@tianhr/open-attestation-cli NPM

Open Attestation (CLI)

This CLI tool in the Open Attestation CLI repository turns .json documents into any open-attestation verifiable documents. It applies the OpenAttestation algorithm to produce a hash of the json document and then creates a file with the data and proof of integrity.

Installation

Binary

To install the binary, simply download the binary from the CLI release page for your OS.

We are aware that the size of the binaries must be reduced and we have tracked the issue in Github. We hope to find a solution in a near future and any help is welcomed.

NPM

Alternatively for Linux or MacOS users, if you have npm installed on your machine, you may install the cli using the following command:

npm install -g @govtechsg/open-attestation-cli

The above command will install the open-attestation CLI to your machine. You will need to have node.js installed to be able to run the command.

You can also opt to use npx:

npx -p @govtechsg/open-attestation-cli open-attestation <arguments>

In all the guides, we will refer to the CLI as open-attestation when running a command. That means we will assume the CLI is available in your execution path. If it's not the case, you will to change open-attestation by the full path to the executable.

Usage

List of features with the required options

	Private Key	Wallet	Aws Kms
Create config	❎	✔️	❎
Deploy document store	✔	✔	✔
Deploy title escrow	✔	✔	✔
Deploy title escrow creator	✔	✔	✔
Deploy token registry	✔	✔	✔
Dns txt create	❎	❎	❎
Dns txt get	❎	❎	❎
Document store issue	✔	✔	✔
Document store revoke	✔	✔	✔
Document store transfer ownership 转移权限	✔	✔	✔
Token registry issue	✔	✔	✔
Token registry mint	✔	✔	✔
Filter (obfuscate) document	❎	❎	❎
Sign document	✔	❎	❎
Encrypt document	❎	❎	❎
Decrypt document	❎	❎	❎
Wrap document	❎	❎	❎
Verify document	❎	❎	❎
Change holder (Title Escrow) 修改holder	✔	✔	✔
Nominate change of owner (Title Escrow) 提名owner	✔	✔	✔
Endorse transfer to owner (Title Escrow) 转移owner	✔	✔	✔
Endorse change of owner (Title Escrow) 变更owner	✔	✔	✔
Surrender document (Title Escrow) 电放提单	✔	✔	✔
Reject surrendered document (Title Escrow)同意电放提单	✔	✔	✔
Accept surrendered document (Title Escrow)同意	✔	✔	✔

Wrapping documents

This command process all documents in the input directory. It will add the issuance proofs to the individual documents. Additionally, you'll get the Batch Document Root (merkleRoot) value. Thereafter, you can issue all the documents in a single batch with the merkleRoot later.

Example:

open-attestation wrap ./examples/raw-documents/example.0.json

✔  success  Batch Document Root: 0xf51030c5751a646284c898cff0f9d833c64a50d6f307b61f2c96c3c838b13bfc

The command will display the result in the console. If you need to save the file you can use the --output-file file.

Example:

open-attestation wrap ./examples/raw-documents/example.0.json --output-file ./examples/wrapped-documents/example.0.json

✔  success   Batch Document Root: 0x5d318c8083aac18f8075ca2a2eac74b06f2cc37d6ccad680c7c80c9bb36f7be1

If you need to wrap a folder you will need to provide the --output-dir options to specify in which folder the documents must be wrapped in.

Example:

open-attestation wrap ./examples/raw-documents --output-dir ./examples/wrapped-documents

✔  success   Batch Document Root: 0x5d318c8083aac18f8075ca2a2eac74b06f2cc37d6ccad680c7c80c9bb36f7be1

You can also provide an optional JSON schema document to perform extra check on the documents

Example:

open-attestation wrap ./examples/raw-documents/ --output-dir ./examples/wrapped-documents/ --schema ./examples/schema.json

✔  success  Batch Document Root: 0xf51030c5751a646284c898cff0f9d833c64a50d6f307b61f2c96c3c838b13bfc

open-attestation wrap ./examples/raw-documents/ ./examples/wrapped-documents/ -s ./examples/schema.json

