To create an encrypted Verifiable Credential Status List v2021 with a set of Access Control Conditions, an Issuer will need to:
Compile a payload.json
file with requisite Access Control Conditions;
Submit a create Status List
transaction the the ledger.
Below are examples of encrypted Status List Payload files:
The provided code snippets above show two Status List Payload files for both Revocation and Suspension.
The Payload files are a crucial configuration element that establishes Payment Conditions for unlocking a Status List Resource. Let's break down the components of this code to understand how it achieves this access control mechanism:
"kms"
"local"
This indicates that a local Key Management System (KMS) is being used for cryptographic operations, ensuring secure key handling.
"issuerDid"
"did:cheqd:testnet:322761ea-587d-454a-a955-745200301b99"
Specifies the issuer's Decentralized Identifier (DID), uniquely identifying the entity responsible for managing and issuing verifiable credentials.
"statusListName"
"status-list-2021-encrypted"
Names the Verifiable Credential Status List, providing context for its purpose.
"statusPurpose"
"revocation"
Defines the purpose of the status list. This can be either revocation or suspension.
"encrypted"
true
Indicates that the Verifiable Credential Status List, crucially, is encrypted, enhancing data privacy and security. This can be either true or false (unencrypted).
"paymentConditions"
[...]
Describes the payment conditions required for accessing the status list. In this case, a timelock payment mechanism is used, specifying the fee payment address, amount, and interval.
"returnSymmetricKey"
true
Specifies that the symmetric key for decrypting the status list will be returned.
"chain"
"cheqdTestnet"
Specifies whether the encrypted keys should be broadcast on cheqdMainnet
or cheqdTestnet
"network"
"serrano"
Specifies the network where the sharded decryption keys will be stored (across Lit Protocol)
Once an Issuer has compiled the Payload file, they can submit this to the ledger using the following transaction:
The ledger will acknowledge that this StatusList bitstring should be This indicates to the ledger that the Resource should be fully encrypted and only be decrypted upon the set conditions being met.
The following code snippet shows an example of an encrypted Status List broadcast on-ledger as a DID-Linked Resource:
Importantly, the only encrypted element is the "encodedList"
element. This provides the Verifier sufficient information to be able to make the payment back the the Issuer and to fulfill the Access Control Conditions, without being able to see the contents of the Status List itself.
By utilizing cryptographic operations, specifying payment requirements, and ensuring data encryption, this configuration enhances the security, integrity, and controlled access to the Status List, aligning with the principles of decentralized and secure identity management.
Create a DID
Create a W3C conformant Decentralised Identifier using cheqd's DID Method (did:cheqd), using the Veramo SDK Plugin.