Skip to content
This repository has been archived by the owner on Oct 15, 2024. It is now read-only.

derived proof from document with urn:uuid format id does not verify #207

Open
lemoustachiste opened this issue Nov 29, 2022 · 3 comments
Open

derived proof from document with urn:uuid format id does not verify #207

lemoustachiste opened this issue Nov 29, 2022 · 3 comments

Comments

@lemoustachiste
Copy link

So following this problem when verifying a derived document: mattrglobal/node-bbs-signatures#211,

I have found that the issue is coming from this piece of information from my initial document:

"id": "urn:uuid:bbba8553-8ec1-445f-82c9-a57251dd731c",

There are 2 levels to the issue.

If I remove the document id altogether, then my reveal document is properly formed and verifies - but I have mangled with potentially critical data in the system:

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://w3id.org/blockcerts/v3",
    "https://w3id.org/security/bbs/v1"
  ],
  "id": "urn:bnid:_:c14n1",
  "type": [
    "BlockcertsCredential",
    "VerifiableCredential"
  ],
  "display": {
    "id": "urn:bnid:_:c14n0",
    "content": "<div style=\"background-color:transparent;padding:6px;display:inline-flex;align-items:center;flex-direction:column\">Yo</div>",
    "contentMediaType": "text/html"
  },
  "metadata": "{\"classOf\":\"2021\"}",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "claim": {
      "id": "urn:bnid:_:c14n2",
      "description": "Awarded to those who rock",
      "name": "Master of Puppets"
    },
    "name": "Julien Fraichot"
  },
  "issuanceDate": "2022-11-29T15:06:26.017Z",
  "issuer": "https://www.blockcerts.org/samples/3.0/issuer-blockcerts.json",
  "proof": {
    "type": "BbsBlsSignatureProof2020",
    "created": "2022-11-29T15:06:26Z",
    "nonce": "VbzVit8eb94IloiG6xVJSCF1edlvQw61B1Sq9RVrHAufsoF6QCB9jfOJ9t9ELlRE/uo=",
    "proofPurpose": "assertionMethod",
    "proofValue": "ABMH/1+RjgN/ZfByVQOYvEGUqEPFHTt98WCNFi/CPEK1WJ0xal8PeOdse/hGdyygH5ARXiCKPliikO0pEPeBx694gePL3XPwzfjl6OmE1cUUCX4KbZUP7LrUAhDY9fcXUiMGjcq4ecUQYOnLwkRTaAQTKqKfDluj9U2o7dah0bIYk55nBCGb2RDMhpkh78gUVrV222oAAAB0pPpDskCCHGnQu+NEunnl1JpNxISRytVggxRln1uOIdjayT3OEylEtCPMg0cu6qqoAAAAAi1lWxyUNml1F1mTfqLb67H4TH03/0alvSte2gsVYMrgVlCYCGGaLJdIbIpv9HxfjUZonLrA1WY4LdtUL5irSjyYhKjUjq+b2mGiIJX8E0r/Cwg6VMuPgq/q9Caf/vvaft17Pnq7kOhF5QLpnKImCtcAAAAELf2BeBn1407f9isYBhYDRIfzhStpibEGj78KxvSyaKtWHPqD1H3DZtOtvi9hbj34qBIoqsMFlddGX6YKhzAsqU/lFwVSm+Xs/sumY3TIL+iIeVkYOmNRY2/wJ4eSAt6iRAlq7mdLTNwxRMeaG+elhBp7dQs6EgIOxmCK0sRWKYw=",
    "verificationMethod": "did:key:z5TcEmFDYKHmMkZCqXVf3eJpZxX6aZW6ubPAexjJGHyXAka521PspqyXZa58Eegw9nfaGJDnpLPJSyqYJHZ3wy6VCoTG1oucasdANZqmHef2yjE7qxYcLhrC9QxqwPFB7S82zuPdFxBRUJRFVic439idgG1moDSAfG1sZp9wGBzoPhmfgAUsZk2gKjt2bn6S9wGUWLDBv#zUC7J1cyYKfKeKbBc6pSkUnJZXy2ZYJVNZMofuQA4tYd9Be723SsLsbqxYBHXj7daHfQGrzSxZhxfFGpkgDAmMxmVQfRoEX4myw3vi5kKfnw1VXCzaU21c2qhT9F8BYfVheTo4C"
  }
}

