Just a little help with credential verification

[mmachado53]

Hi guys, I have some questions about credential verification, for now I'm trying to verify some credentials using preview protocol, I'm using some credentials created from an Android app, which I can verify perfectly well using https://digital-credentials.dev/ this is what I have so far:

1.- On the "verifier" side I have this code to generate the key pair and the nonce string:

import { AeadId, CipherSuite, KdfId, KemId } from "hpke-js";

const suite = new CipherSuite({
    kem: KemId.DhkemP256HkdfSha256,
    kdf: KdfId.HkdfSha256,
    aead: AeadId.Aes128Gcm,
  });
  const mainKeypair = await suite.kem.generateKeyPair();
  // getting base64 public key
  const rawPublicKey = await crypto.subtle.exportKey("raw", mainKeypair.publicKey);
  const base64PublicKey = toBase64Url(new Uint8Array(rawPublicKey));
 
 
  // Getting the nonce text
  const randomBytes = crypto.getRandomValues(new Uint8Array(32));
  const nonceBase64 =  toBase64Url(randomBytes);

2 .- On the client side I create the request using the public key in base64 and the nonce created previously and I get the token like this:

const fields = [
    {
      namespace: 'org.iso.18013.5.1',
      name: 'family_name',
      intentToRetain: false
    },
    {
      namespace: 'org.iso.18013.5.1',
      name: 'given_name',
      intentToRetain: false
    },
    {
      namespace: 'org.iso.18013.5.1',
      name: 'age_over_21',
      intentToRetain: false
    }
  ];

 const credentialOptions = {
    digital: {
      providers: [
        {
          protocol: 'preview',
          request: {
            selector: {
              format: ['mdoc'],
              doctype: 'org.iso.18013.5.1.mDL',
              fields
            },
            nonce: nonceBase64,
            readerPublicKey: base64PublicKey
          }
        }
      ]
    }
  };

const response = await navigator.credentials.get(credentialOptions);

const token = JSON.parse(response.data).token

3.- And then on the verifier side using the token from the client side, the primary key pair and the nonce I try to open the content of the response:

import { decode as cborDecode, encode as cborEncode } from 'cbor2';
import { AeadId, CipherSuite, KdfId, KemId } from 'hpke-js';

// Passing the token to bytes
const base64Token =token
      .replaceAll('-', '+')
      .replaceAll('_', '/');

const binStr = atob(base64Token);

const tokenBytes = new Uint8Array(binStr.length);

for (let i = 0; i < binStr.length; i++) {
     tokenBytes[i] = binStr.codePointAt(i) ?? 0;
 }

// Decoding the bytes using cbor

const encryptedToken = cborDecode(tokenBytes);

const cipherText = encryptedToken.cipherText;
const pkEm = encryptedToken.encryptionParameters.pkEm

// Generating SessionTranscript ( I took it from here: https://github.com/openwallet-foundation-labs/identity-credential/blob/main/identity-android/src/main/java/com/android/identity/android/mdoc/util/CredmanUtil.kt#L125)

const clientIdBytes = fromBase64(base64PublicKey);
const requestHash = await crypto.subtle.digest("SHA-256",clientIdBytes);

const originInfo = {
    cat: 1,
    type: 1,
    details: {
      baseUrl:  window.location.origin  (from de client side)
    }
  };

  const originInfoBytes = cborEncode(originInfo);
  const nonceBytes = fromBase64(this.nonce);
  const browserHandover = [
    'BrowserHandoverv1',
    nonceBytes,
    originInfoBytes,
    requestHash
  ];

  const sessionTranscript = cborEncode([null, null, browserHandover]);

 // Prepare the HPKE library instance (P-256 + HKDF-SHA256 + AES-128-GCM)
  const suite = new CipherSuite({
    kem: KemId.DhkemP256HkdfSha256,
    kdf: KdfId.HkdfSha256,
    aead: AeadId.Aes128Gcm
  });

// Create HPKE recipient context
  const contextParams = {
    recipientKey: mainKeypair.privateKey, // our main private key
    enc: pkEm
  };

  const recipientContext = await suite.createRecipientContext(contextParams);

  // Decrypt, passing sessionTranscript as AAD
  const plaintext = await recipientContext.open(cipherText, sessionTranscript);

So right on the last line await recipientContext.open I get just an "OpenError" 😅

Is there anyone who can tell me what I'm doing wrong? Or someone who can share some source code where the verification of credentials is handled successfully.

Thank you!