✔  success  Batch Document Root: 0xf51030c5751a646284c898cff0f9d833c64a50d6f307b61f2c96c3c838b13bfc

The JSON schema parameter also allow for http endpoint returning valid JSON schema:

Example:

open-attestation wrap ./examples/raw-documents/ --output-dir ./examples/wrapped-documents/ --schema https://gist.githubusercontent.com/Nebulis/dd8198ab76443489e14121dad225d351/raw/693b50a1694942fb3cc6a8dcf5187cc7c75adb58/schema.json

✔  success  Batch Document Root: 0xf51030c5751a646284c898cff0f9d833c64a50d6f307b61f2c96c3c838b13bfc

open-attestation wrap ./examples/raw-documents/ --output-dir ./examples/wrapped-documents/ -s https://gist.githubusercontent.com/Nebulis/dd8198ab76443489e14121dad225d351/raw/693b50a1694942fb3cc6a8dcf5187cc7c75adb58/schema.json

✔  success  Batch Document Root: 0xf51030c5751a646284c898cff0f9d833c64a50d6f307b61f2c96c3c838b13bfc

You can also re-wrap a document by editing a wrapped document content and using the --unwrap option:

open-attestation wrap ./examples/raw-documents/example.0.json --output-file ./examples/wrapped-documents/example.0.json

# edit the recipient name in ./tmp/wrapped-documents/example.0.json for instance for Your Name to Another Name
open-attestation wrap ./examples/wrapped-documents/example.0.json --of ./examples/wrapped-documents/example.1.json --unwrap

You can disable the --batched option to wrap multiple documents individually (i.e. they will not have the same merkle root):

open-attestation wrap ./examples/raw-documents/ --output-dir ./examples/wrapped-documents/ --batched false
✔  success   All documents have been individually wrapped

By default the CLI will use open-attestation schema v2 but you can opt in for open-attestation schema v3 using open-attestation-v3 option:

open-attestation wrap ./examples/raw-documents/ ./examples/wrapped-documents/ --open-attestation-v3
open-attestation wrap ./examples/raw-documents/ ./examples/wrapped-documents/ --oav3

NOTE: For transferable records, you should wrap them individually as each of them would be minted to a unique title escrow that represents the beneficiary and holder entities of the document. For more information about title escrow, refer here.

Document privacy filter

This allows document holders to generate valid documents which obfuscates certain fields. For example, sensitive information that you wish not to disclose.

open-attestation filter <inputDocumentPath> <outputDocumentPath> [filters...]

Example:

open-attestation filter examples/wrapped-documents/example.0.json tmp/example.0.out.json key1

✔  success  Obfuscated document saved to: tmp/example.0.out.json

Encrypting document

This allows you to encrypt document in order to share and store them safely.

open-attestation encrypt <inputDocumentPath> <outputEncryptedPath>

Example:

open-attestation encrypt ./examples/wrapped-documents/example.0.json ./tmp/encrypted.json

✔  success   Encrypted document saved to: tmp/encrypted.json
⚠  warning   Here is the key to decrypt the document: don't lose it: 9bac5be27bac31d852fc1e48eb9d5249ec6ad7978da23377b5879f7a24994cb2

Decrypting document

This allows you to decrypt document encrypted using the method above.

open-attestation decrypt <input> <output> <key>

Example:

open-attestation decrypt ./src/__tests__/fixture/did-dns-encrypted.json decrypted.json 88da9b9cd61cfc1677ae7e79dba9b3aeba4b40c95f94c950759e76c6210b5402

✔  success   Decrypted document saved to: decrypted.json

Token registry

Deploy new token registry

Deploys a token registry contract on the blockchain

open-attestation deploy token-registry <registry-name> <registry-symbol> [options]

Example - with private key set in OA_PRIVATE_KEY environment variable (recommended). More options.

open-attestation deploy token-registry "My Sample Token" MST --network ropsten

✔  success   Token registry deployed at 0x4B127b8d5e53872d403ce43414afeb1db67B1842

Deploy new title escrow

Deploys a title escrow contract on the blockchain

open-attestation deploy title-escrow --network <NETWORK> --address <TOKEN_REGISTRY_ADDRESS> --beneficiary <BENEFICIARY_ADDRESS> --holder <HOLDER_ADDRESS>

