-
Notifications
You must be signed in to change notification settings - Fork 514
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Anoncreds create credential #3369
Anoncreds create credential #3369
Conversation
Frustrating — sorry that got messy. The orginal AnonCreds implementation (in Indy) used “holder_did”, but semantically, that was wrong — the “did” had nothing to do with the operation. Clients were using the “DIDComm DID” of the relationship between the holder and issuer — but it was not checked and could be anything. We looked into the code, and it was determined that the purpose of the data was simply to add entropy into the operation. A very minor change, but not everyone got the memo, and all it does is create friction. Likely the best way to handle it is for the issuer to accept either, and pass it on to AnonCreds with what it expects. Painful - sorry about that. The “clarification” of the purpose does not make up for the interop problems this has caused. |
Need to look into failing tests... Thought I had tested this. (edit) Seems to be some compatibility issues with indy issuer to anoncreds holder. I'll get back to this in a bit. |
b60f20f
to
e08c47f
Compare
e08c47f
to
1afdd62
Compare
I think we can ignore the sonarcloud report. Most of the duplication is because of the extension of the registry base class and there's not really much to cover with unit tests, and it's covered by the scenario test. |
FWIW, i also ran into compatibility issues when testing VCX against cheqd's acapy fork/branch. The issue was that VCX (using anoncreds-rs) was creating cred request attachments that had Looks like this is the more permanent fix - cheers! question; is it still necessary to include both Maybe that's too aggressive, as i don't think the anoncreds spec explicitly denies usage of |
yeah i ran into this too. here's the source where all the validation rules are applied: https://github.com/hyperledger/anoncreds-rs/blob/main/src/data_types/cred_request.rs#L27 different behaviours depending on whether or not the cred-def-id is qualified ("legacy") or not |
8f250e6
to
5460ff5
Compare
9cc0f0a
to
770df2d
Compare
These changes will get hit by the anoncreds scenario, right? |
Yes. The anocnreds scenario test is testing askar/indy (issuer) --> askar-anoncreds (holder) and askar-anoncreds (issuer) --> askar/indy (holder). And the verifier scenario. The anoncreds holder now uses entropy instead of prover_did, and the indy credx holder still uses prover_did. The only issue would be an old version of an indy issuer, issuing to a new anoncreds holder. In this case it wouldn't know what to do with the |
If it helps — the “prover_did” property that would come from an Indy request can be used as the value of “entropy” — they are the same value. |
Updated that last comment to be “prover_did” — |
@jamshale we need to |
👍 Ok. Thanks for pointing this out. I had tried to run through the presentation protocol as well with your branch but was having other issues so I never got through it. This looks like an obvious place to apply the method. Let me know if you see any others please. |
3e1fc6d
to
38c5811
Compare
Signed-off-by: jamshale <[email protected]>
Signed-off-by: jamshale <[email protected]>
Signed-off-by: jamshale <[email protected]>
Signed-off-by: jamshale <[email protected]>
Signed-off-by: jamshale <[email protected]>
Signed-off-by: jamshale <[email protected]>
Signed-off-by: jamshale <[email protected]>
Signed-off-by: jamshale <[email protected]>
38c5811
to
3581b01
Compare
Signed-off-by: jamshale <[email protected]>
Signed-off-by: jamshale <[email protected]>
Signed-off-by: jamshale <[email protected]>
Signed-off-by: jamshale <[email protected]>
acapy_agent/protocols/present_proof/v2_0/formats/anoncreds/handler.py
Outdated
Show resolved
Hide resolved
Signed-off-by: jamshale <[email protected]>
Quality Gate failedFailed conditions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍🏻
When
cheqd
was attempting anoncreds issuance they were getting aentropy required
error when using the anoncreds library to create the credential. After some research it looked like we should be using the entropy parameter, but were using theprover_did
parameter. https://hyperledger.github.io/anoncreds-spec/#constructing-the-credential-requestI don't know why this works for an indy credential request and not the cheqd. Maybe something internally in the anocnreds library. But it looks like using the holder_did value in the entropy works and I tested with indy and cheqd and issuance succeeds.
Then noticed some indy parsing when storing the credential that shouldn't be in the anoncreds holder. I couldn't figure out why we would need these extra tags so I removed them. If we did need them then the parsing should go into the actual registry.