Table of Contents
Introduction
This guide will demonstrate how to create a ZKP-enabled credential.
Check out the video:
We use the Privacy Enhanced Mode for embedded Youtube videos.
Prerequisites
You need access to the MATTR Platform APIs. If you’re experiencing any difficulties, contact us.
In order to create a credential, you will need the following information:
- Subject DID
- Credential type
- JSON-LD claim names as defined by schema.org
- Claim values
Create a DID
In order to create a ZKP-enabled credential you first need to create an Issuer DID with a bls12381g2
key type, which supports BBS+ signatures for issuing ZKP-enabled credentials.
Request
Set the keyType
in the options to bls12381g2
in order to create a DID with a BLS key type.
{"method": "key""options": {"keyType": "bls12381g2"}}
Response
- The resulting DID resides in the
did
attribute. did:key
DIDs will always have aregistrationStatus
ofCOMPLETED
as they are not stored in any external registry such as a ledger and are instantly available to be used and resolved
{"did": "did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v","registrationStatus": "COMPLETED","localMetadata": {"keys": [{"didDocumentKeyId": "did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v#zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v","kmsKeyId": "25voPUCTSWXcDLCZNfZeTWuNaDcM3KgQZqwkvuY1s2GNGJ3tJ3UubY8uFR4X8Ykhdb2xTnXkGffugi9rHsM4A3J5FRPCyoAh4ZrdcCWUSEj29pGahY1cUA7uR1ns52JeZBQc"}],"registered": 1600918030673,"initialDidDocument": {"@context": "https://w3.org/ns/did/v1","id": "did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v","publicKey": [{"id": "did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v#zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v","type": "Bls12381G2Key2020","controller": "did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v","publicKeyBase58": "25voPUCTSWXcDLCZNfZeTWuNaDcM3KgQZqwkvuY1s2GNGJ3tJ3UubY8uFR4X8Ykhdb2xTnXkGffugi9rHsM4A3J5FRPCyoAh4ZrdcCWUSEj29pGahY1cUA7uR1ns52JeZBQc"}],"authentication": ["did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v#zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v"],"assertionMethod": ["did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v#zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v"],"capabilityDelegation": ["did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v#zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v"],"capabilityInvocation": ["did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v#zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v"]}}}
Create a credential
Create a credential by making an API request as follows:
Request
POST https://tenant.platform.mattr.global/v1/credentials
{"issuer": {"id": "did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v","name": "tenant"},"@context": ["https://www.w3.org/2018/credentials/v1","https://schema.org"],"subjectId": "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi","type": ["VerifiableCredential","Course"],"claims": {"givenName": "Chris","familyName": "Shin","educationalCredentialAwarded": "Certificate Name"},"persist": false,"revocable": true}
The issuer.id
contains the DID of the issuer, as created in the previous step.
When the issuer DID has the “keyType”:“bls12381g2”, the platform will automatically detect this capability and issue a ZKP-enabled BBS+ credential.
The @context
must include the reference to the W3C credential definition "https://www.w3.org/2018/credentials/v1"
and this example will use a common data vocab https://schema.org
which is referenced in the claims
field.
The subjectId
defines the DID of the subject. The issued credential attests claims about the subject.
type
is an array of credential types that must start with VerifiableCredential
. It indicates what sort of information a credential holds.
- http://schema.org/givenName
- http://schema.org/familyName
- http://schema.org/educationalCredentialAwarded
Response
{"id": "ab42adbc-1139-47f0-9256-3bf5a01fcc7e","credential": {"type": ["VerifiableCredential","Course"],"issuer": {"id": "did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v","name": "tenant"},"issuanceDate": "2020-09-24T19:16:33.222Z","credentialSubject": {"id": "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi","givenName": "Chris","familyName": "Shin","educationalCredentialAwarded": "Certificate Name"},"@context": ["https://www.w3.org/2018/credentials/v1","https://w3c-ccg.github.io/ldp-bbs2020/context/v1","https://schema.org","https://w3id.org/vc-revocation-list-2020/v1"],"credentialStatus": {"id": "https://tenant.platform.mattr.global/v1/revocation-lists/dd7ceeaa-a5e0-4ab3-a70c-b7237500c605#0","type": "RevocationList2020Status","revocationListIndex": "0","revocationListCredential": "https://tenant.platform.mattr.global/v1/revocation-lists/dd7ceeaa-a5e0-4ab3-a70c-b7237500c605"},"proof": {"type": "BbsBlsSignature2020","created": "2020-11-24T19:16:33Z","proofPurpose": "assertionMethod","proofValue": "pVJlfG/Ra9h8WbwqthNsT4lY9Xx5eVxZR6j0GY3yoDNzJq1CuF+nWKgcie3LpAn3UQpzkiODY46kt/WWaqGzyKyX4k5KRsBuSU9pSAL5Y99QFhnrm8t2MeKuZ1NL++ZO1+IelYtNjl6OmajHdphDUA==","verificationMethod": "did:key:zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v#zUC7KmMGXt7fs9URk9EDqWLfpCjVTtfFMexViLLkPPUfm9j4heqvk9JkLarva3sP54FGjFNLpwc63ZTef2aR2cPssFbyDj75kopYqWL16j7JigA2BAvJcwnaKvKPUybxbroRg1v"}},"credentialStatus": {"id": "https://product-team.platform.staging.mattrlabs.io/v1/revocation-lists/dd7ceeaa-a5e0-4ab3-a70c-b7237500c605#0","type": "RevocationList2020Status","revocationListIndex": "0","revocationListCredential": "https://product-team.platform.staging.mattrlabs.io/v1/revocation-lists/dd7ceeaa-a5e0-4ab3-a70c-b7237500c605"},"issuanceDate": "2020-09-24T19:16:33.222Z"}
The returned credential
attribute contains the VerifiableCredential
object.
Because this is a ZKP-enabled credential it contains a BBS+ signature, which enables selective disclosure as defined by the proof type of BbsBlsSignature2020
. For more information on this signature suite, check out the specification at the W3C CCG.