Closed MallikarjunH09 closed 1 month ago
siacomuzzi
commented
1 month ago It's very hard to know what's wrong, but please note that yout getSessionTranscriptBytes must return a cbor encoded value:
const getSessionTranscriptBytes = (clId, respUri, nonce, mdocNonce) => cborEncode(
DataItem.fromData([
null, // deviceEngagementBytes
null, // eReaderKeyBytes
[mdocNonce, clId, respUri, nonce],
])
);
MallikarjunH09
commented
1 month ago Thanks for the response. Server side setup is done separately and then I am calling required APIs/Methods in react native app.
At the time of verifying mDL, I am passing session transcript in below format and it is working fine.
const getSessionTest = (clId: string, respUri: string, nonce: string, mdocNonce: string) =>
DataItem.fromData([
null, // DeviceEngagementBytes
null, // EReaderKeyBytes
[mdocNonce, clId, respUri, nonce],
])
const generateSessionTranscript = async () => {
encodedSessionTranscript = encode(getSessionTest(clientId,responseUri, verifierGeneratedNonce, mdocGeneratedNonce))
}I am using encode here encode(getSessionTest(clientId,responseUri, verifierGeneratedNonce, mdocGeneratedNonce) which will also return Buffer.
Can you please let us know that, is this correct way to do this?
siacomuzzi
commented
1 month ago yeah, that should works. Just make sure that both wallet and verifier are generating the same cbor encoded value for the session trasncript.
tminard
commented
1 month ago Im having a similar issue with generating the session transcript. The values between wallet and verifier are the same, but I cannot seem to generate the expected value. Using the Encoder from cbor-x and the DataItem from this library.
MallikarjunH09
commented
1 month ago yeah, that should works. Just make sure that both wallet and verifier are generating the same cbor encoded value for the session trasncript.
Thanks for the confirmation.
MallikarjunH09
commented
1 month ago Im having a similar issue with generating the session transcript. The values between wallet and verifier are the same, but I cannot seem to generate the expected value. Using the Encoder from cbor-x and the DataItem from this library.
I will share some sample code, which will help you.
MallikarjunH09
commented
1 month ago Im having a similar issue with generating the session transcript. The values between wallet and verifier are the same, but I cannot seem to generate the expected value. Using the Encoder from cbor-x and the DataItem from this library.
Refer below sample
let encodedSessionTranscript;
const clientId = '12345'
const responseUri = 'http://yourserverurl/api/' or 'http://localhost:3000/api/'
const verifierGeneratedNonce = 'abcdefg';
const mdocGeneratedNonce = '123456';const getSessionTest = (clId, respUri, nonce, mdocNonce) =>
DataItem.fromData([
null,
null,
[mdocNonce, clId, respUri, nonce],
]) const generateSessionTranscript = async () => {
encodedSessionTranscript = encode(getSessionTest(clientId,responseUri, verifierGeneratedNonce, mdocGeneratedNonce))
}Then you can use 'generateSessionTranscript' in your code. You can try with same for testing purpose and later you change the values based on your preferences.
tminard
commented
1 month ago Ah wonderful @MallikarjunH09 - that worked! I was also on a slightly outdated release.
Do you know if the encode function you reference can be used with cbor-x?
I was able to get it to work using the utilities in this library as such:
const getSessionTranscriptBytes = (clId, respUri, nonce, mdocNonce) =>
{
const encoded = DataItem.fromData([
null, // deviceEngagementBytes
null, // eReaderKeyBytes
[mdocNonce, clId, respUri, nonce],
]);
return DataItem.fromData(encoded).buffer;
};Ah wonderful @MallikarjunH09 - that worked! I was also on a slightly outdated release.
Do you know if the
encodefunction you reference can be used with cbor-x?I was able to get it to work using the utilities in this library as such:
const getSessionTranscriptBytes = (clId, respUri, nonce, mdocNonce) => { const encoded = DataItem.fromData([ null, // deviceEngagementBytes null, // eReaderKeyBytes [mdocNonce, clId, respUri, nonce], ]); return DataItem.fromData(encoded).buffer; };
Yes, I hope so.
I was having similar or you can say same doubt earlier , I asked similar doubt to 'siacomuzzi', then he replied for that. You can check my comments and the reply given by 'siacomuzzi'.
MallikarjunH09
commented
1 month ago Im having a similar issue with generating the session transcript. The values between wallet and verifier are the same, but I cannot seem to generate the expected value. Using the Encoder from cbor-x and the DataItem from this library.
