search

hyperledger / aries-cloudagent-python

Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments.
https://wiki.hyperledger.org/display/aries
Apache License 2.0
404 stars 511 forks source link

JSON-LD Credentials in ACA-Py: Verify Presentation returns error #3189

Closed securedimensions closed 5 days ago

securedimensions commented 3 weeks ago

Conclusion

At the end, there is this strange error that I cannot resolve into something meaningful :(

"errors": [
        "Could not verify any proofs; no proofs matched the required suites (Ed25519Signature2018, Ed25519Signature2020, BbsBlsSignature2020, BbsBlsSignatureProof2020) and purpose (authentication)"

Reproduce

Fix (unsure that's wrong but it works): Change

"options": {
    "type": "Ed25519Signature2020"
  }

to

"options": {
    "proofType": "Ed25519Signature2020"
  }

Fix (unsure that's wrong but it works): Change

"options": {
    "type": "Ed25519Signature2020"
  }

to

"options": {
    "proofType": "Ed25519Signature2020"
  }

Complete response:

{
    "verified": false,
    "presentation_result": {
        "verified": false,
        "document": {
            "@context": [
                "https://www.w3.org/2018/credentials/v1"
            ],
            "type": [
                "VerifiablePresentation"
            ],
            "holder": "did:key:z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o",
            "verifiableCredential": [
                {
                    "@context": [
                        "https://www.w3.org/2018/credentials/v1",
                        "https://w3id.org/security/suites/ed25519-2020/v1"
                    ],
                    "id": "urn:uuid:bf528f84-84a1-4a83-92c7-626084ad5868",
                    "type": [
                        "VerifiableCredential"
                    ],
                    "issuer": "did:key:z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o",
                    "issuanceDate": "2010-01-01T19:23:24Z",
                    "credentialSubject": {
                        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21"
                    },
                    "proof": {
                        "type": "Ed25519Signature2020",
                        "proofPurpose": "assertionMethod",
                        "verificationMethod": "did:key:z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o#z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o",
                        "created": "2024-08-21T11:59:32+00:00",
                        "proofValue": "z5TFNLniWRvXmDfSFCJhktypn3qZosChWH8ikNdJbCJg4Ymma42sbZpS6tfxaUXCnCqEvJaiwYkQGPswF14iFcyG8"
                    }
                }
            ],
            "proof": {
                "type": "Ed25519Signature2018",
                "proofPurpose": "assertionMethod",
                "verificationMethod": "did:key:z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o#z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o",
                "created": "2024-08-21T12:00:48+00:00",
                "challenge": "42c13733-00bd-49d9-9b84-09d408c12d80",
                "jws": "eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..PkBxdv_wwTrSiw7oUk39BbrhAnGjft6FFttqWlffZQn1-D6W-xJjnE_9ro3-wYwHb8zCgPeEYZjsYJ3ZccbUDw"
            }
        },
        "errors": [
            "Could not verify any proofs; no proofs matched the required suites (Ed25519Signature2018, Ed25519Signature2020, BbsBlsSignature2020, BbsBlsSignatureProof2020) and purpose (authentication)"
        ]
    },
    "credential_results": [
        {
            "verified": true,
            "document": {
                "@context": [
                    "https://www.w3.org/2018/credentials/v1",
                    "https://w3id.org/security/suites/ed25519-2020/v1"
                ],
                "id": "urn:uuid:bf528f84-84a1-4a83-92c7-626084ad5868",
                "type": [
                    "VerifiableCredential"
                ],
                "issuer": "did:key:z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o",
                "issuanceDate": "2010-01-01T19:23:24Z",
                "credentialSubject": {
                    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21"
                },
                "proof": {
                    "type": "Ed25519Signature2020",
                    "proofPurpose": "assertionMethod",
                    "verificationMethod": "did:key:z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o#z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o",
                    "created": "2024-08-21T11:59:32+00:00",
                    "proofValue": "z5TFNLniWRvXmDfSFCJhktypn3qZosChWH8ikNdJbCJg4Ymma42sbZpS6tfxaUXCnCqEvJaiwYkQGPswF14iFcyG8"
                }
            },
            "results": [
                {
                    "verified": true,
                    "proof": {
                        "@context": [
                            "https://www.w3.org/2018/credentials/v1",
                            "https://w3id.org/security/suites/ed25519-2020/v1"
                        ],
                        "type": "Ed25519Signature2020",
                        "proofPurpose": "assertionMethod",
                        "verificationMethod": "did:key:z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o#z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o",
                        "created": "2024-08-21T11:59:32+00:00",
                        "proofValue": "z5TFNLniWRvXmDfSFCJhktypn3qZosChWH8ikNdJbCJg4Ymma42sbZpS6tfxaUXCnCqEvJaiwYkQGPswF14iFcyG8"
                    },
                    "purpose_result": {
                        "valid": true,
                        "controller": {
                            "@context": "https://w3id.org/security/v2",
                            "id": "did:key:z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o",
                            "assertionMethod": [
                                "did:key:z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o#z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o"
                            ],
                            "authentication": [
                                {
                                    "id": "did:key:z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o#z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o",
                                    "type": "Ed25519VerificationKey2018",
                                    "controller": "did:key:z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o",
                                    "publicKeyBase58": "J2rdhnApAsnPwFeHkGUYDKyGW5Z2RxxCBexWvAySN6LR"
                                }
                            ],
                            "capabilityDelegation": [
                                "did:key:z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o#z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o"
                            ],
                            "capabilityInvocation": [
                                "did:key:z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o#z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o"
                            ],
                            "keyAgreement": [
                                {
                                    "id": "did:key:z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o#z6LSp4SHPDtpbu1PzAX8vq6bhjJxVELWGjDFvysZYUCZz5xs",
                                    "type": "X25519KeyAgreementKey2019",
                                    "controller": "did:key:z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o",
                                    "publicKeyBase58": "DPG7rv5xWSHetn9NQBaeP96Ue5oPa837419t41Z3GiC7"
                                }
                            ],
                            "verificationMethod": "did:key:z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o#z6MkwV7gJ2RFWRGs3kUzRqSP4RXGKepsqrCYsfsSkSwTHK7o"
                        }
                    }
                }
            ]
        }
    ],
    "errors": [
        "Could not verify any proofs; no proofs matched the required suites (Ed25519Signature2018, Ed25519Signature2020, BbsBlsSignature2020, BbsBlsSignatureProof2020) and purpose (authentication)"
    ]
}

Any pointers what I do wrong or how to make the examples work is much appreciated.

Best Andreas

swcurran commented 3 weeks ago

@PatStLouis or @dbluhm — would either of you be able to weigh in on this one?

PatStLouis commented 6 days ago

The presentation verify endpoint expects an authentication proofPurpose with a challenge domain included in order to prevent replay attacks.

PatStLouis commented 6 days ago

@securedimensions try setting:

"options": {
    "proofType": "Ed25519Signature2020",
    "proofPurpose": "authentication"
  }

when creating the proof

securedimensions commented 5 days ago

Thank you! Adding the "proofPurpose": "authentication" fixed this issue.