Open nickreynolds opened 1 year ago
FabioPinheiro
commented
1 year ago Next week I will be off. But after that, I can contribute to the test vector example (with encrypted examples most almost all the messages in https://didcomm.org/search/)
nickreynolds
commented
1 year ago Sender Authenticated Trust Ping Message using alice/bob test vectors from the spec encrypted with Veramo's DIDComm implementation.
{
message: '{"protected":"eyJ0eXAiOiJhcHBsaWNhdGlvbi9kaWRjb21tLWVuY3J5cHRlZCtqc29uIiwic2tpZCI6ImRpZDpleGFtcGxlOmFsaWNlI2tleS14MjU1MTktMSIsImVuYyI6IlhDMjBQIn0","iv":"VfXAqOwRdCqkCOXtCZmM7xRY6b2cTT5K","ciphertext":"_urtE_Pqw8rGEVkR4iKZiR9qs7U7CCiY5T5sujlSwJnI9V6l4MqXAkfQ_EmSS0bKqrpvB1kXT0vgQQUEfwUeqkXBGiNqd-lBopM1zbaUFIr8x7AobjiVlhDkoA0KVQqICuTUhmt3po5h3wTfNZtB1wiQPF3cYeXg9y6sUVAQ7DyAJdItFcYKiboB3b15nIIP1ld6Bb9r50KD3Gm_DQ","tag":"oq6URRWgtmXePhwQXLeZow","recipients":[{"encrypted_key":"iI92IB_c6z-z9OKbK6GMS54uPJrGefJ9BY5papAvc00","header":{"alg":"ECDH-1PU+XC20PKW","iv":"04K4bQO4q0-x3oiSwvx1vjfIo7DEggyl","tag":"q5DzsirJ4Qrnqr0zosx-sg","epk":{"kty":"OKP","crv":"X25519","x":"KqNpwX_5bvCFMpMwB-ww1z8mJB7jq8Sy1jSbQPHqHxA"},"kid":"did:example:bob#key-x25519-1"}},{"encrypted_key":"Z8mGUR1Q-UIOts1LxIhZNIzbcyp5vj_8ZTWuJ6CxWJE","header":{"alg":"ECDH-1PU+XC20PKW","iv":"g1LwvctMeKDtEcJKQGepuevJnho9WdnX","tag":"up_m3F6B-8RAWvlNEhD4Cg","epk":{"kty":"OKP","crv":"X25519","x":"11cPGXIykWfZBVyCIcn7CisnxXgIS988MtHYD9d3HlM"},"kid":"did:example:bob#key-x25519-2"}},{"encrypted_key":"CsnDZ8TEfeIa5Tu7XqYdxx3r5SnzQDssvhTcmkvzA8g","header":{"alg":"ECDH-1PU+XC20PKW","iv":"-2i2CV7T5ylzk7TLK81lKO1xlvRefIMW","tag":"RtaehpY4C6HxXSuy-PSd6w","epk":{"kty":"OKP","crv":"X25519","x":"nH9Pdu9RCm8znYmhCtGp9hPR_VuS6kcf5zJndTYBVzI"},"kid":"did:example:bob#key-x25519-3"}}]}'
}Link to code that encrypts this message: https://github.com/uport-project/veramo/blob/next/packages/did-comm/src/__tests__/trust-ping-interop.test.ts
FabioPinheiro
commented
1 year ago One question @nickreynolds, doesn't the message needs to always to have the epk field in the protected header?
From the specs I see: JWE messages MUST use common epk, apu, apv and alg headers for all recipient keys. They MUST be set in the protected JWE section.
FabioPinheiro
commented
1 year ago I was also thinking in organize the examples into folders and files. More or less like this https://github.com/FabioPinheiro/scala-did/pull/109
nickreynolds
commented
1 year ago @FabioPinheiro we're (mostly @mirceanis , probably) looking into this sometime this week. Haven't gotten too deep into it yet, but we might be using a non-standard content encryption alg. We'll do a little investigating and hopefully get it sorted out soon.
