Dual Signature Model
Agent-Pass implements a unique dual-signature verification model that provides mathematical proof of both agent identity and controller delegation, ensuring secure autonomous operation.
Why Dual Signatures?
Security Innovation: Unlike traditional authentication that only verifies identity, Agent-Pass verifies both the agent's identity AND the human's authorization in a single cryptographic proof.
Signature 1: Agent Proof
Agent proves its identity and possession of credentials
Agent signs the Verifiable Presentation
Includes challenge response (anti-replay)
Domain-bound for security
Proves agent has the credential
Signature 2: Controller Authorization
Controller's signature on the credential proves delegation
Controller signed the Agent Capability Credential
Defines scope and constraints
Time-bound expiration
Proves human authorized the agent
Verification Process
The dual verification process ensures that both signatures are cryptographically valid and that the agent has proper authorization to act on behalf of the controller.
Step-by-Step Verification
How Agent-Pass validates both agent identity and controller delegation
Complete Verification Flow
const verification = await agentPass.verifyVerifiablePresentation(
presentation,
expectedChallenge,
expectedDomain
);
// Internal verification process:
// 1. Verify Agent's Signature on Presentation
const presentationResult = await this.agent.verifyPresentation({
presentation: presentation,
challenge: expectedChallenge,
domain: expectedDomain,
});
if (!presentationResult.verified) {
return { verified: false, error: 'Invalid agent signature' };
}
// 2. Extract and Verify Controller's Signature on Credential
const credential = presentation.verifiableCredential[0];
const credentialResult = await this.agent.verifyCredential({
credential: credential,
});
if (!credentialResult.verified) {
return { verified: false, error: 'Invalid controller signature' };
}
// 3. Validate Credential Expiration
const now = new Date();
if (credential.expirationDate && new Date(credential.expirationDate) < now) {
return { verified: false, error: 'Credential has expired' };
}
// 4. Validate Challenge and Domain Binding
// (Automatically handled by Veramo's JWT verification)
// 5. Return Success with Both DIDs
return {
verified: true,
agentDid: credential.credentialSubject.id,
controllerDid: credential.issuer,
scope: credential.credentialSubject.scope,
constraints: credential.credentialSubject.constraints
};Security Benefits
✅ Prevents Agent Impersonation
Even if someone obtains an Agent Capability Credential, they cannot use it without the agent's private key.
Agent must sign every request
Private key never leaves agent
Credential alone is insufficient
✅ Prevents Unauthorized Delegation
An agent cannot grant itself permissions or exceed what the controller authorized.
Controller signature required for credentials
Agent cannot modify its own permissions
Scope and constraints are immutable
✅ Enables Audit Trail
Every action can be traced back to both the acting agent and the authorizing controller.
Clear chain of responsibility
Cryptographic non-repudiation
Complete action attribution
Attack Resistance
The dual-signature model provides strong protection against common attack vectors that would compromise single-signature systems.
Credential Theft
Scenario: Attacker steals Agent Capability Credential
Still requires agent's private key
Cannot sign presentations without agent
Credential is useless alone
Agent Compromise
Scenario: Attacker gains control of agent's private key
Limited to existing credential scope
Cannot exceed controller constraints
Credential can be revoked by controller
Replay Attacks
Scenario: Attacker intercepts and replays presentation
Challenge-response prevents reuse
Domain binding prevents cross-site use
Timestamp validation with clock skew
Privilege Escalation
Scenario: Agent attempts to exceed granted permissions
Scope validation enforced at verification
Constraints checked before action
Cannot modify credential post-issuance
Implementation Example
Complete Dual-Signature Flow
End-to-end example showing both signature creation and verification
Dual Signature Authentication
import { AgentPass } from '@agent-pass/core';
const agentPass = new AgentPass();
// === SETUP PHASE ===
// 1. Create identities (each gets their own DID + keys)
const controller = await agentPass.createControllerIdentity({
alias: 'human-manager'
});
const agent = await agentPass.createAgentIdentity({
alias: 'task-agent'
});
// 2. Controller creates and signs credential (Signature 1)
const credential = await agentPass.createAgentCapabilityCredential(
controller, // <- Controller's signature goes here
agent,
{
scope: ['read:documents', 'send:notifications'],
constraints: { maxNotificationsPerDay: 50 },
expirationDate: new Date('2024-12-31')
}
);
console.log('✅ Credential signed by controller:', credential.proof);
// === AUTHENTICATION PHASE ===
// 3. Relying party generates challenge
const challenge = agentPass.generateChallenge('api.company.com');
// 4. Agent creates and signs presentation (Signature 2)
const presentation = await agentPass.createVerifiablePresentation(
agent, // <- Agent's signature will be added here
credential,
challenge.challenge,
challenge.domain
);
console.log('✅ Presentation signed by agent:', presentation.proof);
// === VERIFICATION PHASE ===
// 5. Verify BOTH signatures
const verification = await agentPass.verifyVerifiablePresentation(
presentation,
challenge.challenge,
challenge.domain
);
if (verification.verified) {
console.log('🎉 DUAL VERIFICATION SUCCESSFUL!');
console.log('└─ Controller DID:', verification.controllerDid);
console.log('└─ Agent DID:', verification.agentDid);
console.log('└─ Granted Scope:', verification.scope);
// Both signatures are cryptographically valid:
// ✅ Agent signature on presentation (proves agent identity)
// ✅ Controller signature on credential (proves delegation)
} else {
console.error('❌ Verification failed:', verification.error);
}Comparison with Single-Signature Systems
| Security Property | Traditional Auth | Agent-Pass Dual |
|---|---|---|
| Agent Identity Verification | ||
| Controller Authorization Proof | ❌ | |
| Credential Theft Protection | ❌ | |
| Agent Key Compromise Limitation | ❌ | |
| Replay Attack Prevention | ⚠️ | |
| Cryptographic Non-Repudiation | ⚠️ |