Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarification on transaction_data_hashes #418

Open
babisRoutis opened this issue Feb 10, 2025 · 2 comments · May be fixed by #421
Open

Clarification on transaction_data_hashes #418

babisRoutis opened this issue Feb 10, 2025 · 2 comments · May be fixed by #421

Comments

@babisRoutis
Copy link

Currently, on d23/d24 the specification contains the following description:

transaction_data_hashes: Array of hashes, where each hash is calculated using a hash function over the strings received in the transaction_data request parameter. Each hash value ensures the integrity of, and maps to, the respective transaction data object. Where in the response this parameter is included is defined by each Credential Format, but it has to be included in the mechanism used for the proof of possession of the Credential that is signed using the user-controlled key

In addition, in the SD-JWT-VC section there is the following (I guess non-normative) example of a KB-JWT

{
  "nonce": "n-0S6_WzA2Mj",
  "aud": "x509_san_dns:client.example.org",
  "iat": 1709838604,
  "sd_hash": "Dy-RYwZfaaoC3inJbLslgPvMp09bH-clYP_3qbRqtW4",
  "transaction_data_hashes": [ "fOBUSQvo46yQO-wRwXBcGqvnbKIueISEL961_Sjd4do" ]
}

I guess that each element of transaction_data_hashes should be calculated as described in the above text, but it also needs to be encoded using Base64 URL encoded (no padding).

I don't know if it is implied, yet I miss a reference on the base64 encoding transaction_data_hashes to the KB-JWT.

@Sakurann
Copy link
Collaborator

i think this might be fixed/clarified/changed with #423

@babisRoutis
Copy link
Author

i think this might be fixed/clarified/changed with #423

Thanks @Sakurann .

In general, I think that is not clear to the reader how holder-signed transaction_data should be include to the wallet response.

For SD-JWT-VC there is the example, yet it misses an explicit definition of how to represent transaction_data_hashes within the KB-JWT.

For other formats, like mso_mdoc, specification doesn't provide any hint or reference.

Added a relevant comment #423 (comment)

@sander sander linked a pull request Mar 11, 2025 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants