RSA Canonicalization

[fabrii]

Hi!

I recently ran into a canonicalization issue with the RsaSignature2018 suite. I am using this library through verifiable-credentials-java for the java backend. On the other side, we are using digitalcredentials/vc for the react native application.

The canonicalization of the proof is different in both libraries.

Javascript:

_:c14n0 <http://purl.org/dc/terms/created> "2023-06-03T20:00:01Z"^^<xsd:dateTime> .
_:c14n0 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://w3id.org/security#RsaSignature2018> .
_:c14n0 <sec:proofPurpose> <https://w3id.org/security#assertionMethod> .
_:c14n0 <sec:verificationMethod> <urn:oid:2.16.858.0.0.0.3.0#1> .

Java:

_:c14n0 <http://purl.org/dc/terms/created> "2023-06-03T20:00:01Z"^^<http://www.w3.org/2001/XMLSchema#dateTime> .
_:c14n0 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://w3id.org/security#RsaSignature2018> .
_:c14n0 <https://w3id.org/security#proofPurpose> <https://w3id.org/security#assertionMethod> .
_:c14n0 <https://w3id.org/security#verificationMethod> <urn:oid:2.16.858.0.0.0.3.0#1> .

I opened an issue https://github.com/digitalbazaar/jsonld.js/issues/524 and found out it is related to a problem with the spec.

I wanted to know what kind of workaround is being used in this Java library to bypass this bug (so I can also use it in JS), and if it is the expected thing to do. Which one is the solution that would guarantee more interoperability?

Thanks a lot!

[fabrii]

I found this workaround https://github.com/w3c/vc-data-model/issues/884#issuecomment-1172739828, but I dont know if is is possible to define a context like that with verifiable-credentials-java