search

L3-iGrant / PyDIVOC

Python library for decoding and verifying the [COWIN Covid19 Credentials for India](https://www.cowin.gov.in/) from [DIVOC](https://divoc.egov.org.in/)
Apache License 2.0
1 stars 0 forks source link

Verify JSON-LD signatures embedded in Covid19 Certificate #2

Open sikaili99 opened 2 years ago

sikaili99 commented 2 years ago

Hi @georgepadayatti,

Have you tried a work round on verify JSON-LD signatures embedded in Covid19 Certificate todo task as mention in the readme? I came across this repo here that is close to https://www.npmjs.com/package/jsonld-signatures used by COWIN but I was unable to verify a COWIN certificate with this library.

I also found this function could be useful aries-cloudagent-python

I would appreciate any guidance to achieve this, thank you.

georgepadayatti commented 2 years ago

@Mathewsmusukuma Unfortunately documentation has only vaguely mentioned the below,

Json-ld signature will be verified against the public key that is issued by the issuing authority. (Step 6 - https://divoc.digit.org/platform/divocs-verifiable-certificate-features/verifying-a-divoc-certificate#offline-verification)

I did try to verify the signature using "Verify hash algorithm - Data Integrity 1.0 (W3C)", but during canonicalization, came to realise that the context (https://cowin.gov.in/credentials/vaccination/v1) provided in the VC is not valid.

I will keep this issue open, if you do find a solution, please feel free to raise a PR.

sikaili99 commented 2 years ago

@georgepadayatti alright, I hope I find a solution to this. Thank you.