This tutorial describes the steps to verify cryptographically a Verifiable Credential in blockchain and Root-of-Trust, using the SSI API.
- ssi-api: to see how to install and run the REST API go to the official repository: https://github.com/lacchain/ssi-api
Note: This tutorial assumes that you have the API running at http://localhost:8080.
With the SSI API you can verify any VC issuer that follows the same method described in this tutorial series. To verify a VC, just provide the full JSON-LD in body request, as it is show in the following command:
curl -X POST http://localhost:8080/vc/verify \
-H 'Content-Type: application/json' \
--data-binary $'{"@context": \[ "https://www.w3.org/2018/credentials/v1", "https://credentials-library.lacchain.net/credentials/trusted/v1", "https://w3id.org/security/bbs/v1", "https://w3id.org/vaccination/v1"\],"type": \[ "VerifiableCredential", "VaccinationCertificate"\],"id": "urn:uuid:8943777a-d376-45ca-90b4-572b7592fc38","name": "COVID-19","issuer": "did:lac:main:0xdfeb89479ad22cf277b3e3100c128a0151e612cb","issuanceDate": "2022-07-10T00:06:29.152Z","expirationDate": "2024-06-22T16:04:16.297Z","trustedList": "0x3Bfd7Ed9FFcD97F2f1EDd96C20D72F3236794c66","credentialSubject": { "id": "did:lac:main:0xeaa30ea9dd1da717034bcd9ebee5b62694d10ce7", "type": "VaccinationEvent", "batchNumber": "034343", "administeringCentre": "Mexico City Vaccination Center 1", "healthProfessional": "Juan Perez", "countryOfVaccination": "Mexico", "order": "1", "recipient": { "type": "VaccineRecipient", "givenName": "Sergio", "familyName": "Ceron", "gender": "male", "birthDate": "01-01-1989" }, "vaccine": { "type": "Vaccine", "disease": "COVID-19", "atcCode": "J07BX03" }},"proof": \[ { "type": "EcdsaSecp256k1Signature2019", "created": "2022-07-10T00:06:32.876Z", "proofPurpose": "assertionMethod", "verificationMethod": "did:lac:main:0xdfeb89479ad22cf277b3e3100c128a0151e612cb#vm-0", "domain": "0xD923669d0E95f0dE8bCdDD4192f43dED7DDaC6a3", "proofValue": "0x7cde8446d4345096e54b5146e07e63091f5ae6d606396df738cffac89c8add3c4e77a598cf65d0b7e4bfb23b258be86bdf9eaede0ca2a270b87d9c3b2c0e2eae1b" }\],"credentialStatus": { "id": "0xEc95EEafc97819effe49A5D2622f1398ec73B57F", "type": "SmartContract"} }'
This command perform all the verifications in the Claims Verifier smartcontract provided in the issuer proof section to verify cryprographically the credential and build/verify the Root-of-Trust using the trustedList parameter in the VC. The result of the verification is described in the following JSON:
{
"credentialExists":true,
"isNotRevoked":true,
"issuerSignatureValid":true,
"additionalSigners":true,
"isNotExpired":true,
"rootOfTrust":[
{
"type":"Root PKD",
"name":"Public Key Directory",
"detail":"0x723a4739588c49476D3AEFEB6562d2f2DB50b314",
"valid":true
},
{
"type":"Trusted List",
"name":"National TL 1",
"detail":"0x3Bfd7Ed9FFcD97F2f1EDd96C20D72F3236794c66",
"valid":false
},
{
"type":"Issuer",
"name":"Entity 1",
"detail":"0xdfeb89479ad22cf277b3e3100c128a0151e612cb",
"valid":true
}
]
}
Where:
- credentialExists: If the credential is registered in the Claims Verifier (boolean),
- isNotRevoked: If the credential has not been revoked (boolean),
- issuerSignatureValid: If the issuer signature is valid cryptographically (boolean),
- additionalSigners: If the credential has additional signatures and they are valid (boolean),
- isNotExpired: If the credential has not expired yet (boolean),
- rootOfTrust: The Chain of Trust