Hi Credo team,
I’m looking for guidance on a DIDExchange interoperability issue we’re seeing between Credo and ACA-Py, and I’m not sure whether this is a known 0.5.x limitation, a configuration issue on our side, or something that should be reported as a bug.
What we are doing
We are maintaining the Ayra Conformance Test Suite that uses Credo and ACA-Py as counterpart agents in DIDComm v2 / W3C VC flows.
In the failing case:
- Credo is acting as the inviter / reference agent
- ACA-Py is acting as the holder
- The flow fails during DIDExchange connection establishment, before credential issuance starts
What we observe
ACA-Py receives the Credo DIDExchange response, then rejects it with:
DIDXManagerError: DID rotate attachment signature failed verification
The connection then times out while waiting to reach connected.
Relevant behavior:
- invitation delivery succeeds
- ACA-Py accepts the invitation and sends a DIDExchange request
- Credo responds
- ACA-Py rejects the response because
did_rotate~attach signature verification fails
Environment
@credo-ts/*: 0.5.19- ACA-Py holder: current containerized sidecar in our CTS stack
- Node:
20
- Transport: DIDComm v2 / OOB + DIDExchange
- We are not relying on silent retries or inferred success; CTS waits for an explicit connected state
Why I’m asking first
I found the earlier related work around signed attachment / ACA-Py interop:
Those looked related, but our current failure still reproduces on 0.5.19, so I’m not sure whether this is:
- a different issue,
- expected behavior on
0.5.x,
- a configuration mistake in how we are using Credo,
- or something already fixed only in
0.6.x.
Question
Is this a known issue on Credo 0.5.x, and is there a recommended configuration or workaround for ACA-Py interoperability here?
More specifically:
- Should Credo be sending
did_rotate~attach in this DIDExchange path?
- If so, is there a known reason ACA-Py would fail to verify it?
- If not, is there a supported way to disable or change this behavior on
0.5.x?
- If this was fixed after
0.5.x, is there a specific 0.6.x change or PR I should look at?
If helpful, I can provide a more complete repro with sanitized invitation/response logs.
Thanks.
Hi Credo team,
I’m looking for guidance on a DIDExchange interoperability issue we’re seeing between Credo and ACA-Py, and I’m not sure whether this is a known
0.5.xlimitation, a configuration issue on our side, or something that should be reported as a bug.What we are doing
We are maintaining the Ayra Conformance Test Suite that uses Credo and ACA-Py as counterpart agents in DIDComm v2 / W3C VC flows.
In the failing case:
What we observe
ACA-Py receives the Credo DIDExchange response, then rejects it with:
The connection then times out while waiting to reach connected.
Relevant behavior:
did_rotate~attachsignature verification failsEnvironment
@credo-ts/*:0.5.1920Why I’m asking first
I found the earlier related work around signed attachment / ACA-Py interop:
Those looked related, but our current failure still reproduces on
0.5.19, so I’m not sure whether this is:0.5.x,0.6.x.Question
Is this a known issue on Credo
0.5.x, and is there a recommended configuration or workaround for ACA-Py interoperability here?More specifically:
did_rotate~attachin this DIDExchange path?0.5.x?0.5.x, is there a specific0.6.xchange or PR I should look at?If helpful, I can provide a more complete repro with sanitized invitation/response logs.
Thanks.