtSJeTS9iDtyjB5XmDvPbGxkPv", "challenge": "69bd185b-9863-4935-bdd6-95c4fb39b033", "verificationMethod": "did:key:z6MkkePoGJV8CQJJULSHHUEv71okD9PsrqXnZpNQuoUfb3id#z6MkkePoGJV8CQJJULSHHUEv71okD9PsrqXnZpNQuoUfb3id", "created": "2023-04-17T20:38:24.592Z" }, "validFrom": "2023-04-17T20:38:24Z", "issued": "2023-04-17T20:38:24Z", "name": "Program Certificate" }

The problem: DIDkit always provides @context in proof object (see code), but Sign-and-verify can’t parse a proof if it’s not in the global context.

The list of static context in DIDkit doesn’t include any proof suites, list of implemented contexts

 

Refs.
Ed25519Signature2020 DIDkit Implementation

Compilation of the Postman examples of signing and verification with sign-and-verify API: https://documenter.getpostman.com/view/12194329/2s93XzwMmm

 

 

Test Op between DIDKit and Sign-and-verify