search

w3c-ccg / vc-barcodes

Securing optical barcodes using Verifiable Credentials.
https://w3c-ccg.github.io/vc-barcodes/
5 stars 2 forks source link

Minor issues with test vectors and examples #12

Open Exulansis opened 2 months ago

Exulansis commented 2 months ago

While implementing the specification I came across a few minor issues with the provided test vectors. I just want to check if the issues are related to the test vectors or if I should revisit my implementation.

Issue 1 - The checksums in the example MRZ might be incorrect. It may very well be that I am missing something though. It seems like the correct values would be:

IAUT...8804190M2601054NOT<...<7SMITH<<JOHN<

Issue 2 - The data encoded in the PDF417 barcode might be missing a space in the first line. The encoded line is ANSI00000009.... According to this document, section D.12.3 Header:

File Type: This is the designator that identifies the file as an AAMVA compliant format. The designator is defined as the 5 byte upper character string “ANSI “, with a blank space after the fourth character.

Issue 3 - The DI proofs associated with the example credentials do not include the created field, which is marked as required by the Data Integrity specification. I assume this is by design, given the VC size restrictions, but want to double check. Parsing proofs without this field requires a bit of extra logic given a generic, spec compliant, VC implementation.

Thank you!

dlongley commented 2 months ago

@Exulansis,

As for issue 3, the version of the DI spec you linked to is an old community report, prior to the work's acceptance into the VCWG. The current spec is here: https://w3c.github.io/vc-data-integrity/ (or a date-stamped version from yesterday if you prefer).

A direct link to the created property shows it is optional.

wes-smith commented 2 months ago

@Exulansis Thanks for the feedback! Can you elaborate a bit more on point 1? How did you arrive at IAUT...8804190M2601054NOT<...<7SMITH<<JOHN<?

Since the MRZ is IAUTO0000007010SRC0000000701<< 8804192M2601058NOT<<<<<<<<<<<5 SMITH<<JOHN<<<<<<<<<<<<<<<<<<<

the canonicalized form will just be those lines with newline characters at the end concatenated.

For point 2, that is a good catch - indeed to be a fully compliant AAMVA PDF417 there would need to be a space. It won't impact the usefulness of the test vectors or the canonicalization, but we will change that in an iteration.

Exulansis commented 2 months ago

@dlongley my bad, I must have had a stale link bookmarked, should have double-checked. Thanks!

@wes-smith sorry for the confusion, I abbreviated the MRZ to only include the areas I changed (in bold). What I meant to say is that I had to update the checksum digits (3 entries on the second line). My final MRZ looks like this (without the [ ] characters of course):

IAUTO0000007010SRC0000000701<< 880419[0]M260105[4]NOT<<<<<<<<<<<[7] SMITH<<JOHN<<<<<<<<<<<<<<<<<<<

So I changed 2 -> 0 8 -> 4 5 -> 7.