Version: 1.0.2 📑
EveryCRED Verifier JS is a custom verifier designed to verify EveryCRED credentials according to the W3C credentials standard.
You can install the library using npm:
npm install everycred-verifier-js
The EveryCRED Verifier JS follows the following steps to validate credentials:
-
Validators ✅: Check the authenticity and integrity of the credential.
- Authenticity checks 🔐: Verify the authenticity of the credential.
- Integrity Checks 🔐: Check the integrity of the credential.
- Issuer check 🛂: Validate the issuer of the credential.
- Data Validation 🧮: Perform validation on the credential data.
-
Checksum Match (Hash Comparison) 🔃: Compare hashes to ensure the integrity of the credential.
- Blockchain Hash Fetch 🔗: Fetch the blockchain hash of the credential.
- Generate Credential Hash 🔢: Generate a hash of the credential.
- Checksum Integrity ✔️: Compare the generated hash with the blockchain hash.
-
Status Check 🚦: Perform checks related to the status of the credential.
- Credential Revocation check 🚫: Check if the credential has been revoked.
- Credential Expiration check ⏰: Verify if the credential has expired.
The verifier performs detailed verification steps on the package:
-
Validator ✅: Check the validity of the credential fields.
- type ✔️: Verify if the "type" field exists and supports the "VerifiableCredential" type.
- @context ✔️: Check the existence and validity of the "@context" field.
- ID (Identifier) ✔️: Verify the existence of the "id" field.
- credentialSubject ✔️: Check the existence of the "credentialSubject" field and validate its information.
-
Issuer ✔️: Verify the existence and validity of the "issuer" field.
- Fetch Issuer profile information from the issuer link.
- Check the validity of the "@context" field in the Issuer profile.
- Validate the Issuer profile type against the supported types.
- Check if the "id" matches the issuer link fetched from the credential.
- Verify the existence of the Issuer's name and email.
- Check if the revocation list exists.
- Check the existence and format of the public key.
- Fetch the Revocation List from the issuer profile.
- ValidUntil (Optional) ✔️: Check the existence and format of the "validUntil" field.
-
Proof ✔️: Check the existence and validity of the "proof" field.
- Validate the fields within the proof.
- Verify the support for the current proof type ("MerkleProof2019").
- DisplayHtml (Optional) ✔️: Check the existence of the "displayHtml" field.
- IssuanceDate ✔️: Check the existence of the "issuanceDate" field.
-
Checksum Match (Hash Comparison) 🔃: Compare hashes to ensure the integrity of the credential.
-
Note: For the first version, only "MerkleProof2019" is supported.
-
Decode "proofValue" and extract signature details.
- There are two algorithms to decode the "proofValue":
- First, using MerkleProof2019 algorithm. This will be used for the previously issued credentials.
- Second using Advanced Encryption Standard(AES) algorithm. This will be used for the new credentials.
- Below is the details for decoding the data for AES algorithm:
- AES_128_IV and AES_128_KEY will be used to decode the proofValue. You can find this data in the proof field.
- You'll have to pass the AES encryption KEY and IV parsed into the UTF-8 format to ensure it's in the correct encoding for decryption.
- The decryption mode used for encryption is Cipher Block Chaining (CBC), which is a common mode for AES encryption.
- Below is the details for decoding the data for AES algorithm:
- There are two algorithms to decode the "proofValue":
-
Validate the existence of the "anchors" keyword with valid data.
-
Ensure that the following key fields exist in your credentials:
- "path"
- "merkleRoot"
- "targetHash"
- "anchors"
-
Separate the transaction ID and blink value.
-
Apply chain condition and call the corresponding API:
- EthereumMainnet
- EthereumRopsten
- EthereumSepolia
- PolygonMainnet
- PolygonTestnet
-
Handle API responses:
- Success: Retrieve the data and get the hash of the credentials from the transaction data.
- Error: Return the error from the API or indicate transaction lookup errors or transaction not found errors.
-
-
Status Check 🚦:
-
Revocation 🚫: Check if the "revocationList" exists in the credential and fetch the revocation list details.
- Validate the "@context" field in the revocation list.
- Check the validity of the revocation list type against the supported types.
- Verify the "id" key against the revocation link fetched from the credential.
- Check if the issuer list exists and match the issuer link from the issuer profile.
- Verify the existence of "revokedAssertions".
- Find the credential ID in the revocation list and return a message if revoked.
- If the ID matches, retrieve the revocation message and indicate that the credential is revoked with the given message.
- If not matched, consider the credential valid and not revoked.
- Expiration (ValidUntil) (Optional) 📅: Validate today's date with the "validUntil" date if it exists.
-
Revocation 🚫: Check if the "revocationList" exists in the credential and fetch the revocation list details.
Version 1.0.2 of the EveryCRED Verifier JS to verify EveryCRED credentials according to the W3C credentials standard.