search

hyperledger / indy-vdr

A library and proxy server for interacting with Hyperledger Indy Node ledger instances
Apache License 2.0
55 stars 71 forks source link

Issue with using a key from a seed #306

Closed scottexton closed 4 months ago

scottexton commented 4 months ago

I'm not sure if this is the correct place to get some assistance, but I am currently looking to convert from the indy-sdk to the indy-vdr/aries-askar. I have an indy-ledger already set up, and I am trying to create a key from a secret which can then be used when creating a new Nym. My code is as follows:

async function setNym(newverkey: string) {
    const request = new vdr.NymRequest({
      dest: did,
      submitterDid: endorserDid,
      verkey: newverkey,
    })

    request.setEndorser( { endorser: endorserDid });

    const key = askar.Key.fromSeed({
        algorithm: askar.KeyAlgs.Ed25519,
        seed: Buffer.from("0000000000000000000ISVAGENCYROOT"),
        method: askar.KeyMethod.None,
    });

    request.setMultiSignature({
      identifier: endorserDid,
      signature: key.signMessage(
        { 
            message: Buffer.from(request.signatureInput),
            sigType: askar.SigAlgs.EdDSA,

        }),
    })
    await pool.submitRequest(request);
}

I know that the seed and endorserDid is correct as I can use this successfully with my indy-sdk program. However, the above code appears to generate a different key from the seed and I get the following error when submitting the request:

IndyVdrError: Request failed: client request invalid: insufficient number of valid signatures, 1 is required but 0 valid and 1 invalid have been provided. The following signatures are invalid: did=Tk3GdtAN85T75hWvpj8kZn, signature=NjtgmQG3G9bXK9tyrDmMQs88qeuxtSJEEJhq3h3xKsqS1fcZ3S5KPZ3FK9CPyEKjjXN2d3S9oAx7zHU5BQSgSJY
    at NodeJSIndyVdr.handleError (/home/agency/node_modules/@hyperledger/indy-vdr-nodejs/src/NodeJSIndyVdr.ts:116:11)
    at cb (/home/agency/node_modules/@hyperledger/indy-vdr-nodejs/src/NodeJSIndyVdr.ts:87:16)
    at Object.<anonymous> (/home/agency/node_modules/@2060.io/ffi-napi/lib/callback.js:66:27) {
  code: 31,
  extra: '{"reason":"client request invalid: insufficient number of valid signatures, 1 is required but 0 valid and 1 invalid have been provided. The following signatures are invalid: did=Tk3GdtAN85T75hWvpj8kZn, signature=NjtgmQG3G9bXK9tyrDmMQs88qeuxtSJEEJhq3h3xKsqS1fcZ3S5KPZ3FK9CPyEKjjXN2d3S9oAx7zHU5BQSgSJY","identifier":"Tk3GdtAN85T75hWvpj8kZn","reqId":1719816176973269914,"op":"REQNACK"}'
}

Any ideas as to what I could be doing wrong?

TimoGlastra commented 4 months ago

The seed with indy sdk was actually the private key. I think askar has a fromPrivateKey/fromSecretKey method and that should work with the seed

scottexton commented 4 months ago

Unfortunately the 'fromSecretKey' method does not work when using the secret. If I change the above-mentioned code to use the following:

    const key = askar.Key.fromSecretBytes({
        algorithm: askar.KeyAlgs.Ed25519,
        secretKey: Buffer.from("0000000000000000000ISVAGENCYROOT"),
    });

I get the following error:

AriesAskarError: Invalid key data
    at NodeJSAriesAskar.getAriesAskarError (/home/agency/node_modules/@hyperledger/aries-askar-nodejs/src/NodeJSAriesAskar.ts:219:12)
    at NodeJSAriesAskar.handleError (/home/agency/node_modules/@hyperledger/aries-askar-nodejs/src/NodeJSAriesAskar.ts:225:16)
    at NodeJSAriesAskar.keyFromSecretBytes (/home/agency/node_modules/@hyperledger/aries-askar-nodejs/src/NodeJSAriesAskar.ts:601:10)
    at Function.fromSecretBytes (/home/agency/node_modules/@hyperledger/aries-askar-shared/src/crypto/Key.ts:35:31)
    at /home/agency/indy-vdr/main.ts:73:27
    at Generator.next (<anonymous>)
    at fulfilled (/home/agency/indy-vdr/main.ts:28:58) {
  code: 5
}
TimoGlastra commented 4 months ago

I think it may have to do with a bug fixed in main, but not yet released. Could you wrap the Buffer.from in a new Uint8Array?

So:

    const key = askar.Key.fromSecretBytes({
        algorithm: askar.KeyAlgs.Ed25519,
        secretKey: new Uint8Array(Buffer.from("0000000000000000000ISVAGENCYROOT")),
    });
scottexton commented 4 months ago

Unfortunately I get the same error when I wrap the buffer in a new Uint8Array. Any other ideas? Thanks.

scottexton commented 4 months ago

@TimoGlastra I've managed to resolve the problem based on your latest advice. I had to wrap the Buffer.from in a new Uint8Array, along with the call to signMessage. The working code is:

    const newverkey = await createKey();

    const request = new vdr.NymRequest({
      dest: newverkey.did,
      submitterDid: endorserDid,
      verkey: newverkey.verkey,
    })

    const key = askar.Key.fromSecretBytes({
        secretKey: new Uint8Array(Buffer.from('00000000000000000000MYAGENCYROOT')),
        algorithm: askar.KeyAlgs.Ed25519,
    });

    request.setSignature({
        signature: key.signMessage({ 
            message: new Uint8Array(Buffer.from(request.signatureInput)),
        }),
    })

    await pool.submitRequest(request);