clehner
commented
2 years ago I think the Ed25519Signature2018 implementation here is in alignment with ld-proofs. This implementation can verify test vectors (i.e. VCs/VPs generated by other implementations) in VC API Test Suite, as tested in DIDKit.
I also find that note confusing. Maybe Ed25519Proof2018 refers to something else. It reads to me like the "last step" is an additional hashing step that is no longer there. Maybe it used to say to hash output again, and then was pointing out that that was not done since JWS algorithms RS256 and EdDSA already perform hashing. I don't think it is saying that the 64 byte concatenation of hashes should be constructed differently.
Can you share what VCs you are trying to verify, and/or what implementations generated them, in case we may be able to diagnose this verification?
vdods
I'm attempting but failing to verify some VCs that use Ed25519Signature2018, and found some confusing notes in the linked data proofs doc, step 5. It calls out Ed25519Proof2018 algorithm specifically: "The Ed25519Proof2018 algorithm also does not perform this last step", presumably referring to the construction of
concat(sha256(signing_opts_canonical), sha256(doc_canonical)). Thessiimplementation does do this sha256-using concatenation, and I'm just wondering if the discrepancy relative to the LDP doc is known.