indy-sdk
v1.16.0-dev-1655
Published
Native bindings for hyperledger indy
Downloads
783
Readme
Indy SDK for Node.js
Native bindings for Hyperledger Indy.
Installing
This module has a native compile step. It compiles C++ code and dynamically links to libindy
.
You will need:
- C++ build tools and Python 3.6+. See this for platform recommendations.
libindy
v1.6+ in your system library path. (i.e./usr/lib/libindy.so
for linux)
Then you can install via npm:
npm install --save indy-sdk
Troubleshooting
Use environment variable RUST_LOG={info|debug|trace}
to output logs of Libindy.
Linking errors
i.e. ld: library not found for -llibindy
First, make sure you have the latest libindy for your platform. Also make sure you have any other libraries it depends on. See indy-sdk/doc
Second, make sure it's in the linker search path. The easiest way is to use the system library path.
- ubuntu
/usr/lib/libindy.so
- osx
/usr/local/lib/libindy.dylib
- windows use LD_LIBRARY_PATH to indicate the location of dll as specified below
If you want to put the library in a custom folder i.e. /foo/bar/libindy.so
then you can do this:
LD_LIBRARY_PATH=/foo/bar npm i --save indy-sdk
Then when you run your code, you'll still need the LD_LIBRARY_PATH
set.
LD_LIBRARY_PATH=/foo/bar node index.js
Other build errors
We use node-gyp to manage the cross-platform build. Their readme is quite helpful.
Usage
var indy = require('indy-sdk')
var did = '...'
var fullVerkey = '...'
indy.abbreviateVerkey(did, fullVerkey, function(err, verkey){
..
})
// if you do not provide a callback, a Promise is returned
var verkey = await indy.abbreviateVerkey(did, fullVerkey)
API
IndyError
All the functions may yield an IndyError. The errors are based on libindy error codes defined here.
err.indyCode
: Int - code number from libindyerr.indyName
: String - name for the error codeerr.indyMessage
: String - human-readable error descriptionerr.indyBacktrace
: String? - if enabled, this is the libindy backtrace string
Collecting of backtrace can be enabled by:
- Setting environment variable
RUST_BACKTRACE=1
- Calling setRuntimeConfig(
{collect_backtrace: true}
)
anoncreds
These functions wrap the Ursa algorithm as documented in this paper:
And is documented in this HIPE:
issuerCreateSchema ( issuerDid, name, version, attrNames ) -> [ id, schema ]
Create credential schema entity that describes credential attributes list and allows credentials interoperability.
Schema is public and intended to be shared with all anoncreds workflow actors usually by publishing SCHEMA transaction to Indy distributed ledger.
It is IMPORTANT for current version POST Schema in Ledger and after that GET it from Ledger with correct seq_no to save compatibility with Ledger. After that can call issuerCreateAndStoreCredentialDef to build corresponding Credential Definition.
issuerDid
: String - DID of schema issuername
: String - a name the schemaversion
: String - a version of the schemaattrNames
: Json - a list of schema attributes descriptions (the number of attributes should be less or equal than 125)- -> [
id
: String,schema
: Json ] - schema_id: identifier of created schema schema_json: schema as json
Errors: Common*
, Anoncreds*
issuerCreateAndStoreCredentialDef ( wh, issuerDid, schema, tag, signatureType, config ) -> [ credDefId, credDef ]
Create credential definition entity that encapsulates credentials issuer DID, credential schema, secrets used for signing credentials and secrets used for credentials revocation.
Credential definition entity contains private and public parts. Private part will be stored in the wallet. Public part will be returned as json intended to be shared with all anoncreds workflow actors usually by publishing CRED_DEF transaction to Indy distributed ledger.
It is IMPORTANT for current version GET Schema from Ledger with correct seq_no to save compatibility with Ledger.
Note: Use combination of issuerRotateCredentialDefStart
and indy_issuer_rotate_credential_def_apply
functions
to generate new keys for an existing credential definition.
wh
: Handle (Number) - wallet handle (created by openWallet)issuerDid
: String - a DID of the issuer signing cred_def transaction to the Ledgerschema
: Json - credential schema as a jsontag
: String - allows to distinct between credential definitions for the same issuer and schemasignatureType
: String - credential definition type (optional, 'CL' by default) that defines credentials signature and revocation math. Supported types are:- 'CL': Camenisch-Lysyanskaya credential signature type that is implemented according to the algorithm in this paper: https://github.com/hyperledger/ursa/blob/master/libursa/docs/AnonCred.pdf And is documented in this HIPE: https://github.com/hyperledger/indy-hipe/blob/c761c583b1e01c1e9d3ceda2b03b35336fdc8cc1/text/anoncreds-protocol/README.md
config
: Json - (optional) type-specific configuration of credential definition as json:- 'CL':
- support_revocation: whether to request non-revocation credential (optional, default false)
-> [
credDefId
: String,credDef
: Json ] - cred_def_id: identifier of created credential definition cred_def_json: public part of created credential definition
Errors: Common*
, Wallet*
, Anoncreds*
issuerRotateCredentialDefStart ( wh, credDefId, config ) -> credDef
Generate temporary credential definitional keys for an existing one (owned by the caller of the library).
Use issuerRotateCredentialDefApply
function to set temporary keys as the main.
WARNING: Rotating the credential definitional keys will result in making all credentials issued under the previous keys unverifiable.
wh
: Handle (Number) - wallet handle (created by openWallet)credDefId
: String - an identifier of created credential definition stored in the walletconfig
: Json - (optional) type-specific configuration of credential definition as json:- 'CL':
- support_revocation: whether to request non-revocation credential (optional, default false)
- ->
credDef
: Json - public part of temporary created credential definition
Errors: Common*
, Wallet*
, Anoncreds*
issuerRotateCredentialDefApply ( wh, credDefId ) -> void
Apply temporary keys as main for an existing Credential Definition (owned by the caller of the library).
WARNING: Rotating the credential definitional keys will result in making all credentials issued under the previous keys unverifiable.
wh
: Handle (Number) - wallet handle (created by openWallet)credDefId
: String - an identifier of created credential definition stored in the wallet- -> void
Errors: Common*
, Wallet*
, Anoncreds*
issuerCreateAndStoreRevocReg ( wh, issuerDid, revocDefType, tag, credDefId, config, tailsWriterHandle ) -> [ revocRegId, revocRegDef, revocRegEntry ]
Create a new revocation registry for the given credential definition as tuple of entities
- Revocation registry definition that encapsulates credentials definition reference, revocation type specific configuration and secrets used for credentials revocation
- Revocation registry state that stores the information about revoked entities in a non-disclosing way. The state can be represented as ordered list of revocation registry entries were each entry represents the list of revocation or issuance operations.
Revocation registry definition entity contains private and public parts. Private part will be stored in the wallet. Public part will be returned as json intended to be shared with all anoncreds workflow actors usually by publishing REVOC_REG_DEF transaction to Indy distributed ledger.
