smokesignal.events / atproto-plc
Rust and WASM did-method-plc tools and structures
fork atom

Invalid Public Key When Creating New DiD #3

open
opened by zicklag.dev

I'm running into an issue where the DID genesis operation returned by the DidBuilder are not valid. For example, if I run the create_did example in this repo:

{
  "type": "plc_operation",
  "rotationKeys": [
    "did:key:z4oJ8cTtWSyiw4ggvJAkkjKbFmaqQ815FqtQyvJNZYRHNBx4qnNr6F8tjFBPn9Vzjz9Rp7BaR8sh7CWXGToQkw9akXUdq"
  ],
  "verificationMethods": {
    "atproto": "did:key:zQ3shce89AwLodbdeCMiCu72dtZN27JqDKox5k42aRhhYoe2t"
  },
  "alsoKnownAs": [
    "at://alice.example.com"
  ],
  "services": {
    "atproto_pds": {
      "type": "AtprotoPersonalDataServer",
      "endpoint": "https://pds.example.com"
    }
  },
  "sig": "P-jbAHAkkVes3_Spk1tL-5o1KYTckH0WubgxorD7DpE5LekO75tr45LeFNHmzRruXGn_kpDTWlUNONOXGebE_Q"
}

Trying to create the DID using the goat CLI yields:

PLC directory request failed status_code=400 body="{\"message\":\"Invalid rotationKey: did:key:z4oJ8cTtWSyiw4ggvJAkkjKbFmaqQ815FqtQyvJNZYRHNBx4qnNr6F8tjFBPn9Vzjz9Rp7BaR8sh7CWXGToQkw9akXUdq\"}"
error: failed did:plc operation submission, HTTP status: 400

If I switch the key type from p256 to k256 then it fails with an invalid signature:

PLC directory request failed status_code=400 body="{\"message\":\"Invalid signature on op: {\\\"type\\\":\\\"plc_operation\\\",\\\"rotationKeys\\\":[\\\"did:key:zQ3shrXWGT7b5n6TdNYnjg1CfCGkjGz5tXMpbCtn9eSYa9aVa\\\"],\\\"verificationMethods\\\":{\\\"atproto\\\":\\\"did:key:zQ3shbXa8NLFgcBqvfmRxe9vGHwqeCTijha6NaW7wnmdPRKJb\\\"},\\\"alsoKnownAs\\\":[\\\"at://alice.example.com\\\"],\\\"services\\\":{\\\"atproto_pds\\\":{\\\"type\\\":\\\"AtprotoPersonalDataServer\\\",\\\"endpoint\\\":\\\"https://pds.example.com\\\"}},\\\"prev\\\":null,\\\"sig\\\":\\\"cfWuIhLKoLCr6fVdSR6lpWYF-cBh0RA36un91GNR3O9OvRVYdxlE0fztBn4piu1u8Fn66FL53S_F2gdFadlCNw\\\"}\"}"
error: failed did:plc operation submission, HTTP status: 400
zicklag.dev (author)

I'm also finding that the did returned by the DidBuilder differs from the DID calculated by the goat CLI for the genesis JSON.

zicklag.dev (author)

Oh, I'm making progress!

I noticed that the PLC operation encoding was not serializing prev as a null when it should be for genesis operations. Serde was annotated to skip serializing the value when it was None.

That fixes the invalid signature error when using a k256 key, but it doesn't fix the returned DID string identifier, which still doesn't match the one for the directory.

zicklag.dev (author)

Fixed it! At least for k256 keys.

The derive_did() function was serializing to JSON not to CBOR, and the Operation type had the same issue with not serializing null like it was supposed to.

sign up or login to add to the discussion
Labels

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:plc:ulg2bzgrgs7ddjjlmhtegk3v/sh.tangled.repo.issue/3maa27obuvt22