Example - with private key set in OA_PRIVATE_KEY environment variable (recommended). More options.

open-attestation deploy title-escrow --network ropsten --address 0x4B127b8d5e53872d403ce43414afeb1db67B1842 --beneficiary 0x6FFeD6E6591b808130a9b248fEA32101b5220eca --holder 0x6FFeD6E6591b808130a9b248fEA32101b5220eca

✔  success   Title escrow deployed at 0xB26B4941941C51a4885E5B7D3A1B861E54405f90

Issue document to token registry

Issue a hash to a token registry deployed on the blockchain. The tokenId option would be used to indicate the document hash, and the to option to indicate the title escrow address the document is mapped to.

open-attestation token-registry issue --network <NETWORK> --address <TOKEN_REGISTRY_ADDRESS> --tokenId <TOKEN_ID> --to <TO> [options]

Example - with private key set in OA_PRIVATE_KEY environment variable (recommended). More options.

open-attestation token-registry mint --network ropsten --address 0x6133f580aE903b8e79845340375cCfd78a45FF35 --tokenId 0x10ee711d151bc2139473a57531f91d961b639affb876b350c31d031059cdcc2c --to 0xB26B4941941C51a4885E5B7D3A1B861E54405f90


✔  success   Token with hash 0x10ee711d151bc2139473a57531f91d961b639affb876b350c31d031059cdcc2c has been issued on 0x6133f580aE903b8e79845340375cCfd78a45FF35 with the initial recipient being 0xB26B4941941C51a4885E5B7D3A1B861E54405f90

mint can be used instead of issue and will be strictly equivalent.

Document Store

Deploy new document store

Deploys a document store contract on the blockchain

open-attestation deploy document-store <store-name> [options]

Example - with private key set in OA_PRIVATE_KEY environment variable (recommended). More options.

open-attestation deploy document-store "My Name" --network ropsten

✔  success   Document store deployed at 0x4B127b8d5e53872d403ce43414afeb1db67B1842

Issue document to document store

Issue a hash to a document store deployed on the blockchain

open-attestation document-store issue --address <DOCUMENT_STORE_ADDRESS> --hash <HASH> [options]

Example - with private key set in OA_PRIVATE_KEY environment variable (recommended). More options.

open-attestation document-store issue --network ropsten --address 0x19f89607b52268D0A19543e48F790c65750869c6 --hash 0x43033b53a462036304f526aeaf3aaeea8d905997d6fde3bb1a02188eadbaaec1

✔  success   Document/Document Batch with hash 0x0c1a666aa55d17d26412bb57fbed96f40ec5a08e2f995a108faf45429ae3511f has been issued on 0x19f89607b52268D0A19543e48F790c65750869c6

Revoke document in document store

Revoke a hash to a document store deployed on the blockchain

open-attestation document-store revoke --address <DOCUMENT_STORE_ADDRESS> --hash <HASH> [options]

Example - with private key set in OA_PRIVATE_KEY environment variable (recommended). More options.

open-attestation document-store revoke --network ropsten --address 0x19f89607b52268D0A19543e48F790c65750869c6 --hash 0x43033b53a462036304f526aeaf3aaeea8d905997d6fde3bb1a02188eadbaaec1

✔  success   Document/Document Batch with hash 0x0c1a666aa55d17d26412bb57fbed96f40ec5a08e2f995a108faf45429ae3511f has been revoked on 0x19f89607b52268D0A19543e48F790c65750869c6

Transfer ownership of document store

Transfer ownership of a document store deployed on the blockchain to another wallet

open-attestation document-store transfer-ownership --address <DOCUMENT_STORE_ADDRESS> --new-owner <HASH> [options]

Example - with private key set in OA_PRIVATE_KEY environment variable (recommended). More options.

open-attestation document-store transfer-ownership --address 0x80732bF5CA47A85e599f3ac9572F602c249C8A28 --new-owner 0xf81ea9d2c0133de728d28b8d7f186bed61079997 --network ropsten

