@trustvc/trustvc 1.6.0-alpha.4 → 1.6.0-alpha.6

package/README.md

@@ -16,15 +16,16 @@ TrustVC is a comprehensive wrapper library designed to simplify the signing and
     - [2. **Signing**](#2-signing)
       - [a) OpenAttestation Signing (signOA) v2 v3](#a-openattestation-signing-signoa-v2-v3)
       - [b) TrustVC W3C Signing (signW3C)](#b-trustvc-w3c-signing-signw3c)
-    - [3. **Verifying**](#3-verifying)
-    - [4. **Encryption**](#4-encryption)
-    - [5. **Decryption**](#5-decryption)
-    - [6. **TradeTrust Token Registry**](#6-tradetrust-token-registry)
+    - [3. **Deriving (Selective Disclosure)**](#3-deriving-selective-disclosure)
+    - [4. **Verifying**](#4-verifying)
+    - [5. **Encryption**](#5-encryption)
+    - [6. **Decryption**](#6-decryption)
+    - [7. **TradeTrust Token Registry**](#7-tradetrust-token-registry)
       - [Usage](#usage-2)
       - [TradeTrustToken](#tradetrusttoken)
       - [a) Token Registry v4](#a-token-registry-v4)
       - [b) Token Registry V5](#b-token-registry-v5)
-    - [7. **Document Builder**](#7-document-builder)
+    - [8. **Document Builder**](#8-document-builder)
 
 ## Installation
 
@@ -154,15 +155,17 @@ const signedWrappedDocument = await signOA(wrappedDocument, {
 
