Computed hash does not match remote hash

Support
1

Hello
I have created a certificate and signed it with cert-issuer.
I have obtained the hash of the transaction and verified that it was done correctly, but when I verify the certificate from the blockcerts site or from cert-verifier-js I get the following message:

Computed hash does not match remote hash

This is my certificate

{
    "@context": [
      "https://www.w3.org/2018/credentials/v1",
      "https://w3id.org/blockcerts/v3",{
        "alumniOf":{
          "@id": "https://schemas.learningmachine.com/2017/blockcerts/nonce",
          "@type": "https://schema.org/Text"
        }
      }
    ],
    "type": [
      "VerifiableCredential",
      "BlockcertsCredential"
    ],
    "issuer": "https://www.blockcerts.org/samples/2.0/issuer-testnet.json",
    "issuanceDate": "2023-08-24T18:20:30Z",
    "id": "urn:uuid:7224744c-9e7f-4668-b900-f768cfdbd05f",
    "credentialSubject": {
      "id": "ecdsa-koblitz-pubkey:mkwntSiQmc14H65YxwckLenxY3DsEpvFbe",
      "alumniOf": {
        "id": "https://www.issuer.org"
      }
    },
    "nonce": "123",
    "proof": {
      "type": "MerkleProof2019",
      "created": "2023-08-25T11:21:59.400781",
      "proofValue": "z9nmN4tsD8AYm9okpHxBZA8UNBCPukRvn4CD1yWCcooDuXMtUwKSQ5CfHSZodyG2ZZz4uMwKFjra5JaoUDiAmpAVANSYfwZeLtxmzt38L4F6xZqXDkm88VeDWTaquqYrmrgmD5REPCd3m1cXtmeKmHzc7BcRep7wj8nJRJ6U9Xy7AmkVfQra9Guw57PHVNVpymvcoSTJm1kh8RDKEFmiiHWJgRhmMuKm7h7we7sMkhAZfSmAhsvNMGP9iQbdJZn1ewrVexMjmSJAB2sdDAA8AAUZNvk2zEGDV5jD2unh62Ce5Y25NdSNxYTwdvYBWBFQtWx7KUAYmN8zubzQY2m5TSBaMnEcouFRtiS1wHjjCGfQzkDfAF7RKJQsPap8DwTQ2aTfn83UpubiAYTWgqj6tQwrWRv",
      "proofPurpose": "assertionMethod",
      "verificationMethod": "https://www.blockcerts.org/samples/3.0/issuer-blockcerts.json#key-1"
    }
  }
2

Hi,

right off the bat a few things jump to my eyes:

  • The issuer is https://www.blockcerts.org/samples/2.0/issuer-testnet.json, but the verification method does not match that issuer: https://www.blockcerts.org/samples/3.0/issuer-blockcerts.json#key-1. They should be referring to the same entity (may it be through a DID document or a more classic issuer profile).
  • You don’t have control over that issuer, since this is Blockcerts own profile and you don’t have access to the private keys, so I’m a bit puzzled if the signature actually went through.
  • in your context you are defining the alumniOf property, but its id is calling it nonce, this could potentially be the issue as the normalization may not occur correctly.

You can gain insights as to what is being hashed and compared if you print out the result of this line https://github.com/blockchain-certificates/jsonld-signatures-merkleproof2019/blob/master/src/inspectors/computeLocalHash.ts#L74

And compare it against the value of this line https://github.com/blockchain-certificates/cert-issuer/blob/master/cert_issuer/normalization_handler.py#L12 (don’t forget to encode it to utf-8 as done in the next line).

It’s a bit tedious, there is no better debug mode at this time but this will help you pinpoint the differences between the normalized documents and identify the problem.