✔  success   Ownership of document store 0x80732bF5CA47A85e599f3ac9572F602c249C8A28 has been transferred to new wallet 0xf81ea9d2c0133de728d28b8d7f186bed61079997

Verify

Verify if a document is valid.

open-attestation document-store verify --document ./examples/wrapped-documents/example.0.json --network ropsten

…  awaiting  Verifying examples/wrapped-documents/example.0.json
✔  success   The document is valid

DID Direct Signing

Sign on an OA document directly with a private key.

open-attestation sign ./examples/unsigned-documents -f ./examples/sample-key -p did:ethr:0x6813Eb9362372EEF6200f3b1dbC3f819671cBA69#controller --output-dir ./examples/signed-documents

DNS TXT Record

Create a temporary DNS TXT record in OpenAttestation sandbox

open-attestation dns txt-record create --address 0xf51030c5751a646284c898cff0f9d833c64a50d6f307b61f2c96c3c838b13bfc --networkId 10
✔  success   Record created at exotic-blush-primate.sandbox.openattestation.com and will stay valid until Thu Jul 02 2020 13:51:34 GMT+0800 (Singapore Standard Time)

Get the list of DNS TXT records associated to a domain

open-attestation dns txt-record get --location resulting-magenta-locust.sandbox.openattestation.com
┌─────────┬────────────┬────────────┬───────┬──────────┬────────┐
│ (index) │    type    │    net     │ netId │   addr   │ dnssec │
├─────────┼────────────┼────────────┼───────┼──────────┼────────┤
│    0    │ 'openatts' │ 'ethereum' │ '10'  │ '0xabcd' │ false  │
└─────────┴────────────┴────────────┴───────┴──────────┴────────┘

Filter the list of DNS TXT records associated to a domain on a specific network

open-attestation dns txt-record get --location example.openattestation.com --networkId 3
┌─────────┬────────────┬────────────┬───────┬──────────────────────────────────────────────┬────────┐
│ (index) │    type    │    net     │ netId │                     addr                     │ dnssec │
├─────────┼────────────┼────────────┼───────┼──────────────────────────────────────────────┼────────┤
│    0    │ 'openatts' │ 'ethereum' │  '3'  │ '0x2f60375e8144e16Adf1979936301D8341D58C36C' │ false  │
│    1    │ 'openatts' │ 'ethereum' │  '3'  │ '0x532C9Ff853CA54370D7492cD84040F9f8099f11B' │ false  │
│    2    │ 'openatts' │ 'ethereum' │  '3'  │ '0x53f3a47C129Ea30D80bC727556b015F02bE63811' │ false  │
│    3    │ 'openatts' │ 'ethereum' │  '3'  │ '0x8Fc57204c35fb9317D91285eF52D6b892EC08cD3' │ false  │
│    4    │ 'openatts' │ 'ethereum' │  '3'  │ '0xdcA6Eea7024151c270b50FcA9E67161119B06BAD' │ false  │
└─────────┴────────────┴────────────┴───────┴──────────────────────────────────────────────┴────────┘

Config (Create configuration file)

This command will generate a config file with sandbox DNS, document store and token registry.

Please note that a wallet.json file in testnetwork with sufficient funds must be client in order for this command to work.

You will need:

--output-dir option specify which folder the config file will be created in.
--encrypted-wallet-path option indicates a path to an encrypted wallet.
--config-template-url option to provide a path to reference a config template file hosted on a public url.
--config-template-path option to provide a path to reference a config template file locally.

There are 2 ways of using this command to generate a config file, both in which, will return a new config file with sandbox DNS, updated document store and updated token registry.

Method 1: Using config-template-url option (recommended)

This method will generate the most basic config file with a sandbox DNS, document store and token registry. The reference config templates are here.

Step 1: Generate a wallet.json file

// If you already have a wallet.json that is in ropsten network with sufficient funds, you can skip this step.
open-attestation wallet create --output-file wallet.json --fund ropsten

Step 2: Generate config file by passing in the generated wallet.json file

open-attestation config create --output-dir ./example-configs --encrypted-wallet-path </path/to>/wallet.json --config-template-url <remote url>

Method 2: Using config-template-path option

This method will generate a copy of your existing config file with the updated sandbox DNS, document store and token registry.