I also agree that we should eventually get a better structure for these messages. I'd like to be able to render a table that shows which implementations support which curves/algs/KW combinations
AlexAndrei98
commented
1 year ago Using the python scipa library implementation and the secrets from Alice and Bob from https://identity.foundation/didcomm-messaging/spec/#appendix-a-secrets-for-test-vectors it generated the below
{'protected':'eyJ0eXAiOiJhcHBsaWNhdGlvbi9kaWRjb21tLWVuY3J5cHRlZCtqc29uIiwiYWxnIjoiRUNESC0xUFUrQTI1NktXIiwiZW5jIjoiQTI1NkNCQy1IUzUxMiIsImFwdSI6IlpHbGtPbVY0WVcxd2JHVTZZV3hwWTJVamEyVjVMWGd5TlRVeE9TMHgiLCJhcHYiOiJRQkhMSUxyTklCR1E3TnJtb1NnQk40VXZUdUJXN0kzQUJBOV9NT1NDbnl3Iiwic2tpZCI6ImRpZDpleGFtcGxlOmFsaWNlI2tleS14MjU1MTktMSIsImVwayI6eyJjcnYiOiJYMjU1MTkiLCJ4IjoidHVrN2FPVGNCNVo0R0RVMEh2NnU4Ujc1SVB4VGJSUkhYeGhzRWlPOEpYQSIsImt0eSI6Ik9LUCJ9fQ', 'recipients': [{'header': {'kid': 'did:example:bob#key-x25519-1'}, 'encrypted_key': 'mZTVUX_Zir3g8D4ZRvkGapOsS9eJjTv9VYahMYEgfozTcsF8pJ5DjzN-odUOzYydG520r-8qaIFyCAdz7dWM9hOyzawEB7mN'}], 'iv': 'uaVKf-Vc96aO4CCNG5Saew', 'ciphertext': 'BO1umotiHfg1Pi6FiU9wT4D8AOVQDHYktNtPGPhEC3hftHZdQMj5EwWYzf63JHz0RWXpp2i-hSCDI9u7Z1vuKWBKKTi0JVfwQBPOrVJPi-3cYlx-KhDrlbPmHGYzSgrfdXtPLYbrYf6cvjrAF5sDPdeEujyj4luf_U5xh43tBc_jMdt4hnlTt1fAn8hoyTIo1c2vxp7avL_5E6mAD4F6OxmYJtEBGus6HMEboZliqNqFidON_VAVmpSudzM0O7Uivqks17DwrqJKJvqweonJjbMgbruFjqeRNWkz_yYBBLW8gP9QrY8LUapLxPemvUf4KP5DPNAS-KNBGteR8zNr9WMEJ0kuWp9LRXacw7B8Ijw', 'tag': 'zebEPstcir4jebXQLNQJHkJqZpB-mmKqYZbX5z11BcM'}
mirceanis
commented
1 year ago Using the python scipa library implementation and the secrets from Alice and Bob from https://identity.foundation/didcomm-messaging/spec/#appendix-a-secrets-for-test-vectors it generated the below
Wonderful! I'll add it to our test suite
FabioPinheiro
commented
1 year ago @AlexAndrei98 I think to be a valid JSON you can not use a single quote. The field 'custom_headers' is not part of the specs. The field 'typ' is also not part of the specs.
{
"id":"39bbef40-d757-4b29-8a62-3f735a027432",
"type":"https://didcomm.org/trust-ping/2.0/ping",
"body":{"response_requested":true},
"to":["did:example:bob"],
"custom_headers":[{"return_route":"all"}],
"from":"did:example:alice",
"typ":"application/didcomm-plain+json"
}So libs MUST will only take into consideration the following fields:
{
"id" : "39bbef40-d757-4b29-8a62-3f735a027432",
"type" : "https://didcomm.org/trust-ping/2.0/ping",
"to" : ["did:example:bob"],
"from" : "did:example:alice",
"body" : {"response_requested" : true}
}
Using the Alice / Bob Identities and secrets (private keys) that already exist in the spec, encrypt the following DIDComm message:
Each implementation should create the encrypted message, and post it as a comment on this issue, so that other implementations can try to consume the other implementations' messages and ensure expected behavior.
For simplicity, we can restrict the key type to X25519, and use the
Sender Authenticatedencryption type ("authcrypt"). Implementers should use the exact DID Documents from the spec when resolving Alice / Bob.Once we have this first shared set of test vectors, we can expand it with more combinations of key types, encryption/signing, key representation in DID Doc, etc.