Verifiable Credentials DIDKit (Rust) and Sign-and-verify (JS) comparison
- Glib Glugovskiy
During VC implementation for Open edX, we have faced a problem that LC Wallet (JS based) doesn’t verify VC signed by DIDKit library.
Below, you can see an example of the same credential, signed by two different services.
Credential JSON-LD
Note: Only the issuer ID is different for sign-and-verify and DIDKit
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://purl.imsglobal.org/spec/ob/v3p0/context.json",
"https://w3id.org/security/suites/ed25519-2020/v1"
],
"id": "urn:uuid:69bd185b-9863-4935-bdd6-95c4fb39b033",
"type": [
"VerifiableCredential",
"OpenBadgeCredential"
],
"credentialSubject": {
"id": "did:key:z6MkkePoGJV8CQJJULSHHUEv71okD9PsrqXnZpNQuoUfb3id",
"type": "AchievementSubject",
"achievement": {
"id": "59703bad-6f06-4a0b-9d32-857cff023714",
"type": "Achievement"
}
},
"issuer": {
"id": "did:key:z6MkhVTX9BF3NGYX6cc7jWpbNnR7cAjH8LUffabZP8Qu4ysC",
"type": "Profile",
"name": "Default verifiable credentials issuer"
},
"issuanceDate": "2023-04-17T20:38:24Z",
"validFrom": "2023-04-17T20:38:24Z",
"issued": "2023-04-17T20:38:24Z",
"name": "Program Certificate"
}
Signed with Sign-and-verify | Signed with DIDKit |
|---|---|
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://purl.imsglobal.org/spec/ob/v3p0/context.json",
"https://w3id.org/security/suites/ed25519-2020/v1"
],
"id": "urn:uuid:69bd185b-9863-4935-bdd6-95c4fb39b033",
"type": [
"VerifiableCredential",
"OpenBadgeCredential"
],
"credentialSubject": {
"id": "did:key:z6MkkePoGJV8CQJJULSHHUEv71okD9PsrqXnZpNQuoUfb3id",
"achievement": {
"id": "59703bad-6f06-4a0b-9d32-857cff023714",
"type": "Achievement"
},
"type": "AchievementSubject"
},
"issuer": {
"id": "did:key:z6MkhVTX9BF3NGYX6cc7jWpbNnR7cAjH8LUffabZP8Qu4ysC",
"type": "Profile",
"name": "Default verifiable credentials issuer"
},
"issuanceDate": "2023-04-17T13:46:21Z",
"name": "Program Certificate",
"issued": "2023-04-17T13:46:21Z",
"validFrom": "2023-04-17T13:46:21Z",
"proof": {
"type": "Ed25519Signature2020",
"created": "2023-04-17T18:59:57Z",
"verificationMethod": "did:key:z6MkhVTX9BF3NGYX6cc7jWpbNnR7cAjH8LUffabZP8Qu4ysC#z6MkhVTX9BF3NGYX6cc7jWpbNnR7cAjH8LUffabZP8Qu4ysC",
"proofPurpose": "assertionMethod",
"proofValue": "z35SiCqJ5zxotffd6wCNRXSJzhWtkSG1b8WafReXKe3334ZdyRCCVCAgHZyre7vmsHM5482Ud4N9PnAGnPi9xtaMp"
}
} | {
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://purl.imsglobal.org/spec/ob/v3p0/context.json"
],
"id": "urn:uuid:69bd185b-9863-4935-bdd6-95c4fb39b033",
"type": [
"VerifiableCredential",
"OpenBadgeCredential"
],
"credentialSubject": {
"id": "did:key:z6MkkePoGJV8CQJJULSHHUEv71okD9PsrqXnZpNQuoUfb3id",
"type": "AchievementSubject",
"achievement": {
"id": "59703bad-6f06-4a0b-9d32-857cff023714",
"type": "Achievement"
}
},
"issuer": {
"id": "did:key:z6MkkePoGJV8CQJJULSHHUEv71okD9PsrqXnZpNQuoUfb3id",
"type": "Profile",
"name": "Default verifiable credentials issuer"
},
"issuanceDate": "2023-04-17T20:38:24Z",
"proof": {
"@context": [
"https://w3id.org/security/suites/ed25519-2020/v1"
],
"type": "Ed25519Signature2020",
"proofPurpose": "assertionMethod",
"proofValue": "z8CUP1dYx2Q3skeaZtvw9u22pLaRYvTmjSP9SLfV3dNXPfhDg3UofCRZdKRhSPQtSJeTS9iDtyjB5XmDvPbGxkPv",
"challenge": "69bd185b-9863-4935-bdd6-95c4fb39b033",
"verificationMethod": "did:key:z6MkkePoGJV8CQJJULSHHUEv71okD9PsrqXnZpNQuoUfb3id#z6MkkePoGJV8CQJJULSHHUEv71okD9PsrqXnZpNQuoUfb3id",
"created": "2023-04-17T20:38:24.592Z"
},
"validFrom": "2023-04-17T20:38:24Z",
"issued": "2023-04-17T20:38:24Z",
"name": "Program Certificate"
} |
The problem: DIDkit always provides @context in proof object (see code), but Sign-and-verify can’t parse a proof if it’s not in the global context.
The list of static context in DIDkit doesn’t include any proof suites, list of implemented contexts
Refs.
Ed25519Signature2020 DIDkit Implementation
Compilation of the Postman examples of signing and verification with sign-and-verify API: https://documenter.getpostman.com/view/12194329/2s93XzwMmm
Test Op between DIDKit and Sign-and-verify