• Stars
    star
    138
  • Rank 264,508 (Top 6 %)
  • Language
    JavaScript
  • License
    BSD 3-Clause "New...
  • Created about 7 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

W3C Verifiable Credentials implementation in JavaScript

Verifiable Credentials JS Library (@digitalbazaar/vc)

Build Status NPM Version

A Javascript library for issuing and verifying Verifiable Credentials.

Table of Contents

Security

As with most security- and cryptography-related tools, the overall security of your system will largely depend on your design decisions (which key types you will use, where you'll store the private keys, what you put into your credentials, and so on.)

Background

This library is a Javascript (Node.js and browser) implementation of the Verifiable Credentials Data Model 1.0 specification (the JWT serialization is not currently supported).

It allows you to perform the following basic operations:

  1. Signing (issuing) a Verifiable Credential (VC).
  2. Creating a Verifiable Presentation (VP), signed or unsigned
  3. Verifying a VP
  4. Verifying a standalone VC

Pre-requisites: Usage of this library assumes you have the ability to do the following:

  • Generate LD key pairs and signature suites
  • Publish the corresponding public keys somewhere that is accessible to the verifier.
  • Make sure your custom @contexts, verification methods (such as public keys) and their corresponding controller documents, and any other resolvable objects, are reachable via a documentLoader.

Install

  • Browsers and Node.js 14+ are supported.

To install from NPM:

npm install @digitalbazaar/vc

To install locally (for development):

git clone https://github.com/digitalbazaar/vc.git
cd vc
npm install

Usage

Setting up a signature suite

For signing, when setting up a signature suite, you will need to pass in a key pair containing a private key.

import vc from '@digitalbazaar/vc';

// Required to set up a suite instance with private key
import {Ed25519VerificationKey2020} from
  '@digitalbazaar/ed25519-verification-key-2020';
import {Ed25519Signature2020} from '@digitalbazaar/ed25519-signature-2020';

const keyPair = await Ed25519VerificationKey2020.generate();

const suite = new Ed25519Signature2020({key: keyPair});

Issuing a Verifiable Credential

Pre-requisites:

  • You have a private key (with id and controller) and corresponding suite
  • If you're using a custom @context, make sure it's resolvable
  • (Recommended) You have a strategy for where to publish your Controller Document and Public Key
const vc = require('@digitalbazaar/vc');

// Sample unsigned credential
const credential = {
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://www.w3.org/2018/credentials/examples/v1"
  ],
  "id": "https://example.com/credentials/1872",
  "type": ["VerifiableCredential", "AlumniCredential"],
  "issuer": "https://example.edu/issuers/565049",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "alumniOf": "Example University"
  }
};

const signedVC = await vc.issue({credential, suite, documentLoader});
console.log(JSON.stringify(signedVC, null, 2));

Creating a Verifiable Presentation

Pre-requisites:

  • You have the requisite private keys (with id and controller) and corresponding suites
  • If you're using a custom @context, make sure it's resolvable
  • (Recommended) You have a strategy for where to publish your Controller Documents and Public Keys

Creating an unsigned presentation

To create a presentation out of one or more verifiable credentials, you can use the createPresentation() convenience function. Alternatively, you can create the presentation object manually (don't forget to set the @context and type properties).

To create a verifiable presentation with a custom @context field use a custom documentLoader

const verifiableCredential = [vc1, vc2]; // either array or single object

// optional `id` and `holder`
const id = 'ebc6f1c2';
const holder = 'did:ex:12345';

const presentation = vc.createPresentation({
  verifiableCredential, id, holder
});

