Standalone VC Issue & Verify

The Cloud Agent Service supports the ability to sign and verify credentials with standalone APIs.

For certain use cases, it can be desirable to issue VCs independent of DI Credential Exchange protocols.

Sign a W3C Verifiable Credential

The Cloud Agent can be used to sign a W3C Verifiable Credential using a specified cryptographic securing mechanism. The signer parameter accepts either a DID or a specific verification method.

The mutation accepts a credentialJson , which must be a valid JSON stringified W3C VCDM (V1.1 or V2.0).

The output includes both the finalised credentialJson (stringified JSON W3C VCDM object) that was ultimately signed, and the securedCredentialJson that is cryptographically signed by the agent (stringified JSON data using the specified securingMechanism.)

Linked Data Proof

Sign a credential using the Linked Data Proof securing mechanism, which produces a credential in the ldp_vc format - i.e. an embedded JSON-LD proof object.

mutation MyMutation {
  signCredential(
    input: {
      signer: "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK"
      format: {
        w3c: {
          credentialJson: "{\"@context\":[\"https://www.w3.org/2018/credentials/v1\"],\"type\":[\"VerifiableCredential\"],\"issuer\":\"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK\",\"issuanceDate\":\"2024-01-01T00:00:00Z\",\"credentialSubject\":{\"id\":\"did:example:123\",\"name\":\"Alice\"}}"
          securingMechanism: LINKED_DATA_PROOF
        }
      }
    }
  ) {
    ... on SignW3CCredentialResult {
      credentialJson
      securedCredentialJson
    }
  }
}

SD-JWT

Sign a credential using the Selective Disclosure JWT securing mechanism, which produces a credential in the vc+sd-jwt format - i.e. an SD-JWT encoded W3C VCDM.

mutation MyMutation {
  signCredential(
    input: {
      signer: "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK"
      format: {
        w3c: {
          credentialJson: "{\"@context\":[\"https://www.w3.org/2018/credentials/v1\"],\"type\":[\"VerifiableCredential\"],\"issuer\":\"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK\",\"issuanceDate\":\"2024-01-01T00:00:00Z\",\"credentialSubject\":{\"id\":\"did:example:123\",\"name\":\"Alice\"}}"
          securingMechanism: SD_JWT
        }
      }
    }
  ) {
    ... on SignW3CCredentialResult {
      credentialJson
      securedCredentialJson
    }
  }
}

Embed Credential Status

The cloud agent can automatically assign and embed credential status information when signing a credential. The system will generate and insert credentialStatus fields into the credential, assigning it to the specified status list definition.

The given status list definition must be created in accordance with Credential Status Lists.

The mutation will also return the createdStatusListEntry that was created, and can subsequently be managed via Credential Status Lists.

mutation MyMutation {
  signCredential(
    input: {
      signer: "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK"
      format: {
        w3c: {
          credentialJson: "{\"@context\":[\"https://www.w3.org/2018/credentials/v1\"],\"type\":[\"VerifiableCredential\"],\"issuer\":\"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK\",\"issuanceDate\":\"2024-01-01T00:00:00Z\",\"credentialSubject\":{\"id\":\"did:example:123\",\"name\":\"Alice\"}}"
          securingMechanism: LINKED_DATA_PROOF
          embedCredentialStatus: {
            statusListDefinitionIdentifier: "my-status-list-def"
          }
        }
      }
    }
  ) {
    ... on SignW3CCredentialResult {
      credentialJson
      securedCredentialJson
      createdStatusListEntry {
        credentialId
        statusListDefinitionIdentifier
      }
    }
  }
}

Verify a Verifiable Credential

The Cloud Agent can also be used to verify a secured (signed) credential of various formats and signature schemes, including with credential status checks (i.e. for revocation).

To a verify a VC and check its revocation status (if there is one), the verifyCredential mutation can be called, providing the JSON stringified secured VC as the securedCredentialJson value.

The mutation will return the payload that it decoded from the secured payload, whether the issuer's signature was valid, and if applicable, the credential statuses. If these checks fail to execute, an error will be given with the reason field.

The input securedCredentialJson should be the JSON stringified version of the secured credential payload, which can take multiple formats depending on how it was secured.

For instance, an [SD-]JWT secured VC would take a JSON stringified form such as: "\"eyJ0...\"" , whereas a Linked Data Proof secured W3C VC would take a JSON stringified form such as: "{ \"@context\": [...], ... }".