Revocation registry state is stored on the wallet and also intended to be shared as the ordered list of REVOC_REG_ENTRY transactions. This call initializes the state in the wallet and returns the initial entry.
Some revocation registry types (for example, 'CL_ACCUM') can require generation of binary blob called tails used to hide information about revoked credentials in public revocation registry and intended to be distributed out of leger (REVOC_REG_DEF transaction will still contain uri and hash of tails). This call requires access to pre-configured blob storage writer instance handle that will allow to write generated tails.
wh
: Handle (Number) - wallet handle (created by openWallet)issuerDid
: String - a DID of the issuer signing transaction to the LedgerrevocDefType
: String - revocation registry type (optional, default value depends on credential definition type). Supported types are:- 'CL_ACCUM': Type-3 pairing based accumulator implemented according to the algorithm in this paper: https://github.com/hyperledger/ursa/blob/master/libursa/docs/AnonCred.pdf This type is default for 'CL' credential definition type.
tag
: String - allows to distinct between revocation registries for the same issuer and credential definitioncredDefId
: String - id of stored in ledger credential definitionconfig
: Json - type-specific configuration of revocation registry as json:- 'CL_ACCUM':
{
"issuance_type": (optional) type of issuance. Currently supported:
1) ISSUANCE_BY_DEFAULT: all indices are assumed to be issued and initial accumulator is calculated over all indices;
Revocation Registry is updated only during revocation.
2) ISSUANCE_ON_DEMAND: nothing is issued initially accumulator is 1 (used by default);
"max_cred_num": maximum number of credentials the new registry can process (optional, default 100000)
}
tailsWriterHandle
: Handle (Number) - handle of blob storage to store tails
NOTE:
Recursive creation of folder for Default Tails Writer (correspondent to tailsWriterHandle
)
in the system-wide temporary directory may fail in some setup due to permissions: IO error: Permission denied
.
In this case use TMPDIR
environment variable to define temporary directory specific for an application.
- -> [
revocRegId
: String,revocRegDef
: Json,revocRegEntry
: Json ] - revoc_reg_id: identifier of created revocation registry definition revoc_reg_def_json: public part of revocation registry definition revoc_reg_entry_json: revocation registry entry that defines initial state of revocation registry
Errors: Common*
, Wallet*
, Anoncreds*
issuerCreateCredentialOffer ( wh, credDefId ) -> credOffer
Create credential offer that will be used by Prover for credential request creation. Offer includes nonce and key correctness proof for authentication between protocol steps and integrity checking.
wh
: Handle (Number) - wallet handle (created by openWallet)credDefId
: String - id of credential definition stored in the wallet- ->
credOffer
: Json - credential offer json:
{
"schema_id": string,
"cred_def_id": string,
// Fields below can depend on Cred Def type
"nonce": string,
"key_correctness_proof" : key correctness proof for credential definition correspondent to cred_def_id
(opaque type that contains data structures internal to Ursa.
It should not be parsed and are likely to change in future versions).
}
Errors: Common*
, Wallet*
, Anoncreds*
issuerCreateCredential ( wh, credOffer, credReq, credValues, revRegId, blobStorageReaderHandle ) -> [ cred, credRevocId, revocRegDelta ]
Check Cred Request for the given Cred Offer and issue Credential for the given Cred Request.
Cred Request must match Cred Offer. The credential definition and revocation registry definition referenced in Cred Offer and Cred Request must be already created and stored into the wallet.
Information for this credential revocation will be store in the wallet as part of revocation registry under generated cred_revoc_id local for this wallet.
This call returns revoc registry delta as json file intended to be shared as REVOC_REG_ENTRY transaction. Note that it is possible to accumulate deltas to reduce ledger load.
wh
: Handle (Number) - wallet handle (created by openWallet)credOffer
: Json - a cred offer created by issuerCreateCredentialOffercredReq
: Json - a credential request created by proverCreateCredentialReqcredValues
: Json - a credential containing attribute values for each of requested attribute names. Example:
{
"attr1" : {"raw": "value1", "encoded": "value1_as_int" },
"attr2" : {"raw": "value1", "encoded": "value1_as_int" }
}
If you want to use empty value for some credential field, you should set "raw" to "" and "encoded" should not be empty
revRegId
: String - id of revocation registry stored in the walletblobStorageReaderHandle
: Handle (Number) - configuration of blob storage reader handle that will allow to read revocation tails- -> [
cred
: Json,credRevocId
: String,revocRegDelta
: Json ] - cred_json: Credential json containing signed credential values
{
"schema_id": string,
"cred_def_id": string,
"rev_reg_def_id", Optional<string>,
"values": <see cred_values_json above>,
// Fields below can depend on Cred Def type
"signature": <credential signature>,
(opaque type that contains data structures internal to Ursa.
It should not be parsed and are likely to change in future versions).
"signature_correctness_proof": <signature_correctness_proof>
(opaque type that contains data structures internal to Ursa.
It should not be parsed and are likely to change in future versions).
}
cred_revoc_id: local id for revocation info (Can be used for revocation of this credential)
revoc_reg_delta_json: Revocation registry delta json with a newly issued credential
Errors: Annoncreds*
, Common*
, Wallet*
issuerRevokeCredential ( wh, blobStorageReaderHandle, revRegId, credRevocId ) -> revocRegDelta
Revoke a credential identified by a cred_revoc_id (returned by issuerCreateCredential).
The corresponding credential definition and revocation registry must be already created an stored into the wallet.
This call returns revoc registry delta as json file intended to be shared as REVOC_REG_ENTRY transaction. Note that it is possible to accumulate deltas to reduce ledger load.
wh
: Handle (Number) - wallet handle (created by openWallet)blobStorageReaderHandle
: Handle (Number)revRegId
: String - id of revocation registry stored in walletcredRevocId
: String - local id for revocation info- ->
revocRegDelta
: Json - revoc_reg_delta_json: Revocation registry delta json with a revoked credential
Errors: Annoncreds*
, Common*
, Wallet*
issuerMergeRevocationRegistryDeltas ( revRegDelta, otherRevRegDelta ) -> mergedRevRegDelta
Merge two revocation registry deltas (returned by issuerCreateCredential or issuerRevokeCredential) to accumulate common delta. Send common delta to ledger to reduce the load.
revRegDelta
: Json - revocation registry delta.otherRevRegDelta
: Json - revocation registry delta for which PrevAccum value is equal to current accum value of rev_reg_delta_json.- ->
mergedRevRegDelta
: Json - merged_rev_reg_delta: Merged revocation registry delta
Errors: Annoncreds*
, Common*
, Wallet*
proverCreateMasterSecret ( wh, masterSecretId ) -> outMasterSecretId
Creates a master secret with a given id and stores it in the wallet. The id must be unique.
wh
: Handle (Number) - wallet handle (created by openWallet)masterSecretId
: String - (optional, if not present random one will be generated) new master id- ->
outMasterSecretId
: String - out_master_secret_id: Id of generated master secret
Errors: Annoncreds*
, Common*
, Wallet*
proverCreateCredentialReq ( wh, proverDid, credOffer, credDef, masterSecretId ) -> [ credReq, credReqMetadata ]
Creates a credential request for the given credential offer.