console.log(JSON.stringify(presentation, null, 2));
// ->
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "type": [
    "VerifiablePresentation"
  ],
  "id": "ebc6f1c2",
  "holder": "did:ex:12345",
  "verifiableCredential": [
    // vc1:
    {
      "@context": [
        "https://www.w3.org/2018/credentials/v1",
        "https://www.w3.org/2018/credentials/examples/v1"
      ],
      "id": "http://example.edu/credentials/1872",
      "type": [
        "VerifiableCredential",
        "AlumniCredential"
      ],
      "issuer": "https://example.edu/issuers/565049",
      "issuanceDate": "2010-01-01T19:23:24Z",
      "credentialSubject": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "alumniOf": "<span lang=\"en\">Example University</span>"
      },
      "proof": {
        "type": "Ed25519Signature2018",
        "created": "2020-02-03T17:23:49Z",
        "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..AUQ3AJ23WM5vMOWNtYKuqZBekRAOUibOMH9XuvOd39my1sO-X9R4QyAXLD2ospssLvIuwmQVhJa-F0xMOnkvBg",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "https://example.edu/issuers/keys/1"
      }
    },
    // vc2 goes here ...
  ]
}

Note that this creates an unsigned presentation (which may be valid for some use cases).

Custom documentLoader

Pre-requisites:

  • You have an existing valid JSON-LD @context.
  • Your custom context is resolvable at an address.
// jsonld-signatures has a secure context loader
// by requiring this first you ensure security
// contexts are loaded from jsonld-signatures
// and not an insecure source.
const {extendContextLoader} = require('jsonld-signatures');
const vc = require('@digitalbazaar/vc');
// @digitalbazaar/vc exports its own secure documentLoader.
const {defaultDocumentLoader} = vc;
// a valid json-ld @context.
const myCustomContext = require('./myCustomContext');

const documentLoader = extendContextLoader(async url => {
  if(url === 'did:test:context:foo') {
    return {
      contextUrl: null,
      documentUrl: url,
      document: myCustomContext
    };
  }
  return defaultDocumentLoader(url);
});

// you can now use your custom documentLoader
// with multiple vc methods such as:

const vp = await vc.signPresentation({
  presentation, suite, challenge, documentLoader
});

// or
const signedVC = await vc.issue({credential, suite, documentLoader});

// or
const result = await vc.verifyCredential({credential: signedVC, suite, documentLoader});

Signing the Presentation

Once you've created the presentation (either via createPresentation() or manually), you can sign it using signPresentation():

const vp = await vc.signPresentation({
  presentation, suite, challenge, documentLoader
});

console.log(JSON.stringify(vp, null, 2));
// ->
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "type": [
    "VerifiablePresentation"
  ],
  "verifiableCredential": [
    {
      "@context": [
        "https://www.w3.org/2018/credentials/v1",
        "https://www.w3.org/2018/credentials/examples/v1"
      ],
      "id": "http://example.edu/credentials/1872",
      "type": [
        "VerifiableCredential",
        "AlumniCredential"
      ],
      "issuer": "https://example.edu/issuers/565049",
      "issuanceDate": "2010-01-01T19:23:24Z",
      "credentialSubject": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "alumniOf": "<span lang=\"en\">Example University</span>"
      },
      "proof": {
        "type": "Ed25519Signature2018",
        "created": "2020-02-03T17:23:49Z",
        "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..AUQ3AJ23WM5vMOWNtYKuqZBekRAOUibOMH9XuvOd39my1sO-X9R4QyAXLD2ospssLvIuwmQVhJa-F0xMOnkvBg",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "https://example.edu/issuers/keys/1"
      }
    }
  ],
  "id": "ebc6f1c2",
  "holder": "did:ex:holder123",
  "proof": {
    "type": "Ed25519Signature2018",
    "created": "2019-02-03T17:23:49Z",
    "challenge": "12ec21",
    "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..ZO4Lkq8-fOruE4oUvuMaxepGX-vLD2gPyNIsz-iA7X0tzC3_96djaBYDxxl6wD1xKrx0h60NjI9i9p_MxoXkDQ",
    "proofPurpose": "authentication",
    "verificationMethod": "https://example.edu/issuers/keys/1"
  }
}

Verifying a Verifiable Presentation

Pre-requisites:

  • Your custom @contexts, verification methods (like public keys) and their corresponding controller documents are reachable via a documentLoader.

To verify a verifiable presentation:

// challenge has been received from the requesting party - see 'challenge'
// section below

const result = await vc.verify({presentation, challenge, suite, documentLoader});
// {valid: true}

By default, verify() will throw an error if the proof section is missing. To verify an unsigned presentation, you must set the unsignedPresentation flag:

const result = await vc.verify({
  presentation, suite, documentLoader, unsignedPresentation: true
});
// {valid: true}

challenge parameter

Verifiable Presentations are typically used for authentication purposes. A challenge param (similar to a nonce in OAuth2/OpenID Connect) is provided by the party that's receiving the VP, and serves to prevent presentation replay attacks. The workflow is:

  1. Receiving party asks for the VerifiablePresentation, and provides a challenge parameter.
  2. The client code creating the VP passes in that challenge (from the requesting party), and it gets included in the VP.
  3. The client code passes the VP to the receiving party, which then checks to make sure the challenge is the same as the one it provided in the request in 1).

Verifying a Verifiable Credential

For most situations, Verifiable Credentials will be wrapped in a Verifiable Presentation and the entire VP should be verified. However, this library provides a utility function to verify a Verifiable Credential on its own.

Pre-requisites:

  • Your custom @contexts, verification methods (like public keys) and their corresponding controller documents are reachable via a documentLoader.

To verify a verifiable credential:

const result = await vc.verifyCredential({credential, suite, documentLoader});
// {valid: true}

To verify a verifiable credential with a custom @context field use a custom documentLoader

CLI

To use on the command line, see vc-js-cli.

Testing

To run Mocha tests:

npm run test-node

To run Karma (in-browser) tests:

npm run test-karma

Contribute

See the contribute file!

PRs accepted.

Note: If editing the Readme, please conform to the standard-readme specification.

Commercial Support

Commercial support for this library is available upon request from Digital Bazaar: [email protected]

License

New BSD License (3-clause) © Digital Bazaar

More Repositories

1

forge

A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps
JavaScript
4,789
star
2

jsonld.js

A JSON-LD Processor and API implementation in JavaScript
JavaScript
1,660
star
3

pyld

JSON-LD processor written in Python
Python
605
star
4

php-json-ld

PHP implementation of a JSON-LD Processor and API
PHP
266
star
5

jsonld-signatures

An implementation of the Linked Data Signatures specification for JSON-LD. Works in the browser and Node.js.
JavaScript
132
star
6

bedrock

Bedrock: A core foundation for rich Web applications.
JavaScript
59
star
7

did-cli

A client for managing Decentralized Identifiers
JavaScript
44
star
8

authn.io

Credential Mediator Polyfill
Vue
43
star
9

monarch

The Modular Networking Architecture - high-performance libraries for creating REST-based, JSON Web Services
C++
43
star
10

did-io

Decentralized identifier management library for browser and node.js
JavaScript
40
star
11

jsonld-request

LIbrary to load JSON-LD from stdin, URLs, or files.
JavaScript
38
star
12

crypto-ld

JavaScript
31
star
13

jsonld-cli

JSON-LD command line interface tool
JavaScript
31
star
14

json-ld

A Context-based JSON Serialization for Linked Data
Perl
25
star
15

credential-handler-polyfill

Credential Handler API polyfill
JavaScript
24
star
16

zcap

Linked Data Capabilities reference implementation
JavaScript
23
star
17

did-method-key

A did-io driver for the DID "key" method
JavaScript
23
star
18

payswarm-wordpress

PaySwarm plugin for WordPress
CSS
18
star
19

payswarm.js

A PaySwarm client for node.js
JavaScript
18
star
20

qram

Cram arbitrarily large data into multiple streaming QR-codes
JavaScript
18
star
21

cborld

A Javascript CBOR-LD processor for web browsers and Node.js apps.
JavaScript
17
star
22

