Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No support for multisig issuance of private ACDCs #221

Open
nkongsuwan opened this issue Feb 18, 2024 · 3 comments
Open

No support for multisig issuance of private ACDCs #221

nkongsuwan opened this issue Feb 18, 2024 · 3 comments

Comments

@nkongsuwan
Copy link
Contributor

nkongsuwan commented Feb 18, 2024
edited

Currently, client.credentials().issue(kargsIss) does not support multisig issuance of private ACDCs.

The reason is that IssueCredentialArgs doesn't allow arbitrary salts u as input to the function issue(). As a result, when members of a multisig group try to issue a private ACDC, they will get inconsistent salts, acdc.u and acdc.a.u.

I suggest changing the interface IssueCredentialArgs to include inputs for the top-level salt and the one inside a, e.g., topLevelSalt?: boolean | string and attributeSalt?: boolean | string.

This issue is blocking PR #207 for the issuance of an ECR vLEI credential.
@psteniusubi
Copy link
Contributor

Hi @nkongsuwan. I have run into this same issue.

I have not created a PR yet, but I have a quick and dirty fix that adds two parameters to IssueCredentialArgs

$ git stash show -p stash@{1}
diff --git a/src/keri/app/credentialing.ts b/src/keri/app/credentialing.ts
index 058ccdd..bd8feb2 100644
--- a/src/keri/app/credentialing.ts
+++ b/src/keri/app/credentialing.ts
@@ -81,6 +81,8 @@ export interface IssueCredentialArgs {
      * Flag to issue a credential with privacy preserving features
      */
     privacy?: boolean;
+    subjectSalt?: string;
+    acdcSalt?: string;
 }

 export interface IssueCredentialResult {
@@ -196,7 +198,9 @@ export class Credentials {

         const [, subject] = Saider.saidify({
             d: '',
-            u: args.privacy ? new Salter({}).qb64 : undefined,
+            u: args.privacy
+                ? args.subjectSalt ?? new Salter({}).qb64
+                : undefined,
             i: args.recipient,
             dt: dt,
             ...args.data,
@@ -205,7 +209,7 @@ export class Credentials {
         const [, acdc] = Saider.saidify({
             v: versify(Ident.ACDC, undefined, Serials.JSON, 0),
             d: '',
-            u: args.privacy ? new Salter({}).qb64 : undefined,
+            u: args.privacy ? args.acdcSalt ?? new Salter({}).qb64 : undefined,
             i: hab.prefix,
             ri: args.registryId,
             s: args.schemaId,

@lenkan
Copy link
Collaborator

lenkan commented Feb 18, 2024
edited

I am starting to think it's better to create interfaces for the issuance and acdc payloads and just pass them through, just adding defaults and perhaps the saidifying.

Same for inception, interaction and rotation events.

@lenkan lenkan mentioned this issue Feb 19, 2024
Merged
@lenkan
Copy link
Collaborator

lenkan commented Feb 19, 2024

@nkongsuwan please see #222 for my proposal on how to solve this problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lenkan @psteniusubi @nkongsuwan