Im playing around with proof requests, proofs and their verification. I noticed that the current java wrapper verifies a manipulated proof to true, althoug it should be false.

For manipulation I changed the raw value in:

“requested_proof”: {

“predicates”: {},

“self_attested_attrs”: {},

“revealed_attrs”: {

“attr1_referent”: {

“raw”: “L2ZKT17Q2”,

“sub_proof_index”: 0,

“encoded”: “1405580844876701323570”

}

},

“unrevealed_attrs”: {}

to another value, which was not issued with the credential.

I also noticed that encoding attributes in the credential affects the verification of a generated proof. E.g. hasing a given string with sha-256 to a hex string and then convertig it to big int results in an indy exception. Encoding the same value with smaller numbers gives no errors.

Has someone notices the same? how do you encode raw values?

My libindy: 1.90