See dif-grant-1-jws-test-suite.
The purpose of this test suite is to enable interoperability testing across implementations of https://w3id.org/security/suites/jws-2020.
This suite is used to create verifiable credentials and presentations that conform to the VC Data Model.
This test suite does not currently support VC-JWT, even though some implementations may also support it.
As defined in the suite there are a number of supported key types using JsonWebKey2020 and corresponding signature algorithms. The table below illustrates what this test suite supports for testing. Currently, there are four keys used in testing:
kty | crv or size | signature |
---|---|---|
OKP | Ed25519 | EdDSA |
EC | secp256k1 | ES256k |
EC | secp256r1 / P-256 | ES256 |
EC | secp384r1 / P-384 | ES384 |
RSA | 2048 | PS256 |
npm i
npm run build
npm run report:clean
npm run report:generate
npm run report:evaluate
docker-compose build transmute
IMPLEMENTATION=transmute
INPUT=/data/credentials/credential-0.json
KEY=/data/keys/key-0-ed25519.json
OUTPUT=/data/implementations/$IMPLEMENTATION/credential-0--key-0-ed25519.json
docker-compose run $IMPLEMENTATION \
credential create \
--input $INPUT \
--output $OUTPUT \
--key $KEY
IMPLEMENTATION=transmute
INPUT=/data/presentations/presentation-0.json
KEY=/data/keys/key-0-ed25519.json
OUTPUT=/data/implementations/$IMPLEMENTATION/presentation-0--key-0-ed25519.json
docker-compose run $IMPLEMENTATION \
presentation create \
--input $INPUT \
--output $OUTPUT \
--key $KEY
IMPLEMENTATION=transmute
INPUT=/data/implementations/$IMPLEMENTATION/credential-0--key-0-ed25519.json
OUTPUT=/data/implementations/$IMPLEMENTATION/credential-0--key-0-ed25519.test.verification.json
docker-compose run $IMPLEMENTATION \
credential verify \
--input $INPUT \
--output $OUTPUT
IMPLEMENTATION=transmute
INPUT=/data/implementations/$IMPLEMENTATION/presentation-0--key-0-ed25519.json
OUTPUT=/data/implementations/$IMPLEMENTATION/presentation-0--key-0-ed25519.test.verification.json
docker-compose run $IMPLEMENTATION \
presentation verify \
--input $INPUT \
--output $OUTPUT
Anyone is welcome to submit an implementation. This suite uses docker compose to simplify testing each implementation. A mock implementation is provided here as a reference.
In preparing your submission, you'll need to do the following:
- Create a new subdirectory in the
implementations
directory with your implementation. - Create a new subdirectory in the
data/implementations
directory for your implementation's output files. - Build your implementation in
implementations/{your-impl}
along with a workingDockerfile
(details on functionality below). - Modify the docker-compose file to list your implementation.
Your Docker image needs to support the following inputs, styled as a CLI, as called from generate.js. It is not required to support all keys, credentials, or presentations. If your implementation does not support one of the options called during generate it's advised to fail gracefully, and not write an empty output file.
- credential create
Generates a credential using your implementation. Takes four arguments:
--input $INPUT
where$INPUT
is a path to an existing credential file such as/data/credentials/credential-0.json
--output $OUTPUT
where$OUTPUT
is a path to a file your implementation will create such asdata/implementations/$IMPLEMENTATION/credential-0--key-0-ed25519.json
--key $KEY
where$KEY
is a path to an existing key file such as/data/keys/key-0-ed25519.json
--format $FORMAT
where$FORMAT
is a eithervc
orvc-jwt
- credential verify
Verifies a credential using your implementation. Takes four arguments:
--input $INPUT
where$INPUT
is a path to an existing signed credential file such as/data/implementations/$IMPLEMENTATION/credential-0--key-0-ed25519.json
--output $OUTPUT
where$OUTPUT
is a path to a file your implementation will create such as/data/implementations/$IMPLEMENTATION/credential-0--key-0-ed25519.test.verification.json
- presentation create
Generates a presentation using your implementation. Takes four arguments:
--input $INPUT
where$INPUT
is a path to an existing presentation file such as/data/presentations/presentation-0.json
--output $OUTPUT
where$OUTPUT
is a path to a file your implementation will create such asdata/implementations/$IMPLEMENTATION/presentation-0--key-0-ed25519.json
--key $KEY
where$KEY
is a path to an existing key file such as/data/keys/key-0-ed25519.json
--format $FORMAT
where$FORMAT
is a eithervp
orvp-jwt
- presentation verify
--input $INPUT
where$INPUT
is a path to an existing signed presentation file such as/data/implementations/$IMPLEMENTATION/presentation-0--key-0-ed25519.json
--output $OUTPUT
where$OUTPUT
is a path to a file your implementation will create such as/data/implementations/$IMPLEMENTATION/presentation-0--key-0-ed25519.test.verification.json
If your implementation supports both the plain (vc
, vp
) and JWT (vc-jwt
, vp-jwt
) variations you should
diff the output files for each credential and presentation and their verifications. The convention is as
follows:
For credentials...
vc
: credential-0--key-0-ed25519.vc.json
vc-jwt
: credential-0--key-0-ed25519.vc-jwt.json
For presentations...
vp
: presentation-0--key-0-ed25519.vp.json
vp-jwt
: presentation-0--key-0-ed25519.vp-jwt.json
The JWT representations: vc-jwt
and vp-jwt
do not use the Linked Data signature process described
in the JsonWebSignature2020
specification. Instead, for signing and verifying JWT representations, standard
JOSE is used. The key type and algorithm specified for signing and verifying
are consistent with the JsonWebKey2020
representations found in this test suite.
To simplify generation of your implementation's signed files you can use the command npm run report:generate
. If wish
to only run your implementation, you can modify the (focusedImplementations
value
here)[https://github.com/decentralized-identity/JWS-Test-Suite/blob/main/generate.js#L25].
To test your implementation you can verify the credentials and presentations your implementation generates against other
implementations. At present, the transmute
implementation is authoritative for all verifications except for
credentials signed with RSA-2048 keys using PS256. For RSA credentials and presentations, test against spruce
.
The only thing tested by the suite are valid signatures for a given proof type. This means using the proofPurpose
of assertionMethod
for credentials, and the type of authentication
for presentations, where a challenge
value must
be present.
Example commands can be found above.