 #### b) TrustVC W3C Signing (signW3C)
 
+The `signW3C` function signs W3C Verifiable Credentials using the provided cryptographic suite and key pair. By default, it uses the **ecdsa-sd-2023** crypto suite unless otherwise specified.
+
 ```ts
 import { signW3C, VerificationType } from '@trustvc/trustvc';
 
 const rawDocument = {
   '@context': [
-    'https://www.w3.org/2018/credentials/v1',
-    'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v1.jsonld',
-    'https://w3id.org/security/bbs/v1',
+    'https://www.w3.org/ns/credentials/v2',
+    'https://w3id.org/security/data-integrity/v2',
     'https://w3id.org/vc/status-list/2021/v1',
+    'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v2.jsonld',
   ],
   credentialStatus: {
     id: 'https://trustvc.github.io/did/credentials/statuslist/1#1',
@@ -172,29 +175,113 @@ const rawDocument = {
     statusListCredential: 'https://trustvc.github.io/did/credentials/statuslist/1',
   },
   credentialSubject: {
-    name: 'TrustVC',
+    type: ['Person']
+    givenName: 'TrustVC',
     birthDate: '2024-04-01T12:19:52Z',
-    type: ['PermanentResident', 'Person'],
   },
-  expirationDate: '2029-12-03T12:19:52Z',
   issuer: 'did:web:trustvc.github.io:did:1',
   type: ['VerifiableCredential'],
-  issuanceDate: '2024-04-01T12:19:52Z',
+  validFrom: '2024-04-01T12:19:52Z',
+  validUntil: '2029-12-03T12:19:52Z'
 };
 
+// Using default ecdsa-sd-2023 crypto suite
 const signingResult = await signW3C(rawDocument, {
-  id: 'did:web:trustvc.github.io:did:1#keys-1',
+  '@context': 'https://w3id.org/security/multikey/v1',
+  id: 'did:web:trustvc.github.io:did:1#multikey-1',
+  type: VerificationType.Multikey,
   controller: 'did:web:trustvc.github.io:did:1',
-  type: VerificationType.Bls12381G2Key2020,
-  publicKeyBase58:
-    'oRfEeWFresvhRtXCkihZbxyoi2JER7gHTJ5psXhHsdCoU1MttRMi3Yp9b9fpjmKh7bMgfWKLESiK2YovRd8KGzJsGuamoAXfqDDVhckxuc9nmsJ84skCSTijKeU4pfAcxeJ',
-  privateKeyBase58: '<privateKeyBase58>',
+  publicKeyMultibase: 'zDnaemDNwi4G5eTzGfRooFFu5Kns3be6yfyVNtiaMhWkZbwtc',
+  secretKeyMultibase: '<secretKeyMultibase>'
 });
+
+// You can also specify mandatory pointers for selective disclosure with ecdsa-sd-2023
+const signingResultWithPointers = await signW3C(
+  rawDocument,
+  {
+    '@context': 'https://w3id.org/security/multikey/v1',
+    id: 'did:web:trustvc.github.io:did:1#multikey-1',
+    type: VerificationType.Multikey,
+    controller: 'did:web:trustvc.github.io:did:1',
+    publicKeyMultibase: 'zDnaemDNwi4G5eTzGfRooFFu5Kns3be6yfyVNtiaMhWkZbwtc',
+    secretKeyMultibase: '<secretKeyMultibase>'
+  },
+  'ecdsa-sd-2023',
+  {
+    mandatoryPointers: ['/credentialStatus']
+  }
+);
+
+// Alternatively, specify a different crypto suite. Ensure the context is updated to include the crypto suite.
+const signingResultWithBbs = await signW3C(
+  rawDocument,
+  {
+    id: 'did:web:trustvc.github.io:did:1#keys-1',
+    controller: 'did:web:trustvc.github.io:did:1',
+    type: VerificationType.Bls12381G2Key2020,
