Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

no_suitable_keys: DID document for did:ion:

See original GitHub issue

Hello, im trying to verify the JWTCredential, i made a resolver for the did:ion that resolves a DIDdocument like this:

{
   "@context":"https://w3id.org/did-resolution/v1",
   "didDocument":{
      "id":"did:ion:EiAbPkmihA4QYekuRDZLRJXCJmRXujIt27bzoQ7V8TIjBA",
      "@context":[
         "https://www.w3.org/ns/did/v1",
         {
            "@base":"did:ion:EiAbPkmihA4QYekuRDZLRJXCJmRXujIt27bzoQ7V8TIjBA"
         }
      ],
      "service":[
         {
            "id":"#gemeente",
            "type":"LinkedDomain",
            "serviceEndpoint":"fictievegemeente.nl"
         }
      ],
      "verificationMethod":[
         {
            "id":"#key-1",
            "controller":"",
            "type":"EcdsaSecp256k1VerificationKey2019",
            "publicKeyJwk":{
               "kty":"EC",
               "crv":"secp256k1",
               "x":"IWzoDukXeTR_YUk_0OnLKDWsMSBL4oaKZSYRhi6Bq0o",
               "y":"iFt2Ct4Qcl0E8Oy_fUUkIlaqw_Wc0z4iA1Pk1-lLK8k"
            }
         }
      ],
      "authentication":[
         "#key-1"
      ]
   },
   "didDocumentMetadata":{
      "method":{
         "published":true,
         "recoveryCommitment":"EiAwYZXpWB27sbYKQspL3O1SjX15Du7i-j5y17QClzHW8A",
         "updateCommitment":"EiAnMhGvlhGmp0wA-LjlgRdmXNSsl_gIJalf8H8JzFgbFQ"
      },
      "canonicalId":"did:ion:EiAbPkmihA4QYekuRDZLRJXCJmRXujIt27bzoQ7V8TIjBA"
   }
}

The code i run is:

const IonResolver = getResolver()

const didResolver = new Resolver({
    ...IonResolver
})


export async function generateVc(){

//this is an object wich holds the keys for the issuer
var did = DID;

var iondid = {
  did: did.state.longForm,
  signer: ES256KSigner(did.privateJwk.d, true),
  alg: "ES256K"
}

const issuer = iondid as Issuer

const vcPayload: JwtCredentialPayload = {
    sub: did.state.shortForm,
    nbf: 1562950282,
    vc: {
      '@context': ['https://www.w3.org/2018/credentials/v1'],
      type: ['VerifiableCredential'],
      credentialSubject: {
        degree: {
          type: 'Stemgerechtigd',
          name: 'Je mag stemmen'
        }
      }
    }
  }
  
  const vcJwt = await createVerifiableCredentialJwt(vcPayload, issuer,{ header: { alg: 'ES256K' }})

  const verifiedVC = await verifyCredential(vcJwt, didResolver,{ header: { alg: 'ES256K' }})
    
}

The Algorithms are matching, but it keeps saying that they can’t find the public key to verify the VC. But the verification method is present in the DIDDocument.

Error: no_suitable_keys: DID document for did:ion:EiAbPkmihA4QYekuRDZLRJXCJmRXujIt27bzoQ7V8TIjBA:eyJkZWx0YSI6eyJwYXRjaGVzIjpbeyJhY3Rpb24iOiJyZXBsYWNlIiwiZG9jdW1lbnQiOnsicHVibGljS2V5cyI6W3siaWQiOiJrZXktMSIsInB1YmxpY0tleUp3ayI6eyJjcnYiOiJzZWNwMjU2azEiLCJrdHkiOiJFQyIsIngiOiJJV3pvRHVrWGVUUl9ZVWtfME9uTEtEV3NNU0JMNG9hS1pTWVJoaTZCcTBvIiwieSI6ImlGdDJDdDRRY2wwRThPeV9mVVVrSWxhcXdfV2MwejRpQTFQazEtbExLOGsifSwicHVycG9zZXMiOlsiYXV0aGVudGljYXRpb24iXSwidHlwZSI6IkVjZHNhU2VjcDI1NmsxVmVyaWZpY2F0aW9uS2V5MjAxOSJ9XSwic2VydmljZXMiOlt7ImlkIjoiZ2VtZWVudGUiLCJzZXJ2aWNlRW5kcG9pbnQiOiJmaWN0aWV2ZWdlbWVlbnRlLm5sIiwidHlwZSI6IkxpbmtlZERvbWFpbiJ9XX19XSwidXBkYXRlQ29tbWl0bWVudCI6IkVpQW5NaEd2bGhHbXAwd0EtTGpsZ1JkbVhOU3NsX2dJSmFsZjhIOEp6RmdiRlEifSwic3VmZml4RGF0YSI6eyJkZWx0YUhhc2giOiJFaUJmT3RBREFEWG44b09lc0xxcHduMlpfZ2d1V2VkYy05dHp3Q2lJdWxyZEhBIiwicmVjb3ZlcnlDb21taXRtZW50IjoiRWlBd1laWHBXQjI3c2JZS1FzcEwzTzFTalgxNUR1N2ktajV5MTdRQ2x6SFc4QSJ9fQ does not have public keys for ES256K

I think I’m missing a step, can someone help me?

Issue Analytics

State:
Created 2 years ago
Reactions:1
Comments:8 (4 by maintainers)

Top GitHub Comments

1reaction

vollitcommented, Jan 13, 2022

The problem is fixed i made 2 mistakes:

The private key was not encoded in base64.
The resolver resolved the DIDDocument in a wrong way, so the VerifyJWT could not find the PublicKey.

Thanks for the help!

1reaction

mirceaniscommented, Jan 13, 2022

@vollit I wasn’t able to reproduce your issue. I added a test in #99 that uses a DID document with publicKeyJwk. Everything works out fine.

While writing the test, I noticed 2 thing in your sample:

the publicKeyJwk you are using is hardcoded but the private key is not. Please ensure that your public key is derived from your did.privateJwk.d, since that is what you are using to sign.
the Signer you are using is actually creating ES256K-R signatures, but you are specifying ES256K as algorithm. This can be fixed like so:

var issuer: Issuer = {
  did: did.state.longForm,
  signer: ES256KSigner(did.privateJwk.d, false), // set the recoverable flag to false
  alg: "ES256K"
}

Top Results From Across the Web

Decentralized Identifiers (DIDs) v1.0 - W3C

This section provides a basic overview of the major components of Decentralized Identifier architecture. DIDs and DID documents are recorded on a Verifiable ......