Skip to content

VC with deleted entire proof section verifies as correct

Summary:

When sending Verifiable Credential with deleted proof section, the verification process shows no errors and the document appears as valid.

Request Body:

{
    "@context": [
        "https://www.w3.org/2018/credentials/v1",
        "https://w3id.org/security/suites/jws-2020/v1"
    ],
    "id": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
    "type": "VerifiablePresentation",
    "verifiableCredential": [
        {
            "@context": [
                "https://www.w3.org/2018/credentials/v1",
                "https://w3id.org/security/suites/jws-2020/v1"
            ],
            "credentialSubject": {
                "allow": true,
                "id": "https://gaiax.vereign.com/tsa/policy/example/ProofRequestResponse/1.0"
            },
            "issuanceDate": "2022-07-21T10:24:36.203848291Z",
            "issuer": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
            "type": "VerifiableCredential"
        },
        {
            "@context": [
                "https://www.w3.org/2018/credentials/v1",
                "https://w3id.org/security/suites/jws-2020/v1",
                "https://schema.org"
            ],
            "credentialSubject": {
                "allow": true,
                "id": "https://gaiax.vereign.com/tsa/policy/example/ProofRequestResponse/1.0"
            },
            "issuanceDate": "2022-07-21T10:24:36.203861194Z",
            "issuer": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
            "type": "VerifiableCredential"
        }
    ]
}

Response:

HTTP/1.1 200 OK
date: Fri, 29 Jul 2022 15:01:12 GMT
content-type: application/json
content-length: 15
strict-transport-security: max-age=15724800; includeSubDomains
{
    "valid": true
}

The full request:

curl --location --request POST 'https://gaiax.vereign.com/tsa/signer/v1/presentation/verify' \
--header 'Content-Type: application/json' \
--data-raw '{
    "@context": [
        "https://www.w3.org/2018/credentials/v1",
        "https://w3id.org/security/suites/jws-2020/v1"
    ],
    "id": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
    "type": "VerifiablePresentation",
    "verifiableCredential": [
        {
            "@context": [
                "https://www.w3.org/2018/credentials/v1",
                "https://w3id.org/security/suites/jws-2020/v1"
            ],
            "credentialSubject": {
                "allow": true,
                "id": "https://gaiax.vereign.com/tsa/policy/example/ProofRequestResponse/1.0"
            },
            "issuanceDate": "2022-07-21T10:24:36.203848291Z",
            "issuer": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
            "type": "VerifiableCredential"
        },
        {
            "@context": [
                "https://www.w3.org/2018/credentials/v1",
                "https://w3id.org/security/suites/jws-2020/v1",
                "https://schema.org"
            ],
            "credentialSubject": {
                "allow": true,
                "id": "https://gaiax.vereign.com/tsa/policy/example/ProofRequestResponse/1.0"
            },
            "issuanceDate": "2022-07-21T10:24:36.203861194Z",
            "issuer": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
            "type": "VerifiableCredential"
        }
    ]
}'