+    publicKeyBase58: 'oRfEeWFresvhRtXCkihZbxyoi2JER7gHTJ5psXhHsdCoU1MttRMi3Yp9b9fpjmKh7bMgfWKLESiK2YovRd8KGzJsGuamoAXfqDDVhckxuc9nmsJ84skCSTijKeU4pfAcxeJ',
+    privateKeyBase58: '<privateKeyBase58>',
+  },
+  'BbsBlsSignature2020'
+);
+
+```
+
+---
+
+### 3. **Deriving (Selective Disclosure)**
+
+> When using ECDSA-SD-2023 crypto suite, we can derive a new credential with selective disclosure. This means you can choose which parts of the credential to reveal while keeping others hidden.
+
+```ts
+import { deriveW3C } from '@trustvc/trustvc';
+
+// This is a signed document using ecdsa-sd-2023
+const signedDocument = {
+  '@context': [
+    'https://www.w3.org/ns/credentials/v2',
+    'https://w3id.org/security/data-integrity/v2',
+    'https://w3id.org/vc/status-list/2021/v1',
+    'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v2.jsonld'
+  ],
+  credentialStatus: {
+    id: 'https://trustvc.github.io/did/credentials/statuslist/1#1',
+    type: 'StatusList2021Entry',
+    statusPurpose: 'revocation',
+    statusListIndex: '10',
+    statusListCredential: 'https://trustvc.github.io/did/credentials/statuslist/1'
+  },
+  credentialSubject: {
+    type: ['Person'],
+    givenName: 'TrustVC',
+    birthDate: '2024-04-01T12:19:52Z'
+  },
+  issuer: 'did:web:trustvc.github.io:did:1',
+  type: ['VerifiableCredential'],
+  validFrom: '2024-04-01T12:19:52Z',
+  validUntil: '2029-12-03T12:19:52Z',
+  id: 'urn:uuid:0198bd9e-6686-7ccd-9b2a-ce763ae710d7',
+  proof: {
+    type: 'DataIntegrityProof',
+    created: '2025-08-18T14:38:51Z',
+    verificationMethod: 'did:web:trustvc.github.io:did:1#multikey-1',
+    cryptosuite: 'ecdsa-sd-2023',
+    proofPurpose: 'assertionMethod',
+    proofValue: 'u2V0AhVhAxfLFkbv8J_O3zJAQrSWrEY3sgeMwN02b2eaHEgjnJYu1rnCBYORfZUVZwRoRuNIiY1NTGHmQpzlgqtQz7A0R3FgjgCQDzt3_aUvSMrlIZdsyVcB4KPHHjA4BbSv-PZ4Bbm4GpY5YIA1mQ8LYmpjJ7vNvN3DsfIengZrnziTLO9exbZjn1KqFilhA0lp1y6BZ-fhiUdWsojYesLDSzCy6Tq_AICaIvCjYSJMEaY7SomJnCkdpuhM0GQHDTy5kjzb7sSzowACqDDf9OVhAfOC7vg4WQGrI6M3dvLZW3KlBzp1SurRz1PPeHcqOGEDrqybzIlolwNXMhc2T8rcVLl-E04wNsiVjamvqWAQN-lhA4HmVqIxKuR0QvCMEVq3cjUU7G1pQbgMdp9HZDasOT9nh_k5l3JfcXB1_qtRblljXWN0FRKAr9T-DhxzDzGl3-lhA4nNDzd-6xl74rWqr_7U9XZE7LoE-mbgBsyOAOlfHGumMxwddnEZp2iD2uZ7lLXX8Q-nSDXJVvUqKLksy1l2vqVhAm3daNYjH1kVrTW7V-DElcj3K_QfbHEvjd1F2TGVGtBVhF8o01yCxXRX0vzk-AZLZnpDnAUBTSTF5Q8rF-t7L9lhAO7NeIXQtQsdncqtLm2qk1XzFYL2FM5Hx4GZOX39VyT4T0AlFRZQuY9WXYnvMZSvacRvJaSJk5S3cZ6uBminQgVhAExuTEvJQu42-SiaOJ_6M0EjuQfqIgJE-JHirmYs3AAoH_4EKUtPU3y_jRB8XFZxA-wtFDv3KJjqXtNo5aA_6f1hAaokZPSJghFufTaVR8LAwHpXOncGJblKpUZQjKWuA_o2s6tGmx-ja0wgpsqSxvAGMTtkhFTMOI2-tzUuGE05tk1hAzABtV2yEX-RAQFpxkuV0XydAsJDh2dPscrpPHqMfmORsC3xRNL73uDaqqlaL99CvOgq4kJWmChw7TUYO62yaSVhA5-F-snwj-OZtws7_qMwvBgeNK9wvkZTlFLjRV6GDYx6r5TaLkR05GVzyBMv0Qs2z-cXPRZByS7p7_hbeykoYSYJnL2lzc3VlcmovdmFsaWRGcm9t'
+  }
+};
+
+// Derive a new credential with only specific fields disclosed
+const derivationResult = await deriveW3C(signedDocument, {
+  // Only reveal the credential type and givenName, hide birthDate
+  selectivePointers: ['/type', '/credentialSubject/givenName']
+});
+
 ```
 
