Verify API returning valid for a tampered verifiable credential #58
-
|
I generated a VC using the SSIKI see below:
I used v1/verify and I get: I went and changed the age in the VC but I always get valid. What am I doing wrong? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
"@context" : [ "https://www.w3.org/2018/credentials/v1", "https://w3id.org/security/suites/jws-2020/v1" ]Hi, your context is just for the base credential ( You can also use the JWT signature format instead of LD-Signature. This signature format works on the whole JSON of the credential. |
Beta Was this translation helpful? Give feedback.
Hi, your context is just for the base credential (
https://www.w3.org/2018/credentials/v1) and the proof attribute (https://w3id.org/security/suites/jws-2020/v1), you have to specify a@contextthat includes the required attributes of thecredentialSubject. Right now,credentialSubjectis not being used for the signature.You can also use the JWT signature format instead of LD-Signature. This signature format works on the whole JSON of the credential.