The method creates a blinded master secret for a master secret identified by a provided name. The master secret identified by the name must be already stored in the secure wallet (see prover_create_master_secret) The blinded master secret is a part of the credential request.
wh
: Handle (Number) - wallet handle (created by openWallet)proverDid
: String - a DID of the provercredOffer
: Json - credential offer as a json containing information about the issuer and a credentialcredDef
: Json - credential definition json related to <cred_def_id> in <cred_offer_json>masterSecretId
: String - the id of the master secret stored in the wallet- -> [
credReq
: Json,credReqMetadata
: Json ] - cred_req_json: Credential request json for creation of credential by Issuer
{
"prover_did" : string,
"cred_def_id" : string,
// Fields below can depend on Cred Def type
"blinded_ms" : <blinded_master_secret>,
(opaque type that contains data structures internal to Ursa.
It should not be parsed and are likely to change in future versions).
"blinded_ms_correctness_proof" : <blinded_ms_correctness_proof>,
(opaque type that contains data structures internal to Ursa.
It should not be parsed and are likely to change in future versions).
"nonce": string
}
cred_req_metadata_json: Credential request metadata json for further processing of received form Issuer credential.
Note: cred_req_metadata_json mustn't be shared with Issuer.
Errors: Annoncreds*
, Common*
, Wallet*
proverStoreCredential ( wh, credId, credReqMetadata, cred, credDef, revRegDef ) -> outCredId
Check credential provided by Issuer for the given credential request, updates the credential by a master secret and stores in a secure wallet.
To support efficient and flexible search the following tags will be created for stored credential:
{
"schema_id": <credential schema id>,
"schema_issuer_did": <credential schema issuer did>,
"schema_name": <credential schema name>,
"schema_version": <credential schema version>,
"issuer_did": <credential issuer did>,
"cred_def_id": <credential definition id>,
"rev_reg_id": <credential revocation registry id>, // "None" as string if not present
// for every attribute in <credential values>
"attr::<attribute name>::marker": "1",
"attr::<attribute name>::value": <attribute raw value>,
}
wh
: Handle (Number) - wallet handle (created by openWallet)credId
: String - (optional, default is a random one) identifier by which credential will be stored in the walletcredReqMetadata
: Json - a credential request metadata created by proverCreateCredentialReqcred
: Json - credential json received from issuercredDef
: Json - credential definition json related to <cred_def_id> in <cred_json>revRegDef
: Json - revocation registry definition json related to <rev_reg_def_id> in <cred_json>- ->
outCredId
: String - out_cred_id: identifier by which credential is stored in the wallet
Errors: Annoncreds*
, Common*
, Wallet*
proverGetCredentials ( wh, filter ) -> credentials
Gets human readable credentials according to the filter. If filter is NULL, then all credentials are returned. Credentials can be filtered by Issuer, credential_def and/or Schema.
NOTE: This method is deprecated because immediately returns all fetched credentials. Use <proverSearchCredentials> to fetch records by small batches.
wh
: Handle (Number) - wallet handle (created by openWallet)filter
: Json - filter for credentials
{
"schema_id": string, (Optional)
"schema_issuer_did": string, (Optional)
"schema_name": string, (Optional)
"schema_version": string, (Optional)
"issuer_did": string, (Optional)
"cred_def_id": string, (Optional)
}
- ->
credentials
: Json - credentials json
[{
"referent": string, // cred_id in the wallet
"attrs": {"key1":"raw_value1", "key2":"raw_value2"},
"schema_id": string,
"cred_def_id": string,
"rev_reg_id": Optional<string>,
"cred_rev_id": Optional<string>
}]
Errors: Annoncreds*
, Common*
, Wallet*
proverGetCredential ( wh, credId ) -> credential
Gets human readable credential by the given id.
wh
: Handle (Number) - wallet handle (created by openWallet)credId
: String - Identifier by which requested credential is stored in the wallet- ->
credential
: Json - credential json:
{
"referent": string, // cred_id in the wallet
"attrs": {"key1":"raw_value1", "key2":"raw_value2"},
"schema_id": string,
"cred_def_id": string,
"rev_reg_id": Optional<string>,
"cred_rev_id": Optional<string>
}
Errors: Annoncreds*
, Common*
, Wallet*
proverSearchCredentials ( wh, query ) -> [ sh, totalCount ]
Search for credentials stored in wallet. Credentials can be filtered by tags created during saving of credential.
Instead of immediately returning of fetched credentials this call returns search_handle that can be used later to fetch records by small batches (with proverFetchCredentials).
wh
: Handle (Number) - wallet handle (created by openWallet)query
: Json - Wql query filter for credentials searching based on tags. where query: indy-sdk/doc/design/011-wallet-query-language/README.md- -> [
sh
: Handle (Number),totalCount
: Number ] - search_handle: Search handle that can be used later to fetch records by small batches (with proverFetchCredentials) total_count: Total count of records
Errors: Annoncreds*
, Common*
, Wallet*
proverFetchCredentials ( sh, count ) -> credentials
Fetch next credentials for search.
sh
: Handle (Number) - Search handle (created by proverSearchCredentials)count
: Number - Count of credentials to fetch- ->
credentials
: Json - credentials_json: List of human readable credentials:
[{
"referent": string, // cred_id in the wallet
"attrs": {"key1":"raw_value1", "key2":"raw_value2"},
"schema_id": string,
"cred_def_id": string,
"rev_reg_id": Optional<string>,
"cred_rev_id": Optional<string>
}]
NOTE: The list of length less than the requested count means credentials search iterator is completed.
Errors: Annoncreds*
, Common*
, Wallet*
proverCloseCredentialsSearch ( sh ) -> void
Close credentials search (make search handle invalid)
sh
: Handle (Number) - Search handle (created by proverSearchCredentials)- -> void
Errors: Annoncreds*
, Common*
, Wallet*
proverGetCredentialsForProofReq ( wh, proofRequest ) -> credentials
Gets human readable credentials matching the given proof request.
