Update the credential format and encryption parameters

QZHelen · QZHelen · commit 0849f34d541e · 2025-06-11T14:01:36.000-07:00
diff --git a/app/src/main/assets/pnv.wasm b/app/src/main/assets/pnv.wasm
diff --git a/app/src/main/java/com/credman/cmwallet/Utils.kt b/app/src/main/java/com/credman/cmwallet/Utils.kt
@@ -214,6 +214,7 @@ fun jweSerialization(recipientKeyJwk: JSONObject, plainText: String): String {
     header.put("apu", partyUInfo.toBase64UrlNoPadding())
     header.put("apv", partyVInfo.toBase64UrlNoPadding())
     header.put("alg", "ECDH-ES")
+    header.put("kid", kid)
     header.put("enc", "A128GCM")
     header.put("epk", JSONObject(kp.public.toJWK().toString()))
     val headerEncoded = header.toString().toByteArray().toBase64UrlNoPadding()
diff --git a/app/src/main/java/com/credman/cmwallet/pnv/PnvTokenRegistry.kt b/app/src/main/java/com/credman/cmwallet/pnv/PnvTokenRegistry.kt
@@ -90,7 +90,7 @@ data class PnvTokenRegistry(
     companion object {
         const val VCT_GET_PHONE_NUMBER = "number-verification/device-phone-number/ts43"
         const val VCT_VERIFY_PHONE_NUMBER = "number-verification/verify/ts43"
-        const val PNV_CRED_FORMAT = "dc+sd-jwt-pnv"
+        const val PNV_CRED_FORMAT = "dc-authorization+sd-jwt"
 
         internal const val CREDENTIALS = "credentials"
         internal const val ID = "id"
@@ -334,7 +334,7 @@ fun maybeHandlePnv(
     val deviceTelModuleJwt = createJWTES256(
         header = buildJsonObject {
             put("alg", "ES256")
-            put("typ", "dc+sd-jwt-pnv")
+            put("typ", "dc-authorization+sd-jwt")
             put("x5c", buildJsonArray {
                 add("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+TdTS2XLm+GzoFnwcBfDBzxpHyfA5t9NHIqGravV6L2i4BttORRF1DrjTBDELi265/KIjgtJ05zSFZ/jrUpkmw==")
             })
diff --git a/matcher/pnv/dcql.c b/matcher/pnv/dcql.c
@@ -39,7 +39,7 @@ cJSON* MatchCredential(cJSON* credential, cJSON* credential_store) {
     cJSON* aggregator_policy_url = NULL;
     cJSON* aggregator_policy_text = NULL;
     if (meta != NULL) {
-        if (strcmp(format, "dc+sd-jwt-pnv") == 0) {
+        if (strcmp(format, "dc-authorization+sd-jwt") == 0) {
             cJSON* vct_values_obj = cJSON_GetObjectItemCaseSensitive(meta, "vct_values");
             cJSON* cred_candidates = candidates;
             candidates = cJSON_CreateArray();
