search

transmute-industries / verifiable-data

Open Source Decentralized Identifiers and Verifiable Credentials Infrastructure and Tooling
https://transmute-industries.github.io/verifiable-data/smoke-test-react/
Apache License 2.0
51 stars 21 forks source link

Verifiable presentations created with ed25519 signatures fails #222

Closed vongohren closed 1 year ago

vongohren commented 1 year ago

https://github.com/transmute-industries/verifiable-data/blob/7931cc6a5082223254215eced08e61afe2d1ada9/packages/ed25519-signature-2018/src/Ed25519Signature2018.ts#L182

This line expects that all verifiable presentations have verifiableCredentials in them. And when they dont it takes the document itself, which is a VP, and expects it to have an issuanceDate, which is not a must for VPs.

So I believe this signature library is being too invasive with the checks of what is allowed.

Experienced error:

image

How to replicate

Create a simple VP with no verifiableCredentials. And run the vc.js create presentation function on that data.

Then it shall fail at the point im referencing in this issue.

OR13 commented 1 year ago

I agree, the suite should not care about the shape of a credential... the suite is meant to sign things that are not credentials.

acarnagey commented 1 year ago

Going to look further into this now, thanks for letting us know.

acarnagey commented 1 year ago

https://github.com/transmute-industries/verifiable-data/pull/223 we took out the date validation in the signature suite since it was not needed as part of that package, PR is getting reviewed

vongohren commented 1 year ago

Look forward to it coming into main and upgraded on npm :D

OR13 commented 1 year ago

I'm gonna close this as stale.... but also suggest you start prepping for v2 and I highly recommend NOT using data integrity proofs.