search

eu-digital-identity-wallet / eudi-lib-jvm-sdjwt-kt

A library for issuing and verifying SD-JWT
Apache License 2.0
15 stars 4 forks source link

`SdJwtVerifier.hashingAlgorithmClaim(Claims)` expects optional '_sd_alg' claim to always be present #127

Closed dzarras closed 5 months ago

dzarras commented 9 months ago

Quoting the spec (section 5.1.1. Hash Function Claim):

The claim _sd_alg indicates the hash algorithm used by the Issuer to generate the digests as described in Section 5.2. When used, this claim MUST appear at the top level of the SD-JWT payload. It MUST NOT be used in any object nested within the payload. If the _sd_alg claim is not present at the top level, a default value of sha-256 MUST be used.

Currently SdJwtVerifier.hashingAlgorithmClaim(Claims) fails and does not default to sha-256 as specified in the spec.

dzarras commented 9 months ago

cc: @babisRoutis

babisRoutis commented 8 months ago

@dzarras I think that this has been fixed. If so please move it to the Done column please

dzarras commented 8 months ago

@babisRoutis I haven't made any changes related to this yet. Marking this as TODO.