The issued mDL credentials you are storing in holder side in wallet right, what kind of wallet you are using it? Can you share some details like any library/documentation for the same. Currently I am storing in secure keychain and later I have to move this in wallet storage.
tminard
commented
1 month ago Im having a similar issue with generating the session transcript. The values between wallet and verifier are the same, but I cannot seem to generate the expected value. Using the Encoder from cbor-x and the DataItem from this library.
The issued mDL credentials you are storing in holder side in wallet right, what kind of wallet you are using it? Can you share some details like any library/documentation for the same. Currently I am storing in secure keychain and later I have to move this in wallet storage.
This is more for a general e2e poc so no specific wallet. I wanted to make sure I understood the entire flow first. Currently using only this library and it works e2e.
siacomuzzi
commented
1 month ago Just FYI: if you are using this library from device/wallet side, this is how the session transcript is generated: https://github.com/auth0-lab/mdl/blob/a3d76474cfea525349c2480c122b57a1d406e485/src/mdoc/model/DeviceResponse.ts#L125-L131
So, to avoid unexpected behaviours, I'd recommend using the same logic to create the session transcript from verifier side.
In future versions, we are planning to include the session transcript generation as part of the Verifier logic, to avoid inconsistencies/issues between cbor libraries:
const verifier = new Verifier(trustedCerts);
const mdoc = await verifier
.usingEphemeralReaderKey(ephemeralReaderKey)
.usingSessionTranscriptForOID4VP(
mdocGeneratedNonce,
clientId,
responseUri,
verifierGeneratedNonce
)
.verify(encodedDeviceResponse);Just FYI: if you are using this library from device/wallet side, this is how the session transcript is generated:
So, to avoid unexpected behaviours, I'd recommend using the same logic to create the session transcript from verifier side.
In future versions, we are planning to include the session transcript generation as part of the
Verifierlogic, to avoid inconsistencies/issues between cbor libraries:const verifier = new Verifier(trustedCerts); const mdoc = await verifier .usingEphemeralReaderKey(ephemeralReaderKey) .usingSessionTranscriptForOID4VP( mdocGeneratedNonce, clientId, responseUri, verifierGeneratedNonce ) .verify(encodedDeviceResponse);
That would be helpful @siacomuzzi - or perhaps some guidance on expected cbor encoding parameters. It seems like some specific configuration is needed to encode correctly (e.g., extension).
When I am verifying mDL, I am getting error as 'Unable to verify deviceAuth signature (ECDSA/EdDSA): Device signature must be valid'.
Here is the code for verify mDL data,
I created common variable for clientId, responseUri, verifierGeneratedNonce, mdocGeneratedNonce and using while signing mDL once mDL is issued from issuer and using same data in verification.
And I created device's public key and private and using in required places.
Sharing some more details for your reference.
API/Method 1: Issuing mDL response.data.mdoc:
{"data": [185, 0, 3, 103, 118, 101, 114, 115, 105, 111, 110, 99, 49, 46, 48, 105, 100, 111, 99, 117, 109, 101, 110, 116, 115, 129, 162, 103, 100, 111, 99, 84, 121, 112, 101, 117, 111, 114, 103, 46, 105, 115, 111, 46, 49, 56, 48, 49, 51, 46, 53, 46, 49, 46, 109, 68, 76, 108, 105, 115, 115, 117, 101, 114, 83, 105, 103, 110, 101, 100, 185, 0, 2, 106, 110, 97, 109, 101, 83, 112, 97, 99, 101, 115, 161, 113, 111, 114, 103, 46, 105, 115, 111, 46, 49, 56, 48, 49, 51, 46, 53, 46, 49, 133, 216, 24, 88, 107, 164, 104, 100, 105, 103, 101, 115, 116, 73, 68, 0, 113, 101, 108, 101, 109, 101, 110, 116, 73, 100, 101, 110, 116, 105, 102, 105, 101, 114, 107, 102, 97, 109, 105, 108, 121, 95, 110, 97, 109, 101, 108, 101, 108, 101, 109, 101, 110, 116, 86, 97, 108, 117, 101, 107, 109, 97, 108, 108, 105, 107, 97, 114, 106, 117, 110, 102, 114, 97, 110, 100, 111, 109, 88, 32, 8, 234, 160, 200, 64, 37, 86, 63, 144, 165, 120, 134, 228, 24, 63, 119, 65, 218, 66, 186, 240, 246, 102, 205, 34, 22, 69, 116, 12, 0, 115, 103, 216, 24, 88, 100, 164, 104, 100, 105, 103, 101, 115, 116, 73, 68, 1, 113, 101, 108, 101, 109, 101, 110, 116, 73, 100, 101, 110, 116, 105, 102, 105, 101, 114, 106, 103, 105, 118, 101, 110, 95, 110, 97, 109, 101, 108, 101, 108, 101, 109, 101, 110, 116, 86, 97, 108, 117, 101, 101, 77, 97, 108, 108, 117, 102, 114, 97, 110, 100, 111, 109, 88, 32, 206, 75, 169, 251, 79, 126, 146, 76, 96, 67, 64, 80, 28, 100, 124, 240, 122, 84, 85, 194, 87, 30, 72, 21, 240, 119, 9, 105, 165, 64, 55, 156, 216, 24, 88, 105, 164, 104, 100, 105, 103, 101, 115, 116, 73, 68, 2, 113, 101, 108, 101, 109, 101, 110, 116, 73, 100, 101, 110, 116, 105, 102, 105, 101, 114, 106, 98, 105, 114, 116, 104, 95, 100, 97, 116, 101, 108, 101, 108, 101, 109, 101, 110, 116, 86, 97, 108, 117, 101, 106, 49, 57, 57, 48, 45, 48, 49, 45, 48, 49, 102, 114, 97, 110, 100, 111, 109, 88, 32, 93, 25, 63, 227, 39, 98, 86, 152, 68, 60, 131, 208, 67, 235, 4, 17, 185, 164, 138, 177, 99, 74, 174, 130, 90, 209, 254, 13, 26, 57, 128, 177, 216, 24, 88, 96, 164, 104, 100, 105, 103, 101, 115, 116, 73, 68, 3, 113, 101, 108, 101, 109, 101, 110, 116, 73, 100, 101, 110, 116, 105, 102, 105, 101, 114, 107, 97, 103, 101, 95, 111, 118, 101, 114, 95, 50, 49, 108, 101, 108, 101, 109, 101, 110, 116, 86, 97, 108, 117, 101, 245, 102, 114, 97, 110, 100, 111, 109, 88, 32, 188, 162, 87, 79, 255, 15, 216, 142, 18, 183, 46, 19, 75, 38, 194, 35, 107, 175, 101, 158, 218, 134, 5, 206, 63, 77, 201, 246, 213, 149, 66, 36, 216, 24, 88, 96, 164, 104, 100, 105, 103, 101, 115, 116, 73, 68, 4, 113, 101, 108, 101, 109, 101, 110, 116, 73, 100, 101, 110, 116, 105, 102, 105, 101, 114, 107, 97, 103, 101, 95, 111, 118, 101, 114, 95, 51, 52, 108, 101, 108, 101, 109, 101, 110, 116, 86, 97, 108, 117, 101, 245, 102, 114, 97, 110, 100, 111, 109, 88, 32, 235, 215, 97, 178, 169, 47, 16, 120, 11, 140, 181, 95, 48, 97, 190, 126, 139, 122, 250, 223, 244, 6, 192, 231, 226, 8, 4, 197, 255, 36, 47, 41, 106, 105, 115, 115, 117, 101, 114, 65, 117, 116, 104, 132, 67, 161, 1, 38, 162, 4, 88, 43, 53, 72, 112, 81, 122, 112, 104, 82, 78, 80, 66, 74, 102, 72, 90, 53, 110, 45, 73, 72, 45, 113, 45, 68, 117, 57, 74, 74, 82, 55, 115, 55, 115, 87, 113, 106, 57, 112, 118, 112, 106, 71, 48, 24, 33, 129, 89, 2, 209, 48, 130, 2, 205, 48, 130, 2, 115, 160, 3, 2, 1, 2, 2, 20, 81, 66, 8, 93, 43, 230, 