NOTE: This method is deprecated because immediately returns all fetched credentials. Use <proverSearchCredentialsForProofReq> to fetch records by small batches.
wh
: Handle (Number) - wallet handle (created by openWallet)proofRequest
: Json - proof request json
{
"name": string,
"version": string,
"nonce": string, - a decimal number represented as a string (use `generateNonce` function to generate 80-bit number)
"requested_attributes": { // set of requested attributes
"<attr_referent>": <attr_info>, // see below
...,
},
"requested_predicates": { // set of requested predicates
"<predicate_referent>": <predicate_info>, // see below
...,
},
"non_revoked": Optional<<non_revoc_interval>>, // see below,
// If specified prover must proof non-revocation
// for date in this interval for each attribute
// (can be overridden on attribute level)
"ver": Optional<str> - proof request version:
- omit to use unqualified identifiers for restrictions
- "1.0" to use unqualified identifiers for restrictions
- "2.0" to use fully qualified identifiers for restrictions
}
where:
attr_info: Describes requested attribute
{
"name": Optional<string>, // attribute name, (case insensitive and ignore spaces)
"names": Optional<[string, string]>, // attribute names, (case insensitive and ignore spaces)
// NOTE: should either be "name" or "names", not both and not none of them.
// Use "names" to specify several attributes that have to match a single credential.
"restrictions": Optional<wql query>, // see below
"non_revoked": Optional<<non_revoc_interval>>, // see below,
// If specified prover must proof non-revocation
// for date in this interval this attribute
// (overrides proof level interval)
}
predicate_referent: Proof-request local identifier of requested attribute predicate
predicate_info: Describes requested attribute predicate
{
"name": attribute name, (case insensitive and ignore spaces)
"p_type": predicate type (">=", ">", "<=", "<")
"p_value": predicate value
"restrictions": Optional<wql query>, // see below
"non_revoked": Optional<<non_revoc_interval>>, // see below,
// If specified prover must proof non-revocation
// for date in this interval this attribute
// (overrides proof level interval)
}
non_revoc_interval: Defines non-revocation interval
{
"from": Optional<int>, // timestamp of interval beginning
"to": Optional<int>, // timestamp of interval ending
}
- ->
credentials
: Json - credentials_json: json with credentials for the given proof request.
{
"requested_attrs": {
"<attr_referent>": [{ cred_info: <credential_info>, interval: Optional<non_revoc_interval> }],
...,
},
"requested_predicates": {
"requested_predicates": [{ cred_info: <credential_info>, timestamp: Optional<integer> }, { cred_info: <credential_2_info>, timestamp: Optional<integer> }],
"requested_predicate_2_referent": [{ cred_info: <credential_2_info>, timestamp: Optional<integer> }]
}
}, where credential is
{
"referent": <string>,
"attrs": {"attr_name" : "attr_raw_value"},
"schema_id": string,
"cred_def_id": string,
"rev_reg_id": Optional<int>,
"cred_rev_id": Optional<int>,
}
Errors: Annoncreds*
, Common*
, Wallet*
proverSearchCredentialsForProofReq ( wh, proofRequest, extraQuery ) -> sh
Search for credentials matching the given proof request.
Instead of immediately returning of fetched credentials this call returns search_handle that can be used later to fetch records by small batches (with proverFetchCredentialsForProofReq).
wh
: Handle (Number) - wallet handle (created by openWallet)proofRequest
: Json - proof request json
{
"name": string,
"version": string,
"nonce": string, - a decimal number represented as a string (use `generateNonce` function to generate 80-bit number)
"requested_attributes": { // set of requested attributes
"<attr_referent>": <attr_info>, // see below
...,
},
"requested_predicates": { // set of requested predicates
"<predicate_referent>": <predicate_info>, // see below
...,
},
"non_revoked": Optional<<non_revoc_interval>>, // see below,
// If specified prover must proof non-revocation
// for date in this interval for each attribute
// (can be overridden on attribute level)
"ver": Optional<str> - proof request version:
- omit to use unqualified identifiers for restrictions
- "1.0" to use unqualified identifiers for restrictions
- "2.0" to use fully qualified identifiers for restrictions
}
where:
attr_info: Describes requested attribute
{
"name": Optional<string>, // attribute name, (case insensitive and ignore spaces)
"names": Optional<[string, string]>, // attribute names, (case insensitive and ignore spaces)
// NOTE: should either be "name" or "names", not both and not none of them.
// Use "names" to specify several attributes that have to match a single credential.
"restrictions": Optional<wql query>, // see below
"non_revoked": Optional<<non_revoc_interval>>, // see below,
// If specified prover must proof non-revocation
// for date in this interval this attribute
// (overrides proof level interval)
}
predicate_referent: Proof-request local identifier of requested attribute predicate
predicate_info: Describes requested attribute predicate
{
"name": attribute name, (case insensitive and ignore spaces)
"p_type": predicate type (">=", ">", "<=", "<")
"p_value": predicate value
"restrictions": Optional<wql query>, // see below
"non_revoked": Optional<<non_revoc_interval>>, // see below,
// If specified prover must proof non-revocation
// for date in this interval this attribute
// (overrides proof level interval)
}
non_revoc_interval: Defines non-revocation interval
{
"from": Optional<int>, // timestamp of interval beginning
"to": Optional<int>, // timestamp of interval ending
}
extraQuery
: Json - (Optional) List of extra queries that will be applied to correspondent attribute/predicate:
{
"<attr_referent>": <wql query>,
"<predicate_referent>": <wql query>,
}
where wql query: indy-sdk/docs/design/011-wallet-query-language/README.md
- ->
sh
: Handle (Number) - search_handle: Search handle that can be used later to fetch records by small batches (with proverFetchCredentialsForProofReq)
Errors: Annoncreds*
, Common*
, Wallet*
proverFetchCredentialsForProofReq ( sh, itemReferent, count ) -> credentials
Fetch next credentials for the requested item using proof request search handle (created by proverSearchCredentialsForProofReq).
sh
: Handle (Number) - Search handle (created by proverSearchCredentialsForProofReq)itemReferent
: String - Referent of attribute/predicate in the proof requestcount
: Number - Count of credentials to fetch- ->
credentials
: Json - credentials_json: List of credentials for the given proof request.
[{
cred_info: <credential_info>,
interval: Optional<non_revoc_interval>
}]
where
credential_info:
{
"referent": <string>,
"attrs": {"attr_name" : "attr_raw_value"},
"schema_id": string,
"cred_def_id": string,
"rev_reg_id": Optional<int>,
"cred_rev_id": Optional<int>,
}
non_revoc_interval:
{
"from": Optional<int>, // timestamp of interval beginning
"to": Optional<int>, // timestamp of interval ending
}
NOTE: The list of length less than the requested count means that search iterator
correspondent to the requested <item_referent> is completed.
Errors: Annoncreds*
, Common*
, Wallet*
proverCloseCredentialsSearchForProofReq ( sh ) -> void
Close credentials search for proof request (make search handle invalid)
sh
: Handle (Number) - Search handle (created by proverSearchCredentialsForProofReq)- -> void
Errors: Annoncreds*
, Common*
, Wallet*
proverCreateProof ( wh, proofReq, requestedCredentials, masterSecretName, schemas, credentialDefs, revStates ) -> proof
Creates a proof according to the given proof request Either a corresponding credential with optionally revealed attributes or self-attested attribute must be provided for each requested attribute (see proverGetCredentials_for_pool_req). A proof request may request multiple credentials from different schemas and different issuers. All required schemas, public keys and revocation registries must be provided. The proof request also contains nonce. The proof contains either proof or self-attested attribute value for each requested attribute.
wh
: Handle (Number) - wallet handle (created by openWallet)proofReq
: Json - proof request json
{
"name": string,
"version": string,
"nonce": string, - a decimal number represented as a string (use `generateNonce` function to generate 80-bit number)
"requested_attributes": { // set of requested attributes
"<attr_referent>": <attr_info>, // see below
...,
},
"requested_predicates": { // set of requested predicates
"<predicate_referent>": <predicate_info>, // see below
...,
},
"non_revoked": Optional<<non_revoc_interval>>, // see below,
// If specified prover must proof non-revocation
// for date in this interval for each attribute
// (can be overridden on attribute level)
"ver": Optional<str> - proof request version:
- omit to use unqualified identifiers for restrictions
- "1.0" to use unqualified identifiers for restrictions
- "2.0" to use fully qualified identifiers for restrictions
}
where:
attr_info: Describes requested attribute
{
"name": Optional<string>, // attribute name, (case insensitive and ignore spaces)
"names": Optional<[string, string]>, // attribute names, (case insensitive and ignore spaces)
// NOTE: should either be "name" or "names", not both and not none of them.
// Use "names" to specify several attributes that have to match a single credential.
"restrictions": Optional<wql query>, // see below
"non_revoked": Optional<<non_revoc_interval>>, // see below,
// If specified prover must proof non-revocation
// for date in this interval this attribute
// (overrides proof level interval)
}
predicate_referent: Proof-request local identifier of requested attribute predicate
predicate_info: Describes requested attribute predicate
{
"name": attribute name, (case insensitive and ignore spaces)
"p_type": predicate type (">=", ">", "<=", "<")
"p_value": predicate value
"restrictions": Optional<wql query>, // see below
"non_revoked": Optional<<non_revoc_interval>>, // see below,
// If specified prover must proof non-revocation
// for date in this interval this attribute
// (overrides proof level interval)
}
non_revoc_interval: Defines non-revocation interval
{
"from": Optional<int>, // timestamp of interval beginning
"to": Optional<int>, // timestamp of interval ending
}
requestedCredentials
: Json - either a credential or self-attested attribute for each requested attribute
{
"self_attested_attributes": {
"self_attested_attribute_referent": string
},
"requested_attributes": {
"requested_attribute_referent_1": {"cred_id": string, "timestamp": Optional<number>, revealed: <bool> }},
"requested_attribute_referent_2": {"cred_id": string, "timestamp": Optional<number>, revealed: <bool> }}
},
"requested_predicates": {
"requested_predicates_referent_1": {"cred_id": string, "timestamp": Optional<number> }},
}
}
masterSecretName
: Stringschemas
: Json - all schemas json participating in the proof request
{
<schema1_id>: <schema1_json>,
<schema2_id>: <schema2_json>,
<schema3_id>: <schema3_json>,
}
credentialDefs
: Json - all credential definitions json participating in the proof request
{
"cred_def1_id": <credential_def1_json>,
"cred_def2_id": <credential_def2_json>,
"cred_def3_id": <credential_def3_json>,
}
revStates
: Json - all revocation states json participating in the proof request
{
"rev_reg_def1_id or credential_1_id"": {
"timestamp1": <rev_state1>,
"timestamp2": <rev_state2>,
},
"rev_reg_def2_id or credential_2_id"": {
"timestamp3": <rev_state3>
},
"rev_reg_def3_id or credential_3_id"": {
"timestamp4": <rev_state4>
},
} - Note: use credential_id instead rev_reg_id in case proving several credentials from the same revocation registry.
where
where wql query: indy-sdk/docs/design/011-wallet-query-language/README.md
- ->
proof
: Json - Proof json For each requested attribute either a proof (with optionally revealed attribute value) or self-attested attribute value is provided. Each proof is associated with a credential and corresponding schema_id, cred_def_id, rev_reg_id and timestamp. There is also aggregated proof part common for all credential proofs.
{
"requested_proof": {
"revealed_attrs": {
"requested_attr1_id": {sub_proof_index: number, raw: string, encoded: string},
"requested_attr4_id": {sub_proof_index: number: string, encoded: string},
},
"revealed_attr_groups": {
"requested_attr5_id": {
"sub_proof_index": number,
"values": {
"attribute_name": {
"raw": string,
"encoded": string
}
},
}
},
"unrevealed_attrs": {
"requested_attr3_id": {sub_proof_index: number}
},
"self_attested_attrs": {
"requested_attr2_id": self_attested_value,
},
"requested_predicates": {
"requested_predicate_1_referent": {sub_proof_index: int},
"requested_predicate_2_referent": {sub_proof_index: int},
}
}
"proof": {
"proofs": [ <credential_proof>, <credential_proof>, <credential_proof> ],
"aggregated_proof": <aggregated_proof>
} (opaque type that contains data structures internal to Ursa.
It should not be parsed and are likely to change in future versions).
"identifiers": [{schema_id, cred_def_id, Optional<rev_reg_id>, Optional<timestamp>}]
}
Errors: Annoncreds*
, Common*
, Wallet*
verifierVerifyProof ( proofRequest, proof, schemas, credentialDefsJsons, revRegDefs, revRegs ) -> valid
Verifies a proof (of multiple credential). All required schemas, public keys and revocation registries must be provided.
IMPORTANT: You must use *_id's (schema_id
, cred_def_id
, rev_reg_id
) listed in proof[identifiers]
as the keys for corresponding schemas
, credentialDefsJsons
, revRegDefs
, revRegs
objects.
