This tutorial offers step-by-step guidance on how to verify a Verifiable Presentation.
⚠️ Before you begin...
Make sure you've correctly configured the cheqd plugin's agent settings for Veramo CLI
The cryptographic verification in this tutorial will be based on JWT proof of a previously-created Verifiable Presentation.
presentation verify
functionIf you have the generated Verifiable Presentation stored, pass it to the presentation verify
function:
If the verification is successful, you'll receive this response:
If you belive you did everything right(created a verifiable presentation and you did not tamper it), and for some reason you're getting
First, make sure you are using a node
with version 16
or above.
Second, Change veramo cli version to @veramo/cli@latest -g
as previous versions cause few issues in verification. This will override the previous version you have installed.
Run command below to verify your JWT presentation.
This tutorial offers step-by-step guidance on how to create a Verifiable Presentation.
⚠️ Before you begin... Make sure you've correctly configured the cheqd plugin's agent settings for Veramo CLI
A Verifiable Presentation is a way a credential holder can generate cryptographicall-verifiable proof that they are in posession of the identity keys (e.g., did:key
) the credential was issued to.
This is important because just the Verifiable Credential and its JWT proof, on its own, is susceptible to replay attacks where intercepted Verifiable Credentials could be played back.
The process of creating a Verifiable Presentation is one way of addressing these security concerns.
Begin the process of creating a Verifiable Presentation using:
Specify the subject identity key to be used for signing Verifiable Presentation, e.g., chosen holder did:key
.
Tag
for the Verifiable PresentationHit Enter to accept the default at this step
Select how many verifiers will need to be able to verify the presentation.
This can be the same as the Verifiable Credential, or a sub-section of it. Choose Enter for default.
Select the DID of the verifier from the options presented. In a very simplistic scenario, the verifier could be the same as the issuer, e.g., a scenario where the holder returns a period of time to show they were issued a credential.
You can select one or more Verifiable Credentials to bundle up into the Verifiable Presentation.
After these choices are made, the Verifiable Presentation will be displayed in JSON format along with JWT proof.
Save this output in the folder you have been using throughout, saving as pres.txt
.
You will need to call on this to verify the presentation in the next step.
In a real-world usage scenario, the Verifiable Presentation output generated above would be electronically (e.g., as API messages) or non-electronically (e.g., encoded to a QR code) shared with the verifier/recipient.
Verifiers/recipients would then be able to verify the Verifiable Presentation to check cryptographically the contents are untampered.
This tutorial offers step-by-step guidance on how to issue a verifiable credential
⚠️ Before you begin...
Make sure you've correctly configured the cheqd plugin's agent settings for Veramo CLI
The subject (holder) of this credential will be an off-ledger did:key
DID. The rationale for using off-ledger DIDs when issuing a credential is because the fact that they aren't persisted on ledger means they cannot be correlated or tracked to specific users/individuals.
This allows a user to have multiple did:key
identities, and the identifier/handle they reveal when sharing a Verifiable Credential is context-dependent and better for privacy.
The issuer of the credential, on the other hand, uses an on-ledger did:cheqd
DID since this needs to be publicly-accessible and cryptographically verifiable.
did:key
subject DIDNormally, the credential holder will provide a did:key
DID they have generated themselves (usually done in the background by apps they are using). So, this step typically isn't done by a credential issuer.
For the purpose of this tutorial though, we recommend you create a did:key
subject DID for the later steps.
Start credential generation using:
You'll be presented with an multiple options select:
jwt
for JSON credential, encoded as a JSON Web Token (JWT), a W3C compliant proof format.
lds
for JSON-LD credential, encoded as a Data Integrity Proofs, a W3C compliant proof format.
If you want to learn more about different types of verifiable credentials please go over to our learning site here.
Select which Issuer DID stored in your local storage you'd like to issue the credential from, e.g., did:cheqd:mainnet:zAXwwqZzhCZA1L77ZBa8fhVNjL9MQCHX
The assumption here is that you've either created the issuer DID or stored the DIDDoc by querying it.
Select which subject DID from your local agent storage the credential should be issued to, e.g., did:key:z6Mkktr27VZ7TTFoTsD9p79JwtGnQDgJWKGrxJ79quE7M5Yx
.
This could the subject DID created in Step 1.
This is currently free-text. However, you can hit Enter to use VerifiableCredential
as the default credential context.
The claim type can be thought of as the label in a form field. It can denote the purpose/attribute being stored in the credential.
For example, the claim type name
could refer to the name of an individual.
Enter the value of the claim type. For example, you specified name
as the claim type, the value could be Alice
.
In this tutorial, we will create a credential with only a single name-value pair.
JSON/JWT credentials with DIDs anchored on cheqd are currently not revocable, so please choose No
at this step.
Privacy-preserving credential revocation is a major element of cheqd's roadmap.
At this last step, Veramo CLI generates the credential based on the inputs above.
Note: The human-readable JSON body below is purely for easier parsing by developers/applications. The proof is encoded as JWT or JWS at the bottom of the credential, which can be decoded to reconstruct the entire credential.
Note that the JSON is unordered so the output of the fields could be in a different order
You can save the generated Verifiable Credential, as you can later use it to verify the credential cryptographically or generate presentations to show the credential to others.
Learn about Verifiable Credentials and Presentations
If you want to learn more about what Verifiable Credentials and Presentations are, please go over to our learning site here.
Veramo SDK plugin supports two major digital Credential types. Below you can learn about these Credential formats:
Below are a list of alternatives for using Credentials with cheqd support. Each offers a different set of protocols and underlying technical capabilities.
Learn about different types of Verifiable Credentials
JSON (JWT)
JSON Web Token (JWT) Credentials are a simple way to transmit Trusted Data as a JSON object.
JSON-LD
JSON-LD (Linked Data) Credentials are a richer data format, allowing applications to follow embedded links to other pieces of Linked Data across the web.
Setup Veramo CLI
Before you get started, you need to install our Veramo packages and setup the CLI.
Issue Credentials
Issue W3C conformant Verifiable Credentials over DIDComm.
Verify Credentials
Verify whether Credentials are valid, have been tampered or have expired.
cheqd Studio
Our API product enables users to use cheqd's functionality with minimal complexity and easily integrate APIs into existing apps.
Credo
Credo is an SDK which supports the European Architecture and Reference Framework (ARF) standards as well as AnonCreds with full cheqd support for DIDs.
Walt.id SSI Kit
Walt.id SSI Kit is an SDK that supports the European Architecture and Reference Framework (ARF) standards for identity, with full cheqd support.
This tutorial offers step-by-step guidance on how to verify a , encoded as a , a
⚠️ Before you begin...
Make sure you've correctly for Veramo CLI
This tutorial assumes you have so that it can be cryptographically verified as untampered.
credential verify
functionIf you have the stored in a file, say, cred.json
, pass it to the credential verify
function:
Instead of piping the file like above, you can also verify the credential using the raw credential or JWT as follows:
Then enter the JWT or entire JSON credential including the JWT.
If the credential can be verified correctly, the response will be:
Credential verification is done by decoding the JWT proof and checking if it's tampered or not. Feel free to test this yourself by tampering with the jwt
contents in the credential:
If you belive you did everything right(created a verifiable credential and you did not tamper it), and for some reason you're getting
First, make sure you are using a node
with version 16
or above.
Second, change Veramo CLI version to @veramo/cli@latest -g
as previous versions cause few issues in verification. This will override the previous version you have installed.
Run command below to verify your JWT credential.
Look into through Verifiable Presentations.