171, 212, 222, 207, 104, 97, 167, 83, 212, 191, 99, 95, 67, 24, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 2, 48, 129, 194, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 19, 48, 17, 6, 3, 85, 4, 8, 12, 10, 67, 97, 108, 105, 102, 111, 114, 110, 105, 97, 49, 19, 48, 17, 6, 3, 85, 4, 7, 12, 10, 67, 97, 108, 105, 102, 111, 114, 110, 105, 97, 49, 42, 48, 40, 6, 3, 85, 4, 10, 12, 33, 77, 121, 67, 111, 109, 112, 97, 110, 121, 32, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 105, 111, 110, 32, 65, 117, 116, 104, 111, 114, 105, 116, 121, 49, 32, 48, 30, 6, 3, 85, 4, 11, 12, 23, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 105, 111, 110, 32, 65, 117, 116, 104, 111, 114, 105, 116, 121, 49, 26, 48, 24, 6, 3, 85, 4, 3, 12, 17, 77, 121, 67, 111, 109, 112, 97, 110, 121, 32, 82, 111, 111, 116, 32, 67, 65, 49, 31, 48, 29, 6, 9, 42, 134, 72, 134, 247, 13, 1, 9, 1, 22, 16, 99, 97, 64, 109, 121, 99, 111, 109, 112, 97, 110, 121, 46, 99, 111, 109, 48, 30, 23, 13, 50, 52, 49, 48, 48, 55, 49, 48, 48, 53, 52, 51, 90, 23, 13, 50, 53, 49, 48, 48, 55, 49, 48, 48, 53, 52, 51, 90, 48, 129, 197, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 19, 48, 17, 6, 3, 85, 4, 8, 12, 10, 67, 97, 108, 105, 102, 111, 114, 110, 105, 97, 49, 22, 48, 20, 6, 3, 85, 4, 7, 12, 13, 83, 97, 110, 32, 70, 114, 97, 110, 99, 105, 115, 99, 111, 49, 35, 48, 33, 6, 3, 85, 4, 10, 12, 26, 77, 121, 67, 111, 109, 112, 97, 110, 121, 32, 77, 111, 98, 105, 108, 101, 32, 73, 68, 32, 73, 115, 115, 117, 101, 114, 49, 29, 48, 27, 6, 3, 85, 4, 11, 12, 20, 77, 111, 98, 105, 108, 101, 32, 73, 68, 32, 68, 101, 112, 97, 114, 116, 109, 101, 110, 116, 49, 32, 48, 30, 6, 3, 85, 4, 3, 12, 23, 77, 121, 67, 111, 109, 112, 97, 110, 121, 32, 77, 111, 98, 105, 108, 101, 32, 73, 115, 115, 117, 101, 114, 49, 35, 48, 33, 6, 9, 42, 134, 72, 134, 247, 13, 1, 9, 1, 22, 20, 105, 115, 115, 117, 101, 114, 64, 109, 121, 99, 111, 109, 112, 97, 110, 121, 46, 99, 111, 109, 48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7, 3, 66, 0, 4, 249, 226, 242, 184, 212, 18, 128, 129, 72, 219, 180, 237, 53, 169, 104, 125, 176, 9, 90, 219, 187, 65, 44, 255, 201, 220, 251, 2, 11, 250, 245, 73, 184, 17, 1, 70, 190, 65, 41, 165, 114, 9, 58, 157, 130, 194, 40, 189, 18, 25, 179, 41, 16, 186, 213, 229, 185, 15, 163, 98, 110, 93, 87, 167, 163, 66, 48, 64, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 3, 201, 50, 23, 178, 241, 60, 133, 74, 160, 127, 26, 134, 108, 181, 23, 210, 190, 157, 161, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48, 22, 128, 20, 145, 89, 253, 5, 131, 7, 114, 9, 201, 22, 133, 35, 12, 246, 5, 169, 168, 253, 9, 122, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 2, 3, 72, 0, 48, 69, 2, 33, 0, 224, 242, 213, 143, 129, 232, 243, 200, 193, 131, 239, 53, 251, 25, 234, 99, 160, 250, 104, 21, 175, 62, 59, 6, 203, 109, 23, 163, 181, 137, 166, 207, 2, 32, 7, 35, 182, 171, 102, 62, 215, 25, 142, 77, 230, 110, 31, 0, 166, 119, 10, 79, 231, 113, 117, 88, 198, 141, 220, 103, 13, 34, 168, 2, 116, 212, 89, 2, 20, 216, 24, 89, 2, 15, 185, 0, 6, 103, 118, 101, 114, 115, 105, 111, 110, 99, 49, 46, 48, 111, 100, 105, 103, 101, 115, 116, 65, 108, 103, 111, 114, 105, 116, 104, 109, 103, 83, 72, 65, 45, 50, 53, 54, 108, 118, 97, 108, 