Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How are connection and did exchange response signatures verified against the invitation recipient keys? #1594

Closed
TimoGlastra opened this issue Jan 11, 2022 · 2 comments · Fixed by #1599
Assignees

Comments

@TimoGlastra
Copy link
Contributor

I'm currently implementing signed attachment in AFJ for use in DIDExchange. I'm leaning heavily on the aca-py implementation, but can't figure out where the response message diddoc signature verkeys are being matched against the invitation recipient keys.

For the connection protocol looking at the signature decorator verify method is only called in one method, but that method is not called anywhere else. This leads me to assume the connection implementation in ACA-Py doesn't check the invitation key against the signature decorator verkey.

The connection protocol mentions:

The signature data must be used to verify against the invitation's recipientKeys for continuity.

For the DIDExchange protocol the attach decorator has a verify method which is called in the DIDExchange manager twice (1, 2), but I can't find where the invitation key is verified against the signed attachment diddoc verkey

Although I wasn't able to find a statement mentioning the didexchange response MUST be checked against the invitation's recipientKeys, I think it could lead to security issues if this isn't checked. (someone else could send a connection response with a different verkey, and sign the diddoc with a different key than used in the invitation)

Maybe someone can help me understand the ACA-Py implementation better to make sure we can correctly implement this in AFJ

cc @andrewwhitehead, @shaangill025, @swcurran

@swcurran
Copy link
Contributor

@shaangill025 -- once you have a break in the persistent queues work, please look at this.

@swcurran
Copy link
Contributor

swcurran commented Feb 8, 2022

@TimoGlastra @andrewwhitehead -- can you please review the PR related to this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
3 participants