No support for multisig issuance of private ACDCs

[nkongsuwan]

Currently, client.credentials().issue(kargsIss) does not support multisig issuance of private ACDCs.

The reason is that IssueCredentialArgs doesn't allow arbitrary salts u as input to the function issue(). As a result, when members of a multisig group try to issue a private ACDC, they will get inconsistent salts, acdc.u and acdc.a.u.

I suggest changing the interface IssueCredentialArgs to include inputs for the top-level salt and the one inside a, e.g., topLevelSalt?: boolean | string and attributeSalt?: boolean | string.

This issue is blocking PR #207 for the issuance of an ECR vLEI credential.

[psteniusubi]

Hi @nkongsuwan. I have run into this same issue.

I have not created a PR yet, but I have a quick and dirty fix that adds two parameters to IssueCredentialArgs

$ git stash show -p stash@{1}
diff --git a/src/keri/app/credentialing.ts b/src/keri/app/credentialing.ts
index 058ccdd..bd8feb2 100644
--- a/src/keri/app/credentialing.ts
+++ b/src/keri/app/credentialing.ts
@@ -81,6 +81,8 @@ export interface IssueCredentialArgs {
      * Flag to issue a credential with privacy preserving features
      */
     privacy?: boolean;
+    subjectSalt?: string;
+    acdcSalt?: string;
 }

 export interface IssueCredentialResult {
@@ -196,7 +198,9 @@ export class Credentials {

         const [, subject] = Saider.saidify({
             d: '',
-            u: args.privacy ? new Salter({}).qb64 : undefined,
+            u: args.privacy
+                ? args.subjectSalt ?? new Salter({}).qb64
+                : undefined,
             i: args.recipient,
             dt: dt,
             ...args.data,
@@ -205,7 +209,7 @@ export class Credentials {
         const [, acdc] = Saider.saidify({
             v: versify(Ident.ACDC, undefined, Serials.JSON, 0),
             d: '',
-            u: args.privacy ? new Salter({}).qb64 : undefined,
+            u: args.privacy ? args.acdcSalt ?? new Salter({}).qb64 : undefined,
             i: hab.prefix,
             ri: args.registryId,
             s: args.schemaId,

[lenkan]

I am starting to think it's better to create interfaces for the issuance and acdc payloads and just pass them through, just adding defaults and perhaps the saidifying.

Same for inception, interaction and rotation events.

[lenkan]

@nkongsuwan please see #222 for my proposal on how to solve this problem.

[lenkan]

I think this is resolved by #222