Presentation signer is did:key but VC subject ID is did:jwk: how to validate PoP? #166
Comments
4 tasks
|
Thanks for reporting. This is indeed a bug in latest version. Should be fixed in a new release which will have preliminary support for oid4vp v18 as well |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
While testing OpenID4VP with the Sphereon wallet, I noticed that the signer of the JWT (vp_token) is a
did:keyDID (from the mobile wallet), while the holder (credentialSubject.id) of the contained VC is adid:jwk. How would one ever validate that the signer possesses the private key of the credential subject, if signer != credential subject? Or am I missing something here?In the example below, the signer of the VP is
did:key:z6MksEyx6d5pB1ekoaVmaGsibbcYHE9Vxx7V13PSqPwxYRzL(ed25519 key) and the subject of the VC isdid:jwk:eyJhbGciOiJFUzI1NksiLCJ1c2UiOiJzaWciLCJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiJjMVdYczdXM215c2VVZk5CcXN4ZFBXQklHaEtkNFR6MExSLUZqOEZNWWEwIiwieSI6Ildta0NYdTF3eXpaZ0dON1V4TmFwcHFuT1FhT2tXMkNnT1NuT295TUlUdWMifQ(secp256k1 key).JWT:
Decoded JWT headers:
{ "kid": "did:key:z6MksEyx6d5pB1ekoaVmaGsibbcYHE9Vxx7V13PSqPwxYRzL#z6MksEyx6d5pB1ekoaVmaGsibbcYHE9Vxx7V13PSqPwxYRzL", "alg": "EdDSA", "typ": "JWT" }Decoded VC:
{ "exp": 1696301708, "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1" ], "type": [ "VerifiableCredential", "GuestCredential" ], "credentialSubject": { "firstName": "Hello", "lastName": "Sphereon", "email": "sphereon@example.com", "type": "Sphereon Guest", "id": "did:jwk:eyJhbGciOiJFUzI1NksiLCJ1c2UiOiJzaWciLCJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiJjMVdYczdXM215c2VVZk5CcXN4ZFBXQklHaEtkNFR6MExSLUZqOEZNWWEwIiwieSI6Ildta0NYdTF3eXpaZ0dON1V4TmFwcHFuT1FhT2tXMkNnT1NuT295TUlUdWMifQ" } }, "@context": [ "https://www.w3.org/2018/credentials/v1" ], "type": [ "VerifiableCredential", "GuestCredential" ], "expirationDate": "2023-10-03T02:55:08.133Z", "credentialSubject": { "firstName": "Hello", "lastName": "Sphereon", "email": "sphereon@example.com", "type": "Sphereon Guest", "id": "did:jwk:eyJhbGciOiJFUzI1NksiLCJ1c2UiOiJzaWciLCJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiJjMVdYczdXM215c2VVZk5CcXN4ZFBXQklHaEtkNFR6MExSLUZqOEZNWWEwIiwieSI6Ildta0NYdTF3eXpaZ0dON1V4TmFwcHFuT1FhT2tXMkNnT1NuT295TUlUdWMifQ" }, "issuer": "did:jwk:eyJhbGciOiJFUzI1NiIsInVzZSI6InNpZyIsImt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiVEcySDJ4MmRXWE4zdUNxWnBxRjF5c0FQUVZESkVOX0gtQ010YmdqYi1OZyIsInkiOiI5TThOeGQwUE4yMk05bFBEeGRwRHBvVEx6MTV3ZnlaSnM2WmhLSVVKMzM4In0", "issuanceDate": "2023-09-29T12:31:08.133Z", "sub": "did:jwk:eyJhbGciOiJFUzI1NksiLCJ1c2UiOiJzaWciLCJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiJjMVdYczdXM215c2VVZk5CcXN4ZFBXQklHaEtkNFR6MExSLUZqOEZNWWEwIiwieSI6Ildta0NYdTF3eXpaZ0dON1V4TmFwcHFuT1FhT2tXMkNnT1NuT295TUlUdWMifQ", "nbf": 1695990668, "iss": "did:jwk:eyJhbGciOiJFUzI1NiIsInVzZSI6InNpZyIsImt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiVEcySDJ4MmRXWE4zdUNxWnBxRjF5c0FQUVZESkVOX0gtQ010YmdqYi1OZyIsInkiOiI5TThOeGQwUE4yMk05bFBEeGRwRHBvVEx6MTV3ZnlaSnM2WmhLSVVKMzM4In0" }The text was updated successfully, but these errors were encountered: