Implement Flattened JWS serialization for Veramo compatibility#35
Merged
Implement Flattened JWS serialization for Veramo compatibility#35
Conversation
- Switch JWS encoding from standard Base64 to Base64URL (no padding) per RFC 7515 - Default to Flattened JWS serialization for single signatures (Veramo compat) - Accept both General and Flattened JWS formats on deserialization - Add base64_decode_flexible() helper that accepts all Base64 variants - Implement did:key resolution in resolve_verification_key for cross-agent verification - Fix Veramo integration tests: use built-in memory stores, fix message passing, remove error-swallowing try/catch patterns - Update Flattened JWS detection in agent.rs, tap-node, and mock-server - Update all TypeScript tests to expect Flattened JWS format https://claude.ai/code/session_01WWHiooMRiBBdSiQQwWqQGt
- Add x25519-dalek for proper X25519 ECDH key agreement - Make apv/apu optional in JweProtected (Veramo omits them) - Support X25519 EPK in unwrap_jwe alongside existing P-256 - Use base64_decode_flexible for all JWE fields (base64url compat) - Match JWE recipients by DID prefix (X25519 key agreement kids) - Improve JWE unpack error messages with last failure details - Enable Veramo JWE anoncrypt test (was skipped) https://claude.ai/code/session_01WWHiooMRiBBdSiQQwWqQGt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR updates the TAP agent to use Flattened JWS (JSON Web Signature) serialization format instead of General JWS format, enabling proper interoperability with Veramo's DIDComm implementation. The changes include custom serialization logic, flexible base64 decoding, and improved DID resolution for verification.
Key Changes
Message Format (Flattened JWS)
SerializeandDeserializetraits for theJwsstruct to support both formats:payload,protected, andsignatureat top levelpayloadandsignaturesarraybase64_decode_flexible()function that accepts standard base64, base64url with/without padding to handle different encoding schemes from VeramoURL_SAFE_NO_PAD(base64url without padding) per RFC 7515DID Resolution Improvements
resolve_verification_key()in bothDefaultKeyManagerandAgentKeyManagerto directly resolvedid:keyDIDs without requiring external resolver setupTest Updates
protected/signaturefields instead ofsignaturesarray)MemoryDIDStore,MemoryKeyStore,MemoryPrivateKeyStore) imported from@veramo/did-managerand@veramo/key-managerBuild Configuration
wasm-opt = falseto wasm-pack release profile inCargo.tomlto prevent optimization issuesImplementation Details
did:keyis now self-contained, reducing external dependencies during message verificationhttps://claude.ai/code/session_01WWHiooMRiBBdSiQQwWqQGt