# Standalone VC Issue & Verify For certain use cases, it can be desirable to issue VCs independent of [DI Credential Exchange protocols](https://docs.sudoplatform.com/guides/decentralized-identity/cloud-agent/cloud-agent-admin-api/aries-interop-profile-aip/credential-exchanges). ## Sign a W3C Verifiable Credential The Cloud Agent can be used to sign a W3C Verifiable Credential using a specified cryptographic securing mechanism. The `signer` parameter accepts either a DID or a specific verification method. The mutation accepts a `credentialJson` , which must be a valid JSON stringified [W3C VCDM](https://www.w3.org/TR/vc-data-model-2.0/) (V1.1 or V2.0). The output includes both the finalised `credentialJson` (stringified JSON W3C VCDM object) that was ultimately signed, and the `securedCredentialJson` that is cryptographically signed by the agent (stringified JSON data using the specified securingMechanism.) ### Linked Data Proof Sign a credential using the Linked Data Proof securing mechanism, which produces a credential in the `ldp_vc` format - i.e. an embedded JSON-LD `proof` object. ```graphql mutation MyMutation { signCredential( input: { signer: "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK" format: { w3c: { credentialJson: "{\"@context\":[\"https://www.w3.org/2018/credentials/v1\"],\"type\":[\"VerifiableCredential\"],\"issuer\":\"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK\",\"issuanceDate\":\"2024-01-01T00:00:00Z\",\"credentialSubject\":{\"id\":\"did:example:123\",\"name\":\"Alice\"}}" securingMechanism: LINKED_DATA_PROOF } } } ) { ... on SignW3CCredentialResult { credentialJson securedCredentialJson } } } ``` ### SD-JWT Sign a credential using the Selective Disclosure JWT securing mechanism, which produces a credential in the `vc+sd-jwt` format - i.e. an SD-JWT encoded W3C VCDM. ```graphql mutation MyMutation { signCredential( input: { signer: "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK" format: { w3c: { credentialJson: "{\"@context\":[\"https://www.w3.org/2018/credentials/v1\"],\"type\":[\"VerifiableCredential\"],\"issuer\":\"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK\",\"issuanceDate\":\"2024-01-01T00:00:00Z\",\"credentialSubject\":{\"id\":\"did:example:123\",\"name\":\"Alice\"}}" securingMechanism: SD_JWT } } } ) { ... on SignW3CCredentialResult { credentialJson securedCredentialJson } } } ``` ### Embed Credential Status The cloud agent can automatically assign and embed credential status information when signing a credential. The system will generate and insert `credentialStatus` fields into the credential, assigning it to the specified status list definition. The given status list definition must be created in accordance with [credential-status-lists](https://docs.sudoplatform.com/guides/decentralized-identity/cloud-agent/cloud-agent-admin-api/credentials/credential-status-lists "mention"). The mutation will also return the `createdStatusListEntry` that was created, and can subsequently be managed via [credential-status-lists](https://docs.sudoplatform.com/guides/decentralized-identity/cloud-agent/cloud-agent-admin-api/credentials/credential-status-lists "mention"). ```graphql mutation MyMutation { signCredential( input: { signer: "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK" format: { w3c: { credentialJson: "{\"@context\":[\"https://www.w3.org/2018/credentials/v1\"],\"type\":[\"VerifiableCredential\"],\"issuer\":\"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK\",\"issuanceDate\":\"2024-01-01T00:00:00Z\",\"credentialSubject\":{\"id\":\"did:example:123\",\"name\":\"Alice\"}}" securingMechanism: LINKED_DATA_PROOF embedCredentialStatus: { statusListDefinitionIdentifier: "my-status-list-def" } } } } ) { ... on SignW3CCredentialResult { credentialJson securedCredentialJson createdStatusListEntry { credentialId statusListDefinitionIdentifier } } } } ``` ## Verify a Verifiable Credential The Cloud Agent can also be used to verify a secured (signed) credential of various formats and signature schemes, including with credential status checks (i.e. for revocation). To a verify a VC and check its revocation status (if there is one), the `verifyCredential` mutation can be called, providing the JSON stringified secured VC as the `securedCredentialJson` value. The mutation will return the payload that it decoded from the secured payload, whether the issuer's signature was valid, and if applicable, the credential statuses. If these checks fail to execute, an error will be given with the `reason` field. {% hint style="info" %} The input `securedCredentialJson` should be the JSON stringified version of the secured credential payload, which can take multiple formats depending on how it was secured. For instance, an \[SD-]JWT secured VC would take a JSON stringified form such as: `"\"eyJ0...\""` , whereas a Linked Data Proof secured W3C VC would take a JSON stringified form such as: `"{ \"@context\": [...], ... }"`. {% endhint %} ```graphql mutation MyMutation { verifyCredential(input:{ securedCredentialJson: "\"eyJ0eXAiOiAidmMrc2Qtand0IiwgImFsZyI6ICJFZERTQSIsICJraWQiOiAiZGlkOmtleTp6Nk1rb2pkNFhaQnpmejlpaWFBVGRZSGdZMnptdENQVmJUajdHeHNqdWtZbmtIdzcjejZNa29qZDRYWkJ6Zno5aWlhQVRkWUhnWTJ6bXRDUFZiVGo3R3hzanVrWW5rSHc3In0.eyJfc2QiOiBbIjZUZXljeElvR1dsYzZKdXZEdl9wNmF2U1hWWGE3U1FFUVNzajAtQ3N6alEiLCAiRG9wa1laRWk4R0w4YXlZdGZVOGtqZ2dUTjlqQnFESUlXZDMzYnU2UW1ibyIsICJMNDFuNjZWQmltTENIZmlSSTlNbFV6UkgtSF9IOEpvV0QwUmp3Rms1bTdJIiwgImQ4aWZ4eXUwUjZWcm1ZblN4Rmt1WjB5aktaOTV5OEZ4a1VtYWQwWFQ0WjgiLCAiak9jUk0yekdSdEY0NU9qMWE5U1pSVXNIVHR3eVBrbnEtcHp0Um95WWZvbyJdLCAiaXNzdWFuY2VEYXRlIjogIjIwMjUtMTItMDJUMDA6Mjg6NDIuMDAwWiIsICJpc3N1ZXIiOiAiZGlkOmtleTp6Nk1rb2pkNFhaQnpmejlpaWFBVGRZSGdZMnptdENQVmJUajdHeHNqdWtZbmtIdzciLCAiX3NkX2FsZyI6ICJzaGEtMjU2In0.NR5jlRC8kKIs1mGqzeh1bxR1NDPdI_Zxm46nqyYlCVZFQicgHb7aF0YHbyXaFLSp8K5Uh0WyCNAZWT4uVYy1AQ~WyJIVG52NmpJVjdpSUdhU2JQNHVWZjBRIiwgIlZlcmlmaWFibGVDcmVkZW50aWFsIl0~WyJaRHBpd1IzSWhSR1c3Q1BRMjg4aUx3IiwgIlBlcm1hbmVudFJlc2lkZW50Il0~WyJQaEIzZ0d1aGRHbW5ETGlRMTBNaGVRIiwgInR5cGUiLCBbeyIuLi4iOiAiNWN2ZEQwc1VWeU5DcTNFYV8xZTVHOWdVY0tGcnFaT2M3S2JYYlZ3NXp0TSJ9LCB7Ii4uLiI6ICJKSU9RVEc3S3UwX2ZNYXRuTlVQZkRDdDl0VG90amF1bENvZDVEY3R1YkZrIn1dXQ~WyJoSjFtSmxsSlowZF83QjlTWUlSbG1BIiwgImlkIiwgInVybjp1dWlkOjgzMjkwMjVmLTEwYzMtNGEwMC04YWFiLTk3OGMzOWEyNDIyZSJd~WyJPUlJZdkJZeW9RTnBWSG5GUFAtbzhRIiwgIlBlcm1hbmVudFJlc2lkZW50Il0~WyJOQ3JoSmVILTU4SDF4aE5Qc1VXLUJBIiwgInR5cGUiLCBbeyIuLi4iOiAiT0JpeGxfOG5GWXZXdDNNN0ExaXJoU3ZzcGZKMFZzcHRxdll1NVpZeFZXUSJ9XV0~WyJGSDFaVGZtbFVSVE5wTER4WS1jX3BRIiwgImdpdmVuTmFtZSIsICJKb2huIl0~WyJwX20zTmpDWnJLMFpmc3ZMeXVnQVFRIiwgImZhbWlseU5hbWUiLCAiRG9lIl0~WyJsakZBYTJmclVUUDBieEZLYXdHYW13IiwgImNyZWRlbnRpYWxTdWJqZWN0IiwgeyJfc2QiOiBbIktPZXJ3ck01dVFnaXRNTHlwUzA5MThtS0ozYWhhR1RKLTE0TlYwSTE2ekUiLCAiUXI5bm9JSTFFNkF1eWpqNi14aFdzc1lxSDdDM1M1LXRzZDZpV2ZwaWJRYyIsICJ2djRzcFhxT09WTnVJV2QtYlhDblVMOUlnOTlLTlBkY29mdUFLSVhQUTlNIl19XQ~WyJNQ3JiOVVQMG55LXVCLWF2TEIxbFdnIiwgInR5cGUiLCAiQml0c3RyaW5nU3RhdHVzTGlzdEVudHJ5Il0~WyJDdTBuaHlFaEJqbkQ1UXVvenhNTEJBIiwgInN0YXR1c1B1cnBvc2UiLCAic3VzcGVuc2lvbiJd~WyJWbi1LVXJNZ2l3OXowMUI0MmVvdUhRIiwgInN0YXR1c0xpc3RJbmRleCIsICI4OTM2MyJd~WyJnU25sMk1ubG5EUGY0RFFTakJMVE93IiwgInN0YXR1c0xpc3RDcmVkZW50aWFsIiwgImh0dHBzOi8vc3RhdHVzbGlzdC5kaS1kZXYuZGktdGVhbS5kZXYuc3Vkb3BsYXRmb3JtLmNvbS9zdGF0dXNfbGlzdC80OCJd~WyIwcjJ2VzZtOHBPOUcya2xjYlgzOHNRIiwgImlkIiwgImh0dHBzOi8vc3RhdHVzbGlzdC5kaS1kZXYuZGktdGVhbS5kZXYuc3Vkb3BsYXRmb3JtLmNvbS9zdGF0dXNfbGlzdC80OCM4OTM2MyJd~WyJyYUkxNGhiTFRmRXlBZ0FKck1nTTR3IiwgInR5cGUiLCAiQml0c3RyaW5nU3RhdHVzTGlzdEVudHJ5Il0~WyJuSWFVc19IM01KSXplRlNQbW1HVnNBIiwgInN0YXR1c1B1cnBvc2UiLCAicmV2b2NhdGlvbiJd~WyJiRjE3M0FhTnBjQ0REVnJwZUJpTUZBIiwgInN0YXR1c0xpc3RJbmRleCIsICI4MjExMiJd~WyJXZE05NTBqRm1FWE5zTGpZWXN4b1JRIiwgInN0YXR1c0xpc3RDcmVkZW50aWFsIiwgImh0dHBzOi8vc3RhdHVzbGlzdC5kaS1kZXYuZGktdGVhbS5kZXYuc3Vkb3BsYXRmb3JtLmNvbS9zdGF0dXNfbGlzdC80NiJd~WyIxNlItY0JFVnFkeUItNTdtNHl0RFB3IiwgImlkIiwgImh0dHBzOi8vc3RhdHVzbGlzdC5kaS1kZXYuZGktdGVhbS5kZXYuc3Vkb3BsYXRmb3JtLmNvbS9zdGF0dXNfbGlzdC80NiM4MjExMiJd~WyJhcEkyeERONTZZT2tSczlTSi1FanhnIiwgImNyZWRlbnRpYWxTdGF0dXMiLCBbeyJfc2QiOiBbIjdqZjcxMkdxOW41MHVFOE9YVjZvYkJfN3FIa1NuMGR3ZXBybGlqc2VjeTgiLCAiQXU4dVVPNDlqdE4tM3poU0pseUdWYW9xdHJudlZHR2xIT01ZTjVHZ1IxayIsICJiRGJSbGlfVXBJeWlLZHhjVUNqQTlqUjlqT3NZM0ZoeWRWOHdHWGJTV0dnIiwgImRzWUZHY1JlVE1hTXgzVjZKT1lUTkhXa1RZQnk0bWVYYkFhenZFNzJDU2MiLCAidVBKdm1ZYVZMTDBtcExXVmViTTZLbF9COVVDQ0I1cER1bTRtNWZxYmZhdyJdfSwgeyJfc2QiOiBbIk5PUjEwcTFHVC1OVFFmRXZXcGxKbmhXQ1UxOW9yRVh0TE83WUl4V0VaYVkiLCAiYk5Kc2YtR2dVNmcwVFhubzFrN2VHMFh1azRoaGZmT1VCTzNyemwtQVBXWSIsICJoNjRKSHR0T290U1JDQmwtTHJCdmt3V1NEMndqa1JHX3lPdy05NXBMdWZNIiwgImlJZjVaV05YVlhtVnBqZ1IzcWtEOFctZzFfTjl1SnJpMFlLZ1BzY2RoWHMiLCAieUtiSmROZTFxMmRKanBzVEhtMGwxd1VQUHhfRk9fUWNPeVVhb3FFeHY2YyJdfV1d~WyI4VVJWLUVWOE5MZXcxM0o5Ylhfa3ZnIiwgImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0~WyJDN2hiY0c4TVNlUmkyOWh2MHVPaGxRIiwgImh0dHBzOi8vdzNpZC5vcmcvY2l0aXplbnNoaXAvdjEiXQ~WyJKUHp2SWY5QmphbU1FbmJLT0pOXzlnIiwgImh0dHBzOi8vd3d3LnczLm9yZy9ucy9jcmVkZW50aWFscy9zdGF0dXMvdjEiXQ~WyJydEllOU5oOU90VjJOS2Q4d3dLQlZBIiwgIkBjb250ZXh0IiwgW3siLi4uIjogIjRBTjdfVzVadU53VVJTSm1NSzQ1azAwNmFVT3JwaHBSSC1ZVTRlbzBNT3MifSwgeyIuLi4iOiAieTBTZHlBdFVSdi1vUTVwZmhrS1k4aG56Qk84QzJoTnhTVkNueVhUMUxVWSJ9LCB7Ii4uLiI6ICJXVEZBbUZNVVZKeXZmSEx5SlBGN0hBdFNYemNJcDlIQTFrOUxtUWxSSkRRIn1dXQ~\"" }) { format { ... on VerifyW3CCredentialFormatResult { credentialJson securingMechanism } } signatureVerified { value reason } statusChecks { revoked { value reason } } } } ```