Step 1: Generate a wallet.json file

// If you already have a wallet.json that is in ropsten network with sufficient funds, you can skip this step.
open-attestation wallet create --output-file wallet.json --fund ropsten

Step 2: Generate config file by passing in the generated wallet.json file and a existing config file

open-attestation config create --output-dir ./example-configs --encrypted-wallet-path </path/to>/wallet.json --config-template-path </path/to>/config.json

Title Escrow

Change Holder

This command will allow the owner of a transferable record to change its holder.

open-attestation title-escrow change-holder --token-registry <TOKEN_REGISTRY_ADDRESS> --tokenId <TOKEN_ID> --to <TO> [options]

Example - with private key set in OA_PRIVATE_KEY environment variable (recommended). More options.

open-attestation title-escrow change-holder --token-registry 0x4933e30eF8A083f49d14759b2eafC94E56F0b3A7 --tokenId 0x951b39bcaddc0e8882883db48ca258ca35ccb01fee328355f0dfda1ff9be9990 --to 0xB26B4941941C51a4885E5B7D3A1B861E54405f90

✔  success   Transferable record with hash 0x951b39bcaddc0e8882883db48ca258ca35ccb01fee328355f0dfda1ff9be9990's holder has been successfully changed to holder with address: 0xB26B4941941C51a4885E5B7D3A1B861E54405f90

Nominate Change of Owner

This command will allow the owner of the transferable record to nominate a new owner of the transferable record. This command will fail if you are not the owner of the transferable record.

open-attestation title-escrow nominate-change-owner --token-registry <TOKEN_REGISTRY_ADDRESS> --tokenId <TOKEN_ID> --newOwner <NEW_OWNER_ADDRESS> [options]

Example - with private key set in OA_PRIVATE_KEY environment variable (recommended). More options.

open-attestation title-escrow nominate-change-owner --token-registry 0x4933e30eF8A083f49d14759b2eafC94E56F0b3A7 --tokenId 0x951b39bcaddc0e8882883db48ca258ca35ccb01fee328355f0dfda1ff9be9990 --newOwner 0xB26B4941941C51a4885E5B7D3A1B861E54405f90

✔  success   Transferable record with hash 0x951b39bcaddc0e8882883db48ca258ca35ccb01fee328355f0dfda1ff9be9990's holder has been successfully nominated to new owner with address: 0xB26B4941941C51a4885E5B7D3A1B861E54405f90

Endorse Transfer of Owner

This command will allow the holder of the transferable record to endorse the transfer to an approved owner and approved holder of the transferable record. This command will fail if there is no approved owner or holder record on the transferable record.

open-attestation title-escrow endorse-transfer-owner --token-registry <TOKEN_REGISTRY_ADDRESS> --tokenId <TOKEN_ID> [options]

Example - with private key set in OA_PRIVATE_KEY environment variable (recommended). More options.

open-attestation title-escrow endorse-transfer-owner --token-registry 0x4933e30eF8A083f49d14759b2eafC94E56F0b3A7 --tokenId 0x951b39bcaddc0e8882883db48ca258ca35ccb01fee328355f0dfda1ff9be9990

✔  success   Transferable record with hash 0x951b39bcaddc0e8882883db48ca258ca35ccb01fee328355f0dfda1ff9be9990's holder has been successfully endorsed to approved owner at 0x2f60375e8144e16Adf1979936301D8341D58C36C and approved holder at 0xB26B4941941C51a4885E5B7D3A1B861E54405f90

Endorse Change of Owner

This command will allow the owner of the transferable record to endorse the change of owner to a new owner and new holder of the transferable record. This command will fail if the provided holder and owner's addresses are the same as the current owner and current holder's addresses.

open-attestation title-escrow endorse-change-owner --token-registry <TOKEN_REGISTRY_ADDRESS> --tokenId <TOKEN_ID> --newOwner <NEW_OWNER_ADDRESS> --newHolder <NEW_HOLDER_ADDRESS> [options]