mutation MyMutation {
  verifyCredential(input:{
    securedCredentialJson: "\"eyJ0eXAiOiAidmMrc2Qtand0IiwgImFsZyI6ICJFZERTQSIsICJraWQiOiAiZGlkOmtleTp6Nk1rb2pkNFhaQnpmejlpaWFBVGRZSGdZMnptdENQVmJUajdHeHNqdWtZbmtIdzcjejZNa29qZDRYWkJ6Zno5aWlhQVRkWUhnWTJ6bXRDUFZiVGo3R3hzanVrWW5rSHc3In0.eyJfc2QiOiBbIjZUZXljeElvR1dsYzZKdXZEdl9wNmF2U1hWWGE3U1FFUVNzajAtQ3N6alEiLCAiRG9wa1laRWk4R0w4YXlZdGZVOGtqZ2dUTjlqQnFESUlXZDMzYnU2UW1ibyIsICJMNDFuNjZWQmltTENIZmlSSTlNbFV6UkgtSF9IOEpvV0QwUmp3Rms1bTdJIiwgImQ4aWZ4eXUwUjZWcm1ZblN4Rmt1WjB5aktaOTV5OEZ4a1VtYWQwWFQ0WjgiLCAiak9jUk0yekdSdEY0NU9qMWE5U1pSVXNIVHR3eVBrbnEtcHp0Um95WWZvbyJdLCAiaXNzdWFuY2VEYXRlIjogIjIwMjUtMTItMDJUMDA6Mjg6NDIuMDAwWiIsICJpc3N1ZXIiOiAiZGlkOmtleTp6Nk1rb2pkNFhaQnpmejlpaWFBVGRZSGdZMnptdENQVmJUajdHeHNqdWtZbmtIdzciLCAiX3NkX2FsZyI6ICJzaGEtMjU2In0.NR5jlRC8kKIs1mGqzeh1bxR1NDPdI_Zxm46nqyYlCVZFQicgHb7aF0YHbyXaFLSp8K5Uh0WyCNAZWT4uVYy1AQ~WyJIVG52NmpJVjdpSUdhU2JQNHVWZjBRIiwgIlZlcmlmaWFibGVDcmVkZW50aWFsIl0~WyJaRHBpd1IzSWhSR1c3Q1BRMjg4aUx3IiwgIlBlcm1hbmVudFJlc2lkZW50Il0~WyJQaEIzZ0d1aGRHbW5ETGlRMTBNaGVRIiwgInR5cGUiLCBbeyIuLi4iOiAiNWN2ZEQwc1VWeU5DcTNFYV8xZTVHOWdVY0tGcnFaT2M3S2JYYlZ3NXp0TSJ9LCB7Ii4uLiI6ICJKSU9RVEc3S3UwX2ZNYXRuTlVQZkRDdDl0VG90amF1bENvZDVEY3R1YkZrIn1dXQ~WyJoSjFtSmxsSlowZF83QjlTWUlSbG1BIiwgImlkIiwgInVybjp1dWlkOjgzMjkwMjVmLTEwYzMtNGEwMC04YWFiLTk3OGMzOWEyNDIyZSJd~WyJPUlJZdkJZeW9RTnBWSG5GUFAtbzhRIiwgIlBlcm1hbmVudFJlc2lkZW50Il0~WyJOQ3JoSmVILTU4SDF4aE5Qc1VXLUJBIiwgInR5cGUiLCBbeyIuLi4iOiAiT0JpeGxfOG5GWXZXdDNNN0ExaXJoU3ZzcGZKMFZzcHRxdll1NVpZeFZXUSJ9XV0~WyJGSDFaVGZtbFVSVE5wTER4WS1jX3BRIiwgImdpdmVuTmFtZSIsICJKb2huIl0~WyJwX20zTmpDWnJLMFpmc3ZMeXVnQVFRIiwgImZhbWlseU5hbWUiLCAiRG9lIl0~WyJsakZBYTJmclVUUDBieEZLYXdHYW13IiwgImNyZWRlbnRpYWxTdWJqZWN0IiwgeyJfc2QiOiBbIktPZXJ3ck01dVFnaXRNTHlwUzA5MThtS0ozYWhhR1RKLTE0TlYwSTE2ekUiLCAiUXI5bm9JSTFFNkF1eWpqNi14aFdzc1lxSDdDM1M1LXRzZDZpV2ZwaWJRYyIsICJ2djRzcFhxT09WTnVJV2QtYlhDblVMOUlnOTlLTlBkY29mdUFLSVhQUTlNIl19XQ~WyJNQ3JiOVVQMG55LXVCLWF2TEIxbFdnIiwgInR5cGUiLCAiQml0c3RyaW5nU3RhdHVzTGlzdEVudHJ5Il0~WyJDdTBuaHlFaEJqbkQ1UXVvenhNTEJBIiwgInN0YXR1c1B1cnBvc2UiLCAic3VzcGVuc2lvbiJd~WyJWbi1LVXJNZ2l3OXowMUI0MmVvdUhRIiwgInN0YXR1c0xpc3RJbmRleCIsICI4OTM2MyJd~WyJnU25sMk1ubG5EUGY0RFFTakJMVE93IiwgInN0YXR1c0xpc3RDcmVkZW50aWFsIiwgImh0dHBzOi8vc3RhdHVzbGlzdC5kaS1kZXYuZGktdGVhbS5kZXYuc3Vkb3BsYXRmb3JtLmNvbS9zdGF0dXNfbGlzdC80OCJd~WyIwcjJ2