search

blockchain-certificates / cert-verifier-js

Javascript library for verifying Blockcerts Certificates
https://www.blockcerts.org
MIT License
110 stars 87 forks source link

cert-issuer-js ? #340

Open Sledro opened 4 years ago

Sledro commented 4 years ago

Hey guys,

Is there a way to issue/sign certs in nodejs?

I've started working on a MerkleProof2017 npm module to sign certs.

https://w3c-dvcg.github.io/lds-merkleproof2017/

Have some issues and I am hoping somebody can help.

I am using the blockcerts sample 2.1 schema to test that I am getting the correct targetHash

2.1 Schema Blockcerts signed sample

  1. The first step was to remove the signature.
  2. Next, we canonized the data as per the spec {algorithm: 'URDNA2015', format: 'application/n-quads'}: canonizeData
  3. Finally we sha256 the canonized data however we are not getting the same targetHash

We got: df7c2bbd51a0865a990bbe33c0c760436294f41c8c2489869cc1c026b09b4e45 Sample cert: 4298534bd9ac0eeb59ccf767b2da67e4203abc66b9b7b4df398cdce50c4460b2

Clearly we are not hashing the correct data. Would be grateful if anyone could shed some light.

The module will be open source

Thanks

ghost commented 4 years ago

Is there a way to issue/sign certs in nodejs?

Yeah, you should definitely be able to. After you produce the correct hash, it's really just signing a blockchain transaction, broadcasting it, and then writing the MerkleProof2017 info back into the cert.

Clearly we are not hashing the correct data. Would be grateful if anyone could shed some light.

@raiseandfall might be able to help with that part. Cert-verifier-js needs to hash the certificate too and produce the correct hash in the certificate that matches the MerkleProof2017, maybe he can point you to the correct part of the code that does the hash comparison check. Otherwise I can dig into the python issuing code to see exactly how the hashing is occurring.

Sledro commented 4 years ago

Is there a way to issue/sign certs in nodejs?

Yeah, you should definitely be able to. After you produce the correct hash, it's really just signing a blockchain transaction, broadcasting it, and then writing the MerkleProof2017 info back into the cert.

Clearly we are not hashing the correct data. Would be grateful if anyone could shed some light.

@raiseandfall might be able to help with that part. Cert-verifier-js needs to hash the certificate too and produce the correct hash in the certificate that matches the MerkleProof2017, maybe he can point you to the correct part of the code that does the hash comparison check. Otherwise I can dig into the python issuing code to see exactly how the hashing is occurring.

Thanks for the reply.

I have spent a few hours looking at:

https://raw.githubusercontent.com/blockchain-certificates/cert-verifier-js/master/src/inspectors/computeLocalHash.js

and also:

https://community.blockcerts.org/t/json-ld-canonicalization-and-unmapped-keys-in-v2-verification/103

Thinking maybe the issue is something to do with the unmapped fields. I need to figure out what these are. If anyone could show me a sample of the 2.1 sample cert before it is hashed that would be really helpful.

ghost commented 4 years ago

So I just noticed you were using V2.1 - I don't think that was fully implemented. I believe we had started that schema for some Open Badges compatibility things but didn't fully go through with it for one reason or another.

I threw that sample one in blockcerts.org and it doesn't verify in the first place.

If you could test with v2.0, I think you'd get more consistent results, sorry for the confusion there.

Here's some unsigned ones if you're looking for them: https://github.com/blockchain-certificates/cert-issuer/tree/master/examples/data-testnet/unsigned_certificates

I don't have my developer set up right now or I'd give you signed versions of them. You could also find signed versions in the test directory of this repo too: https://github.com/blockchain-certificates/cert-verifier-js/tree/e0cd5447bffa52f591cd13d6779e4cd8cb725df0/test/fixtures

Let me know if you need any assistance and what you figure out.

Sledro commented 4 years ago

@AnthonyRonning Thank you for the new information. I tested my code with a 2.0 cert and the targetHash matches successfully. :)

I'm working on the Merkle tree itself now. Just need to figure out which of the normalized data goes into the Merkle tree. So far I have tried all the data but getting a different merkleRoot hash.

Sledro commented 3 years ago

if anyone is looking at this I finished the npm module:

https://www.npmjs.com/package/merkleproof2017