Verify Credential before Storing in Wallet ACA-PY 0.6.0

[futureman2007]

As of https://github.com/hyperledger/aries-cloudagent-python/blob/1c7bc86b91cd10d472ad15cb52c09b9424e8175c/aries_cloudagent/protocols/issue_credential/v2_0/formats/ld_proof/handler.py#L470 in the current main branch, it seems that a credential is first verified (meaning, it is checked if the raw data, matches the data inside the signature, to control if the date was altered during issue credential from issuer to holder) before stored in the wallet.

I currently use aca-py 0.6.0 release and after researching in the source Code, i could not find this behavior, which should definitely be added in the current release.

Have I overseen something or is this missing? I am currently trying to build an authentication and authorisation system on-top of aries and indy. If this is missing in the current release, i need to implement a workaround.

[swcurran]

@TimoGlastra -- can you please take a look at this and perhaps provide an assessment? Note that @sklump changed jobs and is no longer on the ACA-Py team 😢

@andrewwhitehead -- heads up on this.

[TimoGlastra]

@futureman2007 Are you talking about Indy or Linked Data VCs? The 0.6.0 release doesn't support LD credentials yet, however the link you sent points to the linked data proof handler (which is not available yet in the latest release)

[futureman2007]

I am talking about indy VCs. I need the holder of the credential to check, using the credential signature, if the raw date matches the signed data of the vc. As far as i have seen, this will be checked, when the holder presents the credential to a verifier. But what i am seeking is something like: "Hey, i got a new credential. Was it altered during the transportation?" which i think should be done on default before a credential is stored. This way, the holder can be sure that the he/she received what he/she was expecting to receive (Who knows, if something was altered due to an attack while the credential was transported from the issuer to the holder)

[futureman2007]

What about this piece of code @ https://github.com/hyperledger/aries-cloudagent-python/blob/1c7bc86b91cd10d472ad15cb52c09b9424e8175c/aries_cloudagent/wallet/indy.py#L697 ? I also was digging deeper and i found out, that for a credential request, the holder asks the ledger for the credential_definition data (id, public-key,etc)

As i dig deeper, more and more i have the feeling, that everything is ready to check the signature vs the raw data against a credential when the holder receives one. But, i cant find if or where this actually happens.

[TimoGlastra]

I always thought that the prover_store_credential method from indy verifies the signature. But looking at the credx implementation in the shared components branch I'm not so sure.

@andrewwhitehead does indy verify the signature before storing a credential?

[domwoe]

It seems it does... The store_credential function https://github.com/hyperledger/indy-sdk/blob/794ad8a599f57e0f8e085e116251b96edbae0e40/libindy/src/commands/anoncreds/prover.rs#L382

calls the process_credential function here, which calls the CryptoProver::process_credential_signature function. https://github.com/hyperledger/indy-sdk/blob/794ad8a599f57e0f8e085e116251b96edbae0e40/libindy/src/services/anoncreds/prover.rs#L78

[andrewwhitehead]

Yes, that's right. Before it stores the credential it must be processed to unblind the signature, using the factor from the commitment to the linked secret. At the same time, it verifies the signature and the non-revocation proof (if any). It's basically the same in indy-credx: https://github.com/hyperledger/indy-shared-rs/blob/dea3d951860ced704811b490be978ca70ca5b711/indy-credx/src/services/prover.rs#L86

[futureman2007]

Thank you for the link! I will have a closer look next week what the ursa piece does exactly to be 1000% Sure. I will Post my findings here.

Is something in Plan or existing that a credential Holder can Check, if his/her credentials in the wallet where manipulated? As far as i have learned, to do this one has to ask someone else to verify the credential. The Code and infrastructure, given a working indy ledger, would allow a Holder to check it by Itself. Just the api to do this is missing (perhaps an possible Addition to the wallet api?) When thinking of IoT devices ss of Authentication and Authorization Systems based on VCs, such self-check functionality against what is written on the ledger vs what is written in my vc would ensure that a device can check: "Hey, my info who my owner is was altered without permission! I got attacked!". This check should be done without the need to bother someone for this check or reveal Information to someone just to verify the vc is not altered. What do you think?

[futureman2007]

Ok sry. The Moment I posted, the Answer About the 1000% info: "yes, indy verifies VCs before storage" was provided

[futureman2007]

Closing the issue. But still open Question: "Is something in Plan or existing that a credential Holder can Check, if his/her credentials in the wallet where manipulated?"