My First VC
Last updated
Was this helpful?
SSI Kit
Last updated
Was this helpful?
In this tutorial, our fictional SSI Use-Case involves Emma, a recent university graduate, who wants to apply for a job. The employer requires proof of her academic credentials. To achieve this, she will use her Verifiable Degree Credential issued by her university.
Where we start:
Utilizing the walt.id SSI-Kit's REST-API, we will provide Emma with the Verifiable Degree Credential by creating a DID for both the university (Issuer) and Emma (Holder). After that, the employer (Verifier) will authenticate the Degree Credential using the associated DIDs.
What we do:
- for Emma + University
to Emma
from Emma
Make sure you have Docker or a JDK 16 build environment including Gradle installed on your machine
Pull the docker container directly from docker hub and run the project
This will create a folder called data in your current directory as storage for the VC, DIDs, Keys and other things which need to be stored in order to provide all the functionality.
Now with the project up and running, visit the URL displayed in your terminal. We will use it, to create our first DID (Decentralised Identifier). If you want to learn more about DIDs, visit the
Body Parameters
method: [string] method of the did. Value can be one of key, web, ebsi, iota, cheqd, jwk
Example
Create DIDs for the University (Issuer) and Emma (Holder) using the example above twice. Make sure to save the DIDs somewhere, as we will be needing them later for the issuance of the credential.
This Verifiable Diploma includes the following key elements:
"type": Defines the credential as both a general "VerifiableCredential" and a more specific "UniversityDegreeCredential".
"@context": Provides references to the necessary standards and examples for interpreting the credential.
"id": A unique identifier for the credential.
"issuer": The DID of the university issuing the diploma (e.g., "did:example:456").
"issuanceDate": The timestamp indicating when the credential was issued.
"issued": The timestamp indicating when the credential was issued.
"validFrom": The timestamp indicating from when the credential is valid.
"credentialSubject": Contains the DID of the credential holder (Emma - e.g., "did:example:123") and the details of the degree earned, such as the name of the degree and its type.
proof: The proof object contains the digital signature and related information that is used to verify the authenticity and integrity of the Verifiable Credential.
type: "JsonWebSignature2020" indicates the cryptographic suite used for generating the digital signature. In this case, it's the JSON Web Signature (JWS) standard based on the Ed25519 signature algorithm.
creator: "did:example:456" is the DID of the entity that created the digital signature, in this case, the issuer of the Verifiable Credential.
created: "2023-03-21T15:35:08Z" is the timestamp when the digital signature was created. It is in the ISO 8601 format.
verificationMethod: "did:example:456" is the identifier for the public key or cryptographic method used to verify the digital signature.
jws: is the actual digital signature (JWS) generated using the Ed25519 algorithm. This signature is used to verify the authenticity and integrity of the Verifiable Credential.
Now that we know how the credential looks like, let's issue it.
Issue
Body Parameters
templateId: [string] The identifier of the template used for issuing a Verifiable Credential. This template defines the structure and format of the credential being issued.
config: [object] Contains configuration parameters for the issuance process.
issuerDid: [string] The DID of the entity issuing the credential (University).
subjectDid: [string] The DID of the entity receiving the credential (Emma).
proofType: [string] Specifies the format and cryptographic algorithm used for the digital signature of the Verifiable Credential. E.g. LD_PROOF
credentialData: [object] Contains the actual data of the credential being issued.
credentialSubject: [object] Holds the information about the credential holder and the earned degree.
id: [string] The DID of the credential holder, identical to the subjectDid in the config object.
degree: [object] Contains details of the degree earned by the credential holder.
name: [string] The name of the earned degree (e.g., "Bachelor of Science and Arts").
type: [string] The type of the earned degree (e.g., "BachelorDegree").
Example:
Awesome, you just issued your first VC 🎉. Now Emma can use it to prove her academic credentials to her employer.
Emma needs to verify her academic credentials to her employer, which involves the following steps performed by the verifier (employer):
Verify the credential's digital signature: The Verifier checks if the digital signature on the credential is valid and has been signed by the Issuer's private key. This ensures that the credential was indeed issued by the claimed Issuer.
Check the Issuer's DID: The Verifier validates the Issuer's Decentralized Identifier (DID) by resolving it to a DID Document. This step helps confirm the Issuer's identity and retrieve their public key for signature verification.
Verify the Holder's DID: The Verifier checks the credential's subject (i.e., the Holder) by validating their DID. This ensures that the credential was issued to the correct entity and prevents unauthorized use of the credential.
Check the credential's status: (Not for our use-case) The Verifier may also query the credential's status on a registry, ledger, or another trusted source. This step helps confirm whether the credential is still valid or has been revoked by the Issuer.
Check the credential's integrity: The Verifier confirms that the credential data has not been tampered with since issuance. This is typically done by comparing the signed data with the credential's content to detect any discrepancies.
Verify the credential's issuance and expiration dates: The Verifier checks the issuance and expiration dates (if applicable) of the credential to ensure it was issued within the specified time frame and is still valid.
Example
You have successfully issued and verified a Verifiable Credential. Great job!! Emma can start her new job 🎉 Where to go next?
Using the DIDs from the previous step, we will now issue a University Degree Credential. To issue the credential, we will be using the . Below you find the final credential structure. Verifiable Diploma
To verify the credential, we will be using the endpoint.
Exploring ssi-kit Capabilities - Familiarize yourself with the various features of ssi-kit by reviewing the or section.
- Discover the potential applications of Verification Policies and how they can be useful for your particular use-case.
- Visit our ecosystem overview page to explore the different ecosystems (did:methods) that we support.