@eengineer1/veramo-credential-sd-jwt v1.0.1

Veramo SD-JWT Plugin

This repository contains a plugin for the Veramo verifiable data framework that leverages the following specification compliant SD-JWT (Selective Disclosure JSON Web Token) library.

⚠️ This plugin is strictly an ESM module and requires Node.js >= 18.17.0.

Overview

The Veramo SD-JWT plugin allows for privacy-preserving data sharing by enabling selective disclosure of data fields in a JWT credential payload. This is achieved by using the SD-JWT aforementioned library, which allows each field in the JWT payload to be individually disclosed.

Installation

To install the Veramo SD-JWT plugin, use the following command:

npm install @eengineer1/veramo-credential-sd-jwt

Usage

After installation, you can use the plugin in your Veramo agent as follows:

import { createAgent, ... } from '@veramo/core'
import { CredentialSDJwt } from '@eengineer1/veramo-credential-sd-jwt'

const agent = new Agent({
    plugins: [
        ..., // other required plugins
        new CredentialSDJwt()
    ]
})

With the agent instantiated, you can now use the plugin to issue and / or verify SD-JWT credentials and presentations as follows:

import { type CredentialPayload } from '@veramo/core-types'
import { type JSONObject } from '@eengineer1/sd-jwt-ts-node'

// original claimset
const claimset = {
    id: '7aea4ed3-9b02-4f64-8f05-aeb59899c8a2',
    '@context': ['https://www.w3.org/2018/credentials/v1'],
    type: ['VerifiableCredential'],
    issuer: 'did:cheqd:testnet:09b20561-7339-40ea-a377-05ea35a0e82a',
    credentialSubject: {
        id: 'did:jwk:eyJhbGciOiJFUzI1NksiLCJjcnYiOiJzZWNwMjU2azEiLCJrdHkiOiJFQyIsInVzZSI6InNpZyIsIngiOiJmMmF2aHdTcTlNVGg4c0x0ZnBDZU1udnllSzdzVjIyRUtNZ2IzS1hOWXJZIiwieSI6ImFUUEY0OFZ5d0tKOFpJeEYzU0NweEtkNUhPeUt2cUZPWUcxQWc2Sm1qeVEifQ',
        nestedSimple: 'information',
        nestedObject: {
            nested: 'information',
        },
        nestedArray: ['information1', 'information2'],
    },
}

// non-selectively disclosable claimset
const undisclosedClaimset = {
    '@context': claimset['@context'],
    type: claimset.type,
    issuanceDate: 'anything-truthy',
    credentialSubject: {
        id: claimset.credentialSubject.id,
        nestedSimple: claimset.credentialSubject.nestedSimple,
    },
} satisfies JSONObject

// create + sign SD-JWT credential
const { sdJwt, normalisedCredential } = await agent.createVerifiableCredentialSDJwt({
    credential: claimset,
    undisclosedFields: undisclosedClaimset,
    removeOriginalFields: true,
    returnNormalisedCredential: true,
})

// verify SD-JWT credential
const { verified, message } = await agent.verifyVerifiableCredentialSDJwt({
    credential: sdJwt.jwt,
})

// create + sign SD-JWT presentation
const { sdJwtPresentation, normalisedPresentation } = await agent.createVerifiablePresentationSDJwt({
    presentation: {
    verifiableCredential: [sdJwt.jwt],
        holder: holder.didDocument.id,
    },
    removeOriginalFields: true,
    returnNormalisedPresentation: true,
})

// verify SD-JWT presentation
const { verified, message } = await agent.verifyVerifiablePresentationSDJwt({
    presentation: sdJwtPresentation,
})

License

This project is licensed under the Apache 2.0 License. See the LICENSE file for details.