proofRequest
: Json - proof request json
{
"name": string,
"version": string,
"nonce": string, - a decimal number represented as a string (use `generateNonce` function to generate 80-bit number)
"requested_attributes": { // set of requested attributes
"<attr_referent>": <attr_info>, // see below
...,
},
"requested_predicates": { // set of requested predicates
"<predicate_referent>": <predicate_info>, // see below
...,
},
"non_revoked": Optional<<non_revoc_interval>>, // see below,
// If specified prover must proof non-revocation
// for date in this interval for each attribute
// (can be overridden on attribute level)
"ver": Optional<str> - proof request version:
- omit to use unqualified identifiers for restrictions
- "1.0" to use unqualified identifiers for restrictions
- "2.0" to use fully qualified identifiers for restrictions
}
proof
: Json - created for request proof json
{
"requested_proof": {
"revealed_attrs": {
"requested_attr1_id": {sub_proof_index: number, raw: string, encoded: string}, // NOTE: check that `encoded` value match to `raw` value on application level
"requested_attr4_id": {sub_proof_index: number: string, encoded: string}, // NOTE: check that `encoded` value match to `raw` value on application level
},
"revealed_attr_groups": {
"requested_attr5_id": {
"sub_proof_index": number,
"values": {
"attribute_name": {
"raw": string,
"encoded": string
}
}, // NOTE: check that `encoded` value match to `raw` value on application level
}
},
"unrevealed_attrs": {
"requested_attr3_id": {sub_proof_index: number}
},
"self_attested_attrs": {
"requested_attr2_id": self_attested_value,
},
"requested_predicates": {
"requested_predicate_1_referent": {sub_proof_index: int},
"requested_predicate_2_referent": {sub_proof_index: int},
}
}
"proof": {
"proofs": [ <credential_proof>, <credential_proof>, <credential_proof> ],
"aggregated_proof": <aggregated_proof>
}
"identifiers": [{schema_id, cred_def_id, Optional<rev_reg_id>, Optional<timestamp>}]
}
schemas
: Json - all schema jsons participating in the proof
{
<schema1_id>: <schema1_json>,
<schema2_id>: <schema2_json>,
<schema3_id>: <schema3_json>,
}
credentialDefsJsons
: JsonrevRegDefs
: Json - all revocation registry definitions json participating in the proof
{
"rev_reg_def1_id": <rev_reg_def1_json>,
"rev_reg_def2_id": <rev_reg_def2_json>,
"rev_reg_def3_id": <rev_reg_def3_json>,
}
revRegs
: Json - all revocation registries json participating in the proof
{
"rev_reg_def1_id": {
"timestamp1": <rev_reg1>,
"timestamp2": <rev_reg2>,
},
"rev_reg_def2_id": {
"timestamp3": <rev_reg3>
},
"rev_reg_def3_id": {
"timestamp4": <rev_reg4>
},
}
- ->
valid
: Boolean - valid: true - if signature is valid, false - otherwise
Errors: Annoncreds*
, Common*
, Wallet*
createRevocationState ( blobStorageReaderHandle, revRegDef, revRegDelta, timestamp, credRevId ) -> revState
Create revocation state for a credential that corresponds to a particular time.
Note that revocation delta must cover the whole registry existence time.
You can use from
: 0
and to
: needed_time
as parameters for building request to get correct revocation delta.
The resulting revocation state and provided timestamp can be saved and reused later with applying a new
revocation delta with updateRevocationState
function.
This new delta should be received with parameters: from
: timestamp
and to
: needed_time
.
blobStorageReaderHandle
: Handle (Number) - configuration of blob storage reader handle that will allow to read revocation tailsrevRegDef
: Json - revocation registry definition jsonrevRegDelta
: Json - revocation registry delta which covers the whole registry existence timetimestamp
: Timestamp (Number) - time represented as a total number of seconds from Unix EpochcredRevId
: String - user credential revocation id in revocation registry- ->
revState
: Json - revocation state json:
{
"rev_reg": <revocation registry>,
"witness": <witness>,
"timestamp" : integer
}
Errors: Common*
, Wallet*
, Anoncreds*
updateRevocationState ( blobStorageReaderHandle, revState, revRegDef, revRegDelta, timestamp, credRevId ) -> updatedRevState
Create a new revocation state for a credential based on a revocation state created before.
Note that provided revocation delta must cover the registry gap from based state creation until the specified time
(this new delta should be received with parameters: from
: state_timestamp
and to
: needed_time
).
This function reduces the calculation time.
The resulting revocation state and provided timestamp can be saved and reused later by applying a new revocation delta again.
blobStorageReaderHandle
: Handle (Number) - configuration of blob storage reader handle that will allow to read revocation tailsrevState
: Json - revocation registry state jsonrevRegDef
: Json - revocation registry definition jsonrevRegDelta
: Json - revocation registry definition delta which covers the gap form originalrev_state_json
creation till the requested timestamptimestamp
: Timestamp (Number) - time represented as a total number of seconds from Unix EpochcredRevId
: String - user credential revocation id in revocation registry- ->
updatedRevState
: Json - revocation state json:
{
"rev_reg": <revocation registry>,
"witness": <witness>,
"timestamp" : integer
}
Errors: Common*
, Wallet*
, Anoncreds*
generateNonce ( ) -> nonce
Generates 80-bit numbers that can be used as a nonce for proof request.
- ->
nonce
: Json - generated number as a string
Errors: Common*
toUnqualified ( entity ) -> res
Get unqualified form (short form without method) of a fully qualified entity like DID.
This function should be used to the proper casting of fully qualified entity to unqualified form in the following cases:
- Issuer, which works with fully qualified identifiers, creates a Credential Offer for Prover, which doesn't support fully qualified identifiers.
- Verifier prepares a Proof Request based on fully qualified identifiers or Prover, which doesn't support fully qualified identifiers.
- another case when casting to unqualified form needed
entity
: String - target entity to disqualify. Can be one of: Did, SchemaId, CredentialDefinitionId, RevocationRegistryId, Schema, CredentialDefinition, RevocationRegistryDefinition, CredentialOffer, CredentialRequest, ProofRequest.- ->
res
: Json - entity either in unqualified form or original if casting isn't possible
blob_storage
openBlobStorageReader ( type, config ) -> handle
type
: Stringconfig
: Json- ->
handle
: Handle (Number)
openBlobStorageWriter ( type, config ) -> handle
type
: Stringconfig
: Json- ->
handle
: Handle (Number)
crypto
createKey ( wh, key ) -> vk
Creates keys pair and stores in the wallet.
wh
: Handle (Number) - wallet handle (created by openWallet)key
: Json - Key information as json. Example:
{
"seed": string, (optional) Seed that allows deterministic key creation (if not set random one will be created).
Can be UTF-8, base64 or hex string.
"crypto_type": string, // Optional (if not set then ed25519 curve is used); Currently only 'ed25519' value is supported for this field.
}
- ->
vk
: String - Ver key of generated key pair, also used as key identifier
Errors: Common*
, Wallet*
, Crypto*
setKeyMetadata ( wh, verkey, metadata ) -> void
Saves/replaces the meta information for the giving key in the wallet.
wh
: Handle (Number) - wallet handle (created by openWallet)verkey
: Stringmetadata
: String- -> void
Errors: Common*
, Wallet*
, Crypto*
getKeyMetadata ( wh, verkey ) -> metadata
Retrieves the meta information for the giving key in the wallet.
wh
: Handle (Number) - wallet handle (created by openWallet)verkey
: String- ->
metadata
: String - The meta information stored with the key; Can be null if no metadata was saved for this key.
Errors: Common*
, Wallet*
, Crypto*
cryptoSign ( wh, signerVk, messageRaw ) -> signatureRaw
Signs a message with a key.