If I remove the urn:uuid prefix, then the derived document verifies, but it lacks the expected information from the reveal document:

{
  '@context': [
    'https://www.w3.org/2018/credentials/v1',
    'https://w3id.org/blockcerts/v3',
    'https://w3id.org/security/bbs/v1'
  ],
  proof: {
    type: 'BbsBlsSignatureProof2020',
    created: '2022-11-29T14:38:59Z',
    nonce: 'GDiMYw2jHKBIS33NOPb2PEMEj5xwPlLAh3NaBH/UVLSmL2wMYKt06GElLhvzHjH6BaE=',
    proofPurpose: 'assertionMethod',
    proofValue: 'AAwAD6JEk9zQqLJhyx/dk+9datavpuzPanfiGGsOIJN0Wtw4FecXEwIFPggQ/hJosxt7jpfVxEcUNOPc5qVKg5U/njTUraPtk2Uc2gdA+e8RbCkxC9s+Ht8WkAVEZ8rwNehj4JSPSgKM0MihuVQkHpL0BPAIOC5DqGK4AA8bsC+UlxyLrtyvBvA39IYuZrJdSLWiIAAAAHSuLc4VeUJh8WSlvhB8klyUsIhIiOCdGrjWfMscwvh6CaA61qHWjgXAeHMcet5gYF4AAAACFQf7VuJzvkgJjNrnXUVwkBxcWi+coZe9h2Qbrm8ARykq/AdH1XEokrB2vk0Ng7GQ3sBnkSjUqP7WCwLzaBZBIo9ZcoSjFGGXvQazq2LScm7z/FsZXOzgS1fk81urp1+NKLCPDKNiAwVKI9tkykRZGgAAAAo9t9wUdJCAE8kQpNQ/DjvjJeWZV2ufrg7Q41oq5j+79RlpjTno7PyJ9h2mIDpv6MW++sFJSMJ8BT+oj4/aBnxCM41ly6SM2u4oh76tlJ7QIr9bv8E/Ef5G3neTV7avEgk8c8W54Gcq8obpgN52zY0ZhHO+uzUD5K0vGSX76jlno2vceuKADy03VIhyQhqucqHOtuvmyl2OP2a4w0YFbgZVOR3M9nyNhLL737DUhXI7yoABqaPKCgQ2rdOdbWIK6LdwuSiRpHZxupzUaVd5spD5DL1mn4J5WsdRZUjGPMBdMzvOFq+iYzrz5qig+T+cCW05d+sjsx1+18JtoH0pqCxAFCi/9MBzdrmVnZlDxXTCiXIBxvNUzD+EHEP8PTis5txwr42d4MktjMtrkbFSJ8hwdTxdaNmSCz+mcsfY+5sd6g==',
    verificationMethod: 'did:key:z5TcEopMsCofK3MGktQbNZJUj7Ts6QJMSJef3Uv6uXDZjxdPA9zkS87e7XJ5sDzcUUbxNYwy53wBbzSL3sPC7sKtVp4P6jhMvP2mVfzYQSv79Av8ZffXpMYZifXY7gtyNLx7JL8mpfc65KUm4z7ZTadmeQwCWWM4Ev8xfeaGr6dBgoTWJamiKeXRdR8PSS7qDsmc2eJpx#zUC7GGsNjWZskEizSQ2wqPgSGath5YSRCxGu6YAuEtgDfmAHoYDWRkQvPbLUpWFzxgni9AAbpbjBgPFbSyxGS7ovuH8nnv92yEPLboBBj8qXRsqAhGpvnSijTHm9MAsMfLTQ3AG'
  }
}

What put me on the trail to identify this problem is this line: https://github.com/mattrglobal/jsonld-signatures-bbs/blob/master/src/BbsBlsSignatureProof2020.ts#L131, however I am not sure this is the actual final culprit. From what I can see in the sample demo, https://github.com/mattrglobal/jsonld-signatures-bbs/blob/master/sample/ts-node/src/demo_single.ts, the original id of the initial document is preserved, so it does not seem to be expected that we should modify the id to essentially create a new document.