Example - with private key set in OA_PRIVATE_KEY environment variable (recommended). More options.

open-attestation title-escrow endorse-change-owner --token-registry 0x4933e30eF8A083f49d14759b2eafC94E56F0b3A7 --tokenId 0x951b39bcaddc0e8882883db48ca258ca35ccb01fee328355f0dfda1ff9be9990 --newOwner 0xB26B4941941C51a4885E5B7D3A1B861E54405f90 --newHolder 0x2f60375e8144e16Adf1979936301D8341D58C36C

✔  success   Transferable record with hash 0x951b39bcaddc0e8882883db48ca258ca35ccb01fee328355f0dfda1ff9be9990's holder has been successfully endorsed to new owner with address 0x2f60375e8144e16Adf1979936301D8341D58C36C and new holder with address: 0xB26B4941941C51a4885E5B7D3A1B861E54405f90

Surrender Document

This command will allow the entity (who is both an owner and holder) to surrender it's transferable record to the token registry.

open-attestation title-escrow surrender --token-registry <TOKEN_REGISTRY_ADDRESS> --tokenId <TOKEN_ID> [options]

Example - with private key set in OA_PRIVATE_KEY environment variable (recommended). More options.

open-attestation title-escrow reject-surrendered --token-registry 0x4933e30eF8A083f49d14759b2eafC94E56F0b3A7 --tokenId 0x951b39bcaddc0e8882883db48ca258ca35ccb01fee328355f0dfda1ff9be9990 --network ropsten

✔  success   Transferable record with hash 0x951b39bcaddc0e8882883db48ca258ca35ccb01fee328355f0dfda1ff9be9990 has been surrendered.

Reject Surrendered Document

This command will allow the token registry to reject a surrendered transferable record.

open-attestation title-escrow reject-surrendered --token-registry <TOKEN_REGISTRY_ADDRESS> --tokenId <TOKEN_ID> [options]

Example - with private key set in OA_PRIVATE_KEY environment variable (recommended). More options.

open-attestation title-escrow reject-surrendered --token-registry 0x4933e30eF8A083f49d14759b2eafC94E56F0b3A7 --tokenId 0x951b39bcaddc0e8882883db48ca258ca35ccb01fee328355f0dfda1ff9be9990 --network ropsten

✔  success   Surrendered transferable record with hash 0x951b39bcaddc0e8882883db48ca258ca35ccb01fee328355f0dfda1ff9be9990 has been rejected.

Accept Surrendered Document

This command will allow the token registry to accept a surrendered transferable record.

open-attestation title-escrow accept-surrendered --token-registry <TOKEN_REGISTRY_ADDRESS> --tokenId <TOKEN_ID> [options]

Example - with private key set in OA_PRIVATE_KEY environment variable (recommended). More options.

open-attestation title-escrow accept-surrendered --token-registry 0x4933e30eF8A083f49d14759b2eafC94E56F0b3A7 --tokenId 0x951b39bcaddc0e8882883db48ca258ca35ccb01fee328355f0dfda1ff9be9990 --network ropsten

✔  success   Surrendered transferable record with hash 0x951b39bcaddc0e8882883db48ca258ca35ccb01fee328355f0dfda1ff9be9990 has been accepted.

Help

Run the command with --help to get additional information

open-attestation deploy
open-attestation document-store
open-attestation encrypt
open-attestation filter
open-attestation verify
open-attestation wrap
open-attestation sign

Development

To run on local

npm run dev -- <command> <options>

To run tests

npm run test

Performance testing

To run performance testing for OA functionality

Wrap

Monitor the response time for batched documents wrapping.

The Default command will testing: 2 documents without base64 image in 1 iteration.

npm run benchmark

The number of documents and iteration can be modified using these options.

First argument : Number of document for batched wrapping
Second argument : Number of performance test iteration to achieve higher accuracy
Third argument : File path for testing ( For window user, please encase the path in " " quotation marks )

Example:

npm run benchmark 4 1 performance-tests/unwrapped_document_wImage.json

@everything-registry/sub-chunk-917

0.0.2-development

2 years ago

0.0.1-development

2 years ago

0.0.0-development

2 years ago