rdf-canonize

An implementation of the RDF Dataset Normalization Algorithm in JavaScript.
JavaScript
15
star
23

minimal-cipher

Minimal encryption/decryption JWE library, secure algs only, browser-compatible.
JavaScript
13
star
24

hashlink

JavaScript implementation of Cryptographic Hyperlinks specification.
JavaScript
13
star
25

p3

The PaySwarm Payment Processor (p3)
JavaScript
12
star
26

edv-client

An Encrypted Data Vault Client
JavaScript
11
star
27

encrypted-data-vaults

A privacy-respecting mechanism for storing, indexing, and retrieving encrypted data at a storage provider.
HTML
10
star
28

vc-revocation-list

Verifiable Credentials Revocation List 2020 JavaScript implementation
JavaScript
10
star
29

payswarm

The PaySwarm Project is creating a standard mechanism for purchasing and re-selling digital goods online.
Python
10
star
30

ed25519-signature-2020

Ed25519Signature2020 Linked Data Proof suite for use with jsonld-signatures.
JavaScript
9
star
31

payswarm-python

Python client library for PaySwarm
Python
9
star
32

vc-demo

A demonstration of issuing and verifying Verifiable Credentials.
9
star
33

equihash

Equihash Proof of Work for Node.js
C++
9
star
34

opencred-idp

Open Credentials Identity Provider and demo websites
PHP
8
star
35

http-signature-header

JavaScript
8
star
36

forge-dist

A native JavaScript implementation of TLS, cryptography primitives, and other webapp tools.
7
star
37

bitmunk

An open source, copyright-aware peer-to-peer client that enables browser-based buying/selling of music, movies and television by fans.
C++
7
star
38

cc-structured-data

Analyzes HTML content for RDFa, Microdata and Microformats
Java
6
star
39

credential-handler-demo

Credential Handler API demo
Vue
6
star
40

rdf-canonize-native

A native implementation of the RDF Dataset Normalization Algorithm for Node.js.
JavaScript
6
star
41

ezcap

An opinionated Authorization Capabilities client
JavaScript
6
star
42

webkms-client

A JavaScript Web Kms client library
JavaScript
6
star
43

le-store-redis

Redis certificate storage back-end for Node Let's Encrypt
JavaScript
5
star
44

bedrock-ledger-storage-mongodb

A storage subsystem for Bedrock ledger.
JavaScript
5
star
45

web-ledger-client

An implementation of a a Web Ledger client
JavaScript
5
star
46

ed25519-verification-key-2018

Javascript library for generating and working with Ed25519 key pairs, for use with crypto-ld.
JavaScript
5
star
47

jsonld-document-loader

JavaScript
5
star
48

web-payments.io

Website-side of the payments polyfill
JavaScript
5
star
49

webid-demo

WebID demonstration source code
JavaScript
5
star
50

jsonld-patch

JSON patch for JSON-LD
JavaScript
5
star
51

base58-universal

Encode/decode using "The Base58 Encoding Scheme".
JavaScript
4
star
52

payment-handler-polyfill

A polyfill for the Payment Handler API
JavaScript
4
star
53

opencred-verifier

Open Credentials Verifier JavaScript API
JavaScript
4
star
54

vpqr

Takes a Verifiable Presentation, compresses it via CBOR-LD, and turns it into a QR Code. For Node.js and browser.
JavaScript
4
star
55

bedrock-ledger-node

A Bedrock module that supports the creation and management of decentralized ledgers.
JavaScript
4
star
56

base64url-universal

Encode/decode "Base64url Encoding" format of JSON Web Signature (JWS) RFC7517.
JavaScript
4
star
57

did-context

DID Context
JavaScript
4
star
58

x25519-key-agreement-key-2019

An X25519 (Curve25519) DH key implementation to work with the crypto-ld LDKeyPair API
JavaScript
4
star
59

http-signature-zcap-invoke

A library for invoking Authorization Capabilities via HTTP signatures
JavaScript
3
star
60