Note to use DID keys with this function you can call keyForDid to get key id (verkey) for specific DID.
wh
: Handle (Number) - wallet handle (created by openWallet)signerVk
: String - id (verkey) of message signer. The key must be created by calling createKey or createAndStoreMyDidmessageRaw
: Buffer - a pointer to first byte of message to be signed- ->
signatureRaw
: Buffer - a signature string
Errors: Common*
, Wallet*
, Crypto*
cryptoVerify ( signerVk, messageRaw, signatureRaw ) -> valid
Verify a signature with a verkey.
Note to use DID keys with this function you can call keyForDid to get key id (verkey) for specific DID.
signerVk
: String - verkey of the message signermessageRaw
: Buffer - a pointer to first byte of message that has been signedsignatureRaw
: Buffer - a pointer to first byte of signature to be verified- ->
valid
: Boolean - valid: true - if signature is valid, false - otherwise
Errors: Common*
, Wallet*
, Ledger*
, Crypto*
cryptoAuthCrypt ( wh, senderVk, recipientVk, messageRaw ) -> encryptedMsgRaw
**** THIS FUNCTION WILL BE DEPRECATED USE packMessage INSTEAD ****
Encrypt a message by authenticated-encryption scheme.
Sender can encrypt a confidential message specifically for Recipient, using Sender's public key. Using Recipient's public key, Sender can compute a shared secret key. Using Sender's public key and his secret key, Recipient can compute the exact same shared secret key. That shared secret key can be used to verify that the encrypted message was not tampered with, before eventually decrypting it.
Note to use DID keys with this function you can call keyForDid to get key id (verkey) for specific DID.
wh
: Handle (Number) - wallet handle (created by openWallet)senderVk
: String - id (verkey) of message sender. The key must be created by calling createKey or createAndStoreMyDidrecipientVk
: String - id (verkey) of message recipientmessageRaw
: Buffer - a pointer to first byte of message that to be encrypted- ->
encryptedMsgRaw
: Buffer - an encrypted message as a pointer to array of bytes.
Errors: Common*
, Wallet*
, Ledger*
, Crypto*
cryptoAuthDecrypt ( wh, recipientVk, encryptedMsgRaw ) -> [ senderVk, decryptedMsgRaw ]
**** THIS FUNCTION WILL BE DEPRECATED USE unpackMessage INSTEAD ****
Decrypt a message by authenticated-encryption scheme.
Sender can encrypt a confidential message specifically for Recipient, using Sender's public key. Using Recipient's public key, Sender can compute a shared secret key. Using Sender's public key and his secret key, Recipient can compute the exact same shared secret key. That shared secret key can be used to verify that the encrypted message was not tampered with, before eventually decrypting it.
Note to use DID keys with this function you can call keyForDid to get key id (verkey) for specific DID.
wh
: Handle (Number) - wallet handle (created by openWallet)recipientVk
: String - id (verkey) of message recipient. The key must be created by calling createKey or createAndStoreMyDidencryptedMsgRaw
: Buffer - a pointer to first byte of message that to be decrypted- -> [
senderVk
: String,decryptedMsgRaw
: Buffer ] - sender verkey and decrypted message as a pointer to array of bytes
Errors: Common*
, Wallet*
, Crypto*
cryptoAnonCrypt ( recipientVk, messageRaw ) -> encryptedMsgRaw
Encrypts a message by anonymous-encryption scheme.
Sealed boxes are designed to anonymously send messages to a Recipient given its public key. Only the Recipient can decrypt these messages, using its private key. While the Recipient can verify the integrity of the message, it cannot verify the identity of the Sender.
Note to use DID keys with this function you can call keyForDid to get key id (verkey) for specific DID.
Note: use packMessage function for A2A goals.
recipientVk
: String - verkey of message recipientmessageRaw
: Buffer - a pointer to first byte of message that to be encrypted- ->
encryptedMsgRaw
: Buffer - an encrypted message as a pointer to array of bytes
Errors: Common*
, Wallet*
, Ledger*
, Crypto*
cryptoAnonDecrypt ( wh, recipientVk, encryptedMsg ) -> decryptedMsgRaw
Decrypts a message by anonymous-encryption scheme.
Sealed boxes are designed to anonymously send messages to a Recipient given its public key. Only the Recipient can decrypt these messages, using its private key. While the Recipient can verify the integrity of the message, it cannot verify the identity of the Sender.
Note to use DID keys with this function you can call keyForDid to get key id (verkey) for specific DID.
Note: use unpackMessage function for A2A goals.
wh
: Handle (Number) - wallet handle (created by openWallet)recipientVk
: String - id (verkey) of my key. The key must be created by calling createKey or createAndStoreMyDidencryptedMsg
: Buffer- ->
decryptedMsgRaw
: Buffer - decrypted message as a pointer to an array of bytes
Errors: Common*
, Wallet*
, Crypto*
packMessage ( wh, message, receiverKeys, senderVk ) -> jwe
Packs a message by encrypting the message and serializes it in a JWE-like format (Experimental)
Note to use DID keys with this function you can call keyForDid to get key id (verkey) for specific DID.
wh
: Handle (Number) - wallet handle (created by openWallet)message
: Buffer - message that to be packedreceiverKeys
: Array - an array of strings which contains receiver's keys the message is being encrypted for. Example: ['receiver edge_agent_1 verkey', 'receiver edge_agent_2 verkey']senderVk
: String - the sender's verkey as a string When null pointer is used in this parameter, anoncrypt is used- ->
jwe
: Buffer - a JWE
using authcrypt alg:
{
"protected": "b64URLencoded({
"enc": "xsalsa20poly1305",
"typ": "JWM/1.0",
"alg": "Authcrypt",
"recipients": [
{
"encrypted_key": base64URLencode(libsodium.crypto_box(my_key, their_vk, cek, cek_iv))
"header": {
"kid": "base58encode(recipient_verkey)",
"sender" : base64URLencode(libsodium.crypto_box_seal(their_vk, base58encode(sender_vk)),
"iv" : base64URLencode(cek_iv)
}
},
],
})",
"iv": <b64URLencode(iv)>,
"ciphertext": b64URLencode(encrypt_detached({'@type'...}, protected_value_encoded, iv, cek),
"tag": <b64URLencode(tag)>
}
Alternative example in using anoncrypt alg is defined below:
{
"protected": "b64URLencoded({
"enc": "xsalsa20poly1305",
"typ": "JWM/1.0",
"alg": "Anoncrypt",
"recipients": [
{
"encrypted_key": base64URLencode(libsodium.crypto_box_seal(their_vk, cek)),
"header": {
"kid": base58encode(recipient_verkey),
}
},
],
})",
"iv": b64URLencode(iv),
"ciphertext": b64URLencode(encrypt_detached({'@type'...}, protected_value_encoded, iv, cek),
"tag": b64URLencode(tag)
}
Errors: Common*
, Wallet*
, Ledger*
, Crypto*
unpackMessage ( wh, jwe ) -> res
Unpacks a JWE-like formatted message outputted by packMessage (Experimental)
wh
: Handle (Number) - wallet handle (created by openWallet)jwe
: Buffer - JWE to be unpacked- ->
res
: Buffer - a result message
if authcrypt was used to pack the message returns this json structure:
{
message: <decrypted message>,
sender_verkey: <sender_verkey>,
recipient_verkey: <recipient_verkey>
}
OR
if anoncrypt was used to pack the message returns this json structure:
{
message: <decrypted message>,
recipient_verkey: <recipient_verkey>
}
Errors: Common*
, Wallet*
, Ledger*
, Crypto*
did
createAndStoreMyDid ( wh, did ) -> [ did, verkey ]
Creates keys (signing and encryption keys) for a new DID (owned by the caller of the library). Identity's DID must be either explicitly provided, or taken as the first 16 bit of verkey. Saves the Identity DID with keys in a secured Wallet, so that it can be used to sign and encrypt transactions.