For all intent and purposes, this derived document (with the original id) will not verify:

{
  '@context': [
    'https://www.w3.org/2018/credentials/v1',
    'https://w3id.org/blockcerts/v3',
    'https://w3id.org/security/bbs/v1'
  ],
  id: 'urn:uuid:bbba8553-8ec1-445f-82c9-a57251dd731c',
  type: [ 'BlockcertsCredential', 'VerifiableCredential' ],
  display: {
    id: 'urn:bnid:_:c14n0',
    content: '<div style="background-color:transparent;padding:6px;display:inline-flex;align-items:center;flex-direction:column">Yo</div>',
    contentMediaType: 'text/html'
  },
  metadata: '{"classOf":"2021"}',
  credentialSubject: {
    id: 'did:example:ebfeb1f712ebc6f1c276e12ec21',
    claim: {
      id: 'urn:bnid:_:c14n1',
      description: 'Awarded to those who rock',
      name: 'Master of Puppets'
    },
    name: 'Julien Fraichot'
  },
  issuanceDate: '2022-11-29T15:05:17.924Z',
  issuer: 'https://www.blockcerts.org/samples/3.0/issuer-blockcerts.json',
  proof: {
    type: 'BbsBlsSignatureProof2020',
    created: '2022-11-29T15:05:18Z',
    nonce: 'T6+bvFgTwIUxhUtkmhI9upP7d8sjDPE+TkTjJrZNcIsFk+KPh/VCeRo2s7ZoDz+Toog=',
    proofPurpose: 'assertionMethod',
    proofValue: 'ABMH/1+sdFZWgE6w2kbb7FM76CNSSiZuO1ozbBeFi6drPQ9vz3K586dTe5dceA0B7VmJoGywNT6Aqk7w2H5s4/fvfJypXQHyIk1cIcYLcDCK2EJN55O0tpd8m+wHiIS2v1MjAEGIihjTIK/SVEiHVYnQhd6B3r6OL2xmKwpIylyZLuZzwk5q1toPdkH0CFC7t+ddQq0AAAB0op8IPRDzY1aCqNviPJCJoAxBTHO6B3vSj9nsPnsPUBgqipCxmyQIwE0cBezEyBMxAAAAAmMbd0R9vmQxIAuCOLK2M0DMTeg5G6/gUD9ATlx8HxA/As+A+4tnJzj+bP5am0DkEK9nO/wIWwDmujDuxdVaDFe01pwrrzdasO8OfDfbMAnwv6NpntesRqGR29IhKFCrGKWWU6lBy28BaUafQYZDCwEAAAAEPiJsn2+H99WPzXqD2cSNfBqXRpxQ6Ai43JbJttgmJcJsDYhEhZGC09kFyxQcQnnyvVyZyEC3Js+DS5px1LxhFAl7PY7Jge2AO/MR9xI8LjA6+0vnNYKydm/8nai8OZ1VOryWeRTwgETYmKwFipbh2Tn/F1p4FCurYYgozH5Q8Jg=',
    verificationMethod: 'did:key:z5TcDJEMzpBv58yHMCtodFhA5acGe4r4wUkzDkX89MpsWNLAS12sNJgqYC1uPcr3ekk3z1tv82WFXAwgYiNqqMX8sf4AEB8hD3ccYti9uh5fakvnNy6NGb8NF4btHEuT7c3n6BwrLg5mMjzyxY6uEcTmNEzzkWtY98Ga7bQab5yaveP4j87Rec6tPGXi5t6i2i5szwstd#zUC76amoqWYCtj3SF5a9hoGKkqCofsL5QGV8WXujY87B7vTWJudkvo6N4Weg1ZvLD51whAgZ3fb2U32Rmq9aHHFMG7Y3CfuquBFAaiz82hPeTzMwcLQtW6VEBua4w1YCqAr1J4y'
  }
}
@tplooker
Copy link
Member

Hi @lemoustachiste can you provide an example of the reveal document you are using?

@lemoustachiste
Copy link
Author

sure,

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://w3id.org/blockcerts/v3",
    "https://w3id.org/security/bbs/v1"
  ],
  "type": [
    "VerifiableCredential",
    "BlockcertsCredential"
  ],
  "credentialSubject": {
    "@explicit": true,
    "name": {},
    "claim": {
      "@explicit": true,
      "name": {}
    }
  }
}

I've also noticed that credentialSubject keeps the original id in the derived document, is this expected?

@tplooker
Copy link
Member

I've also noticed that credentialSubject keeps the original id in the derived document, is this expected?

Yes any node in the graph (JSON-LD document) that already has an ID will be preserved as you derive sub-graphs, if the node does not have an ID then one is assigned.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lemoustachiste @tplooker