web-request-mediator

A mediator for requests made by relying party Web Apps that are fulfilled by third party service provider Web apps
JavaScript
3
star
61

bedrock-edv-storage

Encrypted Data Vault Storage for Bedrock Apps
JavaScript
3
star
62

ed25519-signature-2018

A Javascript Ed25519 signature suite, for use with jsonld-signatures in the browser and server-side.
JavaScript
3
star
63

bitstring

A Bitstring module for universal JavaScript
JavaScript
3
star
64

bedrock-ledger-consensus-continuity

Web Ledger Continuity Consensus Protocol
JavaScript
3
star
65

security-document-loader

A JSON-LD documentLoader library pre-loaded with core commonly used contexts (suites, VC, DIDs).
JavaScript
3
star
66

monarch-benchmark

A suite of tools for benchmarking Monarch and Apache
C++
2
star
67

bedrock-web-vc-store

A Javascript library for storing Verifiable Credentials for Bedrock web apps
JavaScript
2
star
68

payment-handler-demo

Payment Handler API polyfill demo
HTML
2
star
69

bedrock-angular-lazy-compile

Bedrock AngularJS Lazy Compile
JavaScript
2
star
70

base58-spec

The Base58 Encoding Scheme
XSLT
2
star
71

obv3-test-suite

Open Badges v3 Test Suite
JavaScript
2
star
72

bedrock-angular-form

Bedrock AngularJS Form support
JavaScript
2
star
73

web-request-rpc

JSON-RPC for Web Request Polyfills
JavaScript
2
star
74

bedrock-kms-http

HTTP APIs for Bedrock Key Management
JavaScript
2
star
75

eslint-config-digitalbazaar

JavaScript
2
star
76

canivc

Community compatibility dashboard for the Verifiable Credential ecosystem.
JavaScript
2
star
77

bedrock-idp

Bedrock Identity Provider
JavaScript
2
star
78

payswarm-news-demo

Demonstration of a PaySwarm Token application for bloggers and journalists
JavaScript
2
star
79

bedrock-account-http

HTTP APIs for Bedrock User Accounts
JavaScript
2
star
80

did-ssh

2
star
81

bedrock-mongodb

Bedrock mongodb module
JavaScript
2
star
82

vc-js-cli

JavaScript
2
star
83

ecdsa-secp256k1-verification-key-2019

JavaScript
2
star
84

http-client

An opinionated, isomorphic HTTP client.
JavaScript
2
star
85

bedrock-vue

Vue frontend framework running on Bedrock
JavaScript
2
star
86

chapi-demo-wallet

Credential Handler API Demo Wallet
HTML
2
star
87

bbs-2023-cryptosuite

A BBS-2023 Data Integrity cryptosuite for use with jsonld-signatures.
JavaScript
2
star
88

bedrock-tokenization

A Bedrock module for tokenizing identifiers and storing encrypted related data
JavaScript
2
star
89

webkms-switch

A JavaScript Web Kms switch library
JavaScript
2
star
90

ed25519-verification-key-2020

Javascript library for generating and working with Ed25519VerificationKey2020 key pairs, for use with crypto-ld.
JavaScript
2
star
91

bedrock-views

Bedrock website views module
JavaScript
1
star
92

bedrock-authn-token

Simple token-based authentication for Bedrock apps
JavaScript
1
star
93

d-langtag-ext

An extension to the language tag to support text direction.
XSLT
1
star
94

edv

Encrypted Data Vault
1
star
95

did-method-key-spec

HTML
1
star
96

bedrock-ledger-agent

Bedrock module that provides management of ledger agents
JavaScript
1
star
97

http-proofs

A new HTTP Header to express cryptographic proofs, such as proof-of-work, when accessing a resource.
XSLT
1
star
98

bedrock-mail

Bedrock mail
JavaScript
1
star
99

bedrock-web-pdf417

JavaScript
1
star
100

cit-vocab

Concealed ID Tokens
HTML
1
star