117, 101, 68, 105, 103, 101, 115, 116, 115, 161, 113, 111, 114, 103, 46, 105, 115, 111, 46, 49, 56, 48, 49, 51, 46, 53, 46, 49, 165, 1, 88, 32, 209, 107, 12, 197, 96, 70, 54, 136, 4, 196, 171, 101, 5, 133, 174, 182, 72, 153, 192, 211, 235, 153, 155, 242, 238, 8, 114, 6, 69, 239, 12, 144, 0, 88, 32, 125, 104, 226, 218, 161, 207, 225, 136, 224, 83, 37, 27, 201, 208, 0, 94, 240, 236, 161, 203, 76, 115, 103, 240, 114, 216, 249, 157, 145, 224, 109, 192, 2, 88, 32, 250, 46, 77, 183, 149, 181, 130, 28, 133, 155, 149, 127, 190, 142, 213, 204, 125, 85, 189, 105, 80, 32, 174, 182, 198, 73, 205, 105, 236, 252, 48, 109, 3, 88, 32, 78, 206, 202, 9, 34, 5, 230, 199, 181, 73, 182, 164, 92, 68, 68, 37, 11, 31, 71, 133, 143, 61, 134, 67, 187, 136, 187, 17, 167, 248, 145, 102, 4, 88, 32, 171, 171, 23, 234, 107, 244, 156, 72, 100, 53, 99, 138, 60, 237, 240, 164, 97, 114, 127, 132, 124, 217, 247, 74, 143, 31, 205, 44, 79, 94, 216, 201, 109, 100, 101, 118, 105, 99, 101, 75, 101, 121, 73, 110, 102, 111, 185, 0, 1, 105, 100, 101, 118, 105, 99, 101, 75, 101, 121, 165, 1, 2, 2, 120, 43, 77, 56, 110, 114, 45, 75, 101, 89, 104, 121, 119, 48, 56, 56, 110, 82, 121, 88, 112, 48, 103, 85, 53, 81, 72, 73, 50, 54, 78, 70, 95, 67, 56, 115, 51, 65, 116, 72, 54, 73, 111, 74, 81, 32, 1, 33, 88, 32, 255, 61, 79, 250, 96, 217, 175, 123, 248, 170, 53, 67, 240, 116, 240, 83, 69, 6, 207, 135, 101, 65, 241, 114, 158, 151, 250, 140, 228, 152, 189, 3, 34, 88, 32, 224, 11, 31, 42, 71, 162, 156, 83, 40, 9, 164, 75, 196, 157, 245, 131, 241, 223, 135, 13, 97, 188, 181, 0, 201, 7, 167, 130, 174, 136, 42, 8, 103, 100, 111, 99, 84, 121, 112, 101, 117, 111, 114, 103, 46, 105, 115, 111, 46, 49, 56, 48, 49, 51, 46, 53, 46, 49, 46, 109, 68, 76, 108, 118, 97, 108, 105, 100, 105, 116, 121, 73, 110, 102, 111, 185, 0, 4, 102, 115, 105, 103, 110, 101, 100, 217, 3, 236, 106, 50, 48, 50, 52, 45, 49, 48, 45, 48, 57, 105, 118, 97, 108, 105, 100, 70, 114, 111, 109, 217, 3, 236, 106, 50, 48, 50, 52, 45, 49, 48, 45, 48, 57, 106, 118, 97, 108, 105, 100, 85, 110, 116, 105, 108, 217, 3, 236, 106, 50, 48, 50, 53, 45, 49, 48, 45, 48, 57, 110, 101, 120, 112, 101, 99, 116, 101, 100, 85, 112, 100, 97, 116, 101, 247, 88, 64, 236, 17, 48, 107, 238, 254, 193, 134, 126, 187, 6, 242, 128, 201, 111, 211, 123, 71, 131, 202, 210, 204, 38, 136, 85, 30, 196, 200, 14, 215, 150, 16, 245, 237, 36, 219, 57, 186, 28, 118, 188, 226, 168, 6, 92, 92, 176, 2, 131, 108, 239, 64, 108, 2, 220, 190, 21, 0, 138, 123, 195, 226, 143, 103, 102, 115, 116, 97, 116, 117, 115, 0], "type": "Buffer"}Then this response I am conveying into hex format and then I am sending in next API/Method
API/Method 2: sign-mdl or device-response - here I am signing data using device's private key and getting below response.
console.log("deviceResponseMDoc1: ", deviceResponseMDoc);
OR (in more details) console.log("deviceResponseMDoc2: ", deviceResponseMDoc.documents[0]);
received deviceResponseMDoc which is signed, I am encoding and sending to next API/Method 3 in hex format and then again converting that hex to buffer format to verify it (refer verify API/Method code at the beginning)
Can you please help me that, anything I missed or doing wrong thing? Please help me resolve this issue. Thanks in advance.