this is redundant

how are these values mapped to the presentation? Ideally we don't add oid4vp specific properties to the pex service, but i can understand if it's not possible otherwise

Yeah, I also don't like it, but I don't see an easy better way to propagate the values. There are used to calculate the session transcript

okay and this is openid4vp specific, or is it mdoc specific?

Hmm I guess depends on the viewpoint the data we need is expected to come for openid4vp, but we need it to create mdoc presentations.

I think this should be extracted from the challenge property in the pex service itself. As it's now redundant, and can lead to inconsistencies.

I did this intentionally. I don't think we should use a challenge property. openid4vp is very specific. To me it would be completely unclear why the verification of a device response will fail after changing a e.g. domain/challenge property which have no relation at all to Mdoc?

What do you think?

Hmm I think it's quite common to use one nonce and apply that in all places that need a nonce. That way you keep consistency. we use the presentation exchange nonce in the w3c vp signature creation, so i don't see why we can't use it in the mdoc presentation creation.

I rather reuse the existing property, as there's really no reason to use a different nonce for the mdoc presentation.

because the nonce for a w3c jwt vp / sd-jwt-vc is also based on the challenge. We just call it challenge in our api, but all VPs use this as the nonce/challenge.

we need to make sure to reuse this nonce when encrypting the resposne (we generate a new nonce there at the moment, but these should be the same)

what if v1 is used?

I think instead of continue we could use an else clause maybe? I had a hard time understanding this code, until i spotted this continue statement

when will we know this? (i don't see warn changed to error / info?)

isn't device signed the presentation?

yes. It can also include device-signed namespaces. Essentially self-attested claims.

but shouldn't this be on the mdoc presentation then?

i see we're mostly using string certificates here. Do we want to use that as the primary method to pass around certificate in Credo (i haven't made my mind up yet, just thinking 🤔 ).

I don't mind. We essentially also set trustedCerts as strings. That's why I have chosen this approach

export interface X509ModuleConfigOptions {
  /**
   *
   * Array of trusted base64-encoded certificate strings in the DER-format.
   */
  trustedCertificates?: [string, ...string[]]

string is fine 👍

Do we check if the issuerKey and cert key match? Can't we always just extract the key from the cert?

I also think this should work. Not sure why it doesn't. It may be related to the issue I mentioned below with the jwk representation of keys.

this is the public key jwk, not the private key jwk right? I think the name is confusing. It's important we don't have to pass the private key, so we can support HSM

I don't like the casting here, it can lead to bugs in the future. We should check if index 0 exists, and then also whether it's a supported alg by mdoc (or does it throw if the provided alg is not supported?)

just as an FYI trusted certificaes will need to be aligned with #2052 once merged

does it return a verification object or something? Would be good to return more than true/false, but also something we can add later

does create also sign? I think in SD JWT API we use sign so might be nice to stay consistent?

does this still use the credo wallet to verify the signature? I can't see the context or something passed around. It is important.

Aslo it's prob ok for now, but we should try to stay away from doing crypto operations outside of the wallet. Also with e.g. the p256 shared secret calcuation etc.. The more we can do in the wallet, the better.

So if you can provide a list of all cryptographic operations that are needed, we can look to move them to the wallet over time

We just need the key derivation.

what do these do? and why are they part of the protokol library?

Please take a look at my comment. There is an issue with how we represent the key as jwk. It probably should be compressed. Nothing from the protokoll library should remain here. Atleast related to crypto.

Which comment? I can't find it

I think we can also just use an uuid?

same with integraiont of pr #2052

I think name can just be a string with CN=X, N=X I think that might be nicer to keep it like that. Otherwise we'll have to add a custom prop for everything

or we need to nest / rename it

i think if it's public we shouldn't call it _internal, but just fromIssuerSignedDocument. Or we don't allow creating it from IssuerSignedDocument at all (but something else).

Why do we need to add both the mdoc and the deviceResponse base64? The encoded device response also contains the mdoc right?

If it's for internal APIs it's ok, but for public APIs I'd like to avoid options that could conflict (what if they don't match?)

This is not the private part. It's a public key that can be used during verificadtion to know which private key to use.

Also, isn't the public key added in the device respnose, or do we need to make sure it's MAC'd to this specific key?

Either both key, or both PublicKey, but issuerKey and holderPublicKey doesn't make sense I think

Is device response an openid4vp specific object, if we're using BLE don't we use device response? If so I don't think the underlying API should be called openId4Vp?

Or should this method be called createOpenId4VpDeviceResponse?

nice but usually we name tests mdoc-deviceResponse-openid4vc.test.ts instead of using dots (which are more for extension types)

do we also want to add an oid4vci flow with mdoc? OR lateR?

I think this might look a bit clear?