wh
: Handle (Number) - wallet handle (created by openWallet)did
: Json - Identity information as json
{
"did": string, (optional;
if not provided and cid param is false then the first 16 bit of the verkey will be used as a new DID;
if not provided and cid is true then the full verkey will be used as a new DID;
if provided, then keys will be replaced - key rotation use case)
"seed": string, (optional) Seed that allows deterministic did creation (if not set random one will be created).
Can be UTF-8, base64 or hex string.
"crypto_type": string, (optional; if not set then ed25519 curve is used;
currently only 'ed25519' value is supported for this field)
"cid": bool, (optional; if not set then false is used;)
"method_name": string, (optional) method name to create fully qualified did (Example: `did:method_name:NcYxiDXkpYi6ov5FcYDi1e`).
}
- -> [
did
: String,verkey
: String ] - did: DID generated and stored in the wallet verkey: The DIDs verification key
Errors: Common*
, Wallet*
, Crypto*
replaceKeysStart ( wh, did, identity ) -> verkey
Generated temporary keys (signing and encryption keys) for an existing DID (owned by the caller of the library).
wh
: Handle (Number) - wallet handle (created by openWallet)did
: String - target did to rotate keys.identity
: Json- ->
verkey
: String - verkey: The DIDs verification key
Errors: Common*
, Wallet*
, Crypto*
replaceKeysApply ( wh, did ) -> void
Apply temporary keys as main for an existing DID (owned by the caller of the library).
wh
: Handle (Number) - wallet handle (created by openWallet)did
: String - DID stored in the wallet- -> void
Errors: Common*
, Wallet*
, Crypto*
storeTheirDid ( wh, identity ) -> void
Saves their DID for a pairwise connection in a secured Wallet, so that it can be used to verify transaction. Updates DID associated verkey in case DID already exists in the Wallet.
wh
: Handle (Number) - wallet handle (created by openWallet)identity
: Json - Identity information as json. Example:
{
"did": string, (required)
"verkey": string
- optional is case of adding a new DID, and DID is cryptonym: did == verkey,
- mandatory in case of updating an existing DID
}
- -> void
Errors: Common*
, Wallet*
, Crypto*
keyForDid ( poolHandle, wh, did ) -> key
Returns ver key (key id) for the given DID.
"keyForDid" call follow the idea that we resolve information about their DID from the ledger with cache in the local wallet. The "openWallet" call has freshness parameter that is used for checking the freshness of cached pool value.
Note if you don't want to resolve their DID info from the ledger you can use "keyForLocalDid" call instead that will look only to the local wallet and skip freshness checking.
Note that "createAndStoreMyDid" makes similar wallet record as "createKey". As result we can use returned ver key in all generic crypto and messaging functions.
poolHandle
: Handle (Number) - Pool handle (created by open_pool).wh
: Handle (Number) - wallet handle (created by openWallet)did
: String- ->
key
: String - The DIDs ver key (key id).
Errors: Common*
, Wallet*
, Crypto*
keyForLocalDid ( wh, did ) -> key
Returns ver key (key id) for the given DID.
"keyForLocalDid" call looks data stored in the local wallet only and skips freshness checking.
Note if you want to get fresh data from the ledger you can use "keyForDid" call instead.
Note that "createAndStoreMyDid" makes similar wallet record as "createKey". As result we can use returned ver key in all generic crypto and messaging functions.
wh
: Handle (Number) - wallet handle (created by openWallet)did
: String- ->
key
: String - The DIDs ver key (key id).
Errors: Common*
, Wallet*
, Crypto*
setEndpointForDid ( wh, did, address, transportKey ) -> void
Set/replaces endpoint information for the given DID.
wh
: Handle (Number) - wallet handle (created by openWallet)did
: Stringaddress
: StringtransportKey
: String- -> void
Errors: Common*
, Wallet*
, Crypto*
getEndpointForDid ( wh, poolHandle, did ) -> [ address, transportVk ]
Returns endpoint information for the given DID.
wh
: Handle (Number) - wallet handle (created by openWallet)poolHandle
: Handle (Number)did
: String- -> [
address
: String,transportVk
: String ] - The DIDs endpoint.
- transport_vk - The DIDs transport key (ver key, key id).
Errors: Common*
, Wallet*
, Crypto*
setDidMetadata ( wh, did, metadata ) -> void
Saves/replaces the meta information for the giving DID in the wallet.
wh
: Handle (Number) - wallet handle (created by openWallet)did
: Stringmetadata
: String- -> void
Errors: Common*
, Wallet*
, Crypto*
getDidMetadata ( wh, did ) -> metadata
Retrieves the meta information for the giving DID in the wallet.
wh
: Handle (Number) - wallet handle (created by openWallet)did
: String- ->
metadata
: String - The meta information stored with the DID; Can be null if no metadata was saved for this DID.
Errors: Common*
, Wallet*
, Crypto*
getMyDidWithMeta ( wh, myDid ) -> didWithMeta
Retrieves the information about the giving DID in the wallet.
wh
: Handle (Number) - wallet handle (created by openWallet)myDid
: String- ->
didWithMeta
: Json - did_with_meta: { "did": string - DID stored in the wallet, "verkey": string - The DIDs transport key (ver key, key id), "tempVerkey": string - Temporary DIDs transport key (ver key, key id), exist only during the rotation of the keys. After rotation is done, it becomes a new verkey. "metadata": string - The meta information stored with the DID }
Errors: Common*
, Wallet*
, Crypto*
listMyDidsWithMeta ( wh ) -> dids
Retrieves the information about all DIDs stored in the wallet.
wh
: Handle (Number) - wallet handle (created by openWallet)- ->
dids
: Json - dids: [{ "did": string - DID stored in the wallet, "verkey": string - The DIDs transport key (ver key, key id)., "metadata": string - The meta information stored with the DID }]
Errors: Common*
, Wallet*
, Crypto*
abbreviateVerkey ( did, fullVerkey ) -> verkey
Retrieves abbreviated verkey