VzZtOHBPOUcya2xjYlgzOHNRIiwgImlkIiwgImh0dHBzOi8vc3RhdHVzbGlzdC5kaS1kZXYuZGktdGVhbS5kZXYuc3Vkb3BsYXRmb3JtLmNvbS9zdGF0dXNfbGlzdC80OCM4OTM2MyJd~WyJyYUkxNGhiTFRmRXlBZ0FKck1nTTR3IiwgInR5cGUiLCAiQml0c3RyaW5nU3RhdHVzTGlzdEVudHJ5Il0~WyJuSWFVc19IM01KSXplRlNQbW1HVnNBIiwgInN0YXR1c1B1cnBvc2UiLCAicmV2b2NhdGlvbiJd~WyJiRjE3M0FhTnBjQ0REVnJwZUJpTUZBIiwgInN0YXR1c0xpc3RJbmRleCIsICI4MjExMiJd~WyJXZE05NTBqRm1FWE5zTGpZWXN4b1JRIiwgInN0YXR1c0xpc3RDcmVkZW50aWFsIiwgImh0dHBzOi8vc3RhdHVzbGlzdC5kaS1kZXYuZGktdGVhbS5kZXYuc3Vkb3BsYXRmb3JtLmNvbS9zdGF0dXNfbGlzdC80NiJd~WyIxNlItY0JFVnFkeUItNTdtNHl0RFB3IiwgImlkIiwgImh0dHBzOi8vc3RhdHVzbGlzdC5kaS1kZXYuZGktdGVhbS5kZXYuc3Vkb3BsYXRmb3JtLmNvbS9zdGF0dXNfbGlzdC80NiM4MjExMiJd~WyJhcEkyeERONTZZT2tSczlTSi1FanhnIiwgImNyZWRlbnRpYWxTdGF0dXMiLCBbeyJfc2QiOiBbIjdqZjcxMkdxOW41MHVFOE9YVjZvYkJfN3FIa1NuMGR3ZXBybGlqc2VjeTgiLCAiQXU4dVVPNDlqdE4tM3poU0pseUdWYW9xdHJudlZHR2xIT01ZTjVHZ1IxayIsICJiRGJSbGlfVXBJeWlLZHhjVUNqQTlqUjlqT3NZM0ZoeWRWOHdHWGJTV0dnIiwgImRzWUZHY1JlVE1hTXgzVjZKT1lUTkhXa1RZQnk0bWVYYkFhenZFNzJDU2MiLCAidVBKdm1ZYVZMTDBtcExXVmViTTZLbF9COVVDQ0I1cER1bTRtNWZxYmZhdyJdfSwgeyJfc2QiOiBbIk5PUjEwcTFHVC1OVFFmRXZXcGxKbmhXQ1UxOW9yRVh0TE83WUl4V0VaYVkiLCAiYk5Kc2YtR2dVNmcwVFhubzFrN2VHMFh1azRoaGZmT1VCTzNyemwtQVBXWSIsICJoNjRKSHR0T290U1JDQmwtTHJCdmt3V1NEMndqa1JHX3lPdy05NXBMdWZNIiwgImlJZjVaV05YVlhtVnBqZ1IzcWtEOFctZzFfTjl1SnJpMFlLZ1BzY2RoWHMiLCAieUtiSmROZTFxMmRKanBzVEhtMGwxd1VQUHhfRk9fUWNPeVVhb3FFeHY2YyJdfV1d~WyI4VVJWLUVWOE5MZXcxM0o5Ylhfa3ZnIiwgImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0~WyJDN2hiY0c4TVNlUmkyOWh2MHVPaGxRIiwgImh0dHBzOi8vdzNpZC5vcmcvY2l0aXplbnNoaXAvdjEiXQ~WyJKUHp2SWY5QmphbU1FbmJLT0pOXzlnIiwgImh0dHBzOi8vd3d3LnczLm9yZy9ucy9jcmVkZW50aWFscy9zdGF0dXMvdjEiXQ~WyJydEllOU5oOU90VjJOS2Q4d3dLQlZBIiwgIkBjb250ZXh0IiwgW3siLi4uIjogIjRBTjdfVzVadU53VVJTSm1NSzQ1azAwNmFVT3JwaHBSSC1ZVTRlbzBNT3MifSwgeyIuLi4iOiAieTBTZHlBdFVSdi1vUTVwZmhrS1k4aG56Qk84QzJoTnhTVkNueVhUMUxVWSJ9LCB7Ii4uLiI6ICJXVEZBbUZNVVZKeXZmSEx5SlBGN0hBdFNYemNJcDlIQTFrOUxtUWxSSkRRIn1dXQ~\""
  }) {
    format {
      ... on VerifyW3CCredentialFormatResult {
        credentialJson
        securingMechanism
      }
    }
    signatureVerified {
      value
      reason
    }
    statusChecks {
      revoked {
        value
        reason
    	}
    }
  }
}

PreviousCredential Status Lists NextAudit Logs

Last updated 2 days ago