 ---
 
-### 3. **Verifying**
+### 4. **Verifying**
 
 > TrustVC simplifies the verification process with a single function that supports both W3C Verifiable Credentials (VCs) and OpenAttestation Verifiable Documents (VDs). Whether you're working with W3C standards or OpenAttestation standards, TrustVC handles the verification seamlessly.
 
@@ -239,7 +326,7 @@ const resultFragments = await verifyDocument(signedDocument);
 
 ---
 
-### 4. **Encryption**
+### 5. **Encryption**
 
 > The `encrypt` function encrypts plaintext messages using the **ChaCha20** encryption algorithm, ensuring the security and integrity of the input data. It supports custom keys and nonces, returning the encrypted message in hexadecimal format.
 
@@ -316,7 +403,7 @@ It also relies on the `ts-chacha20` library for encryption operations.
 
 ---
 
-### 5. **Decryption**
+### 6. **Decryption**
 
 > The `decrypt` function decrypts messages encrypted with the **ChaCha20** algorithm. It converts the input from a hexadecimal format back into plaintext using the provided key and nonce.
 
@@ -399,7 +486,7 @@ It also relies on the `ts-chacha20` library for decryption operations.
 
 ---
 
-### 6. **TradeTrust Token Registry**
+### 7. **TradeTrust Token Registry**
 
 > The Electronic Bill of Lading (eBL) is a digital document that can be used to prove the ownership of goods. It is a standardized document that is accepted by all major shipping lines and customs authorities. The [Token Registry](https://github.com/TradeTrust/token-registry) repository contains both the smart contract (v4 and v5) code for token registry (in `/contracts`) as well as the node package for using this library (in `/src`).
 > The TrustVC library not only simplifies signing and verification but also imports and integrates existing TradeTrust libraries and smart contracts for token registry (V4 and V5), making it a versatile tool for decentralized identity and trust solutions.
@@ -589,7 +676,7 @@ function rejectTransferOwners(bytes calldata _remark) external;
 
 For more information on Token Registry and Title Escrow contracts **version v5**, please visit the readme of [TradeTrust Token Registry V5](https://github.com/TradeTrust/token-registry/blob/master/README.md)
 
-### 7. **Document Builder**
+### 8. **Document Builder**
 > The `DocumentBuilder` class helps build and manage W3C Verifiable Credentials (VCs) with credential status features. It supports creating documents with two types of credential statuses: `transferableRecords` and `verifiableDocument`. It can sign the document using a private key, verify its signature, and serialize the document to a JSON format. Additionally, it allows for configuration of document rendering methods and expiration dates.
 
 #### Usage

package/dist/cjs/core/documentBuilder.js

@@ -8,7 +8,7 @@ var tokenRegistryV4$1 = require('@tradetrust-tt/token-registry-v4');
 var tokenRegistryV5$1 = require('@tradetrust-tt/token-registry-v5');
 var tokenRegistryV4 = require('../token-registry-v4');
 var tokenRegistryV5 = require('../token-registry-v5');
-var tradetrustUtils = require('@tradetrust-tt/tradetrust-utils');
+var utils = require('../utils');
 
 var __defProp = Object.defineProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
@@ -181,7 +181,7 @@ class DocumentBuilder {
   // Private helper method to verify that the token registry supports the required interface for transferable records.
   async verifyTokenRegistry() {
     const chainId = this.document.credentialStatus.tokenNetwork.chainId;
-    if (!(chainId in tradetrustUtils.SUPPORTED_CHAINS)) {
+    if (!(chainId in utils.SUPPORTED_CHAINS)) {
       throw new Error(`Unsupported Chain: Chain ID ${chainId} is not supported.`);
     }
     try {

package/dist/cjs/open-attestation/utils.js

@@ -12,7 +12,6 @@ const {
   isSignedWrappedV3Document,
   isRawV2Document,
   isRawV3Document,
-  isObfuscated,
   getDocumentData,
   getIssuerAddress,
   diagnose,
@@ -49,7 +48,6 @@ exports.getDocumentData = getDocumentData;
 exports.getIssuerAddress = getIssuerAddress;
 exports.getTemplateURL = getTemplateURL;
 exports.isDocumentRevokable = isDocumentRevokable;
-exports.isObfuscated = isObfuscated;
 exports.isRawV2Document = isRawV2Document;
 exports.isRawV3Document = isRawV3Document;
 exports.isSignedWrappedV2Document = isSignedWrappedV2Document;

package/dist/cjs/token-registry-functions/returnToken.js

@@ -187,7 +187,7 @@ const acceptReturned = /* @__PURE__ */ __name(async (contractOptions, signer, pa
   const encryptedRemarks = remarks && isV5TT ? `0x${core.encrypt(remarks, options.id)}` : "0x";
   try {
     const isV6 = ethers.isV6EthersProvider(signer.provider);
-    const args = isV5TT ? [encryptedRemarks] : [];
+    const args = isV5TT ? [tokenId, encryptedRemarks] : [tokenId];
     if (isV6) {
       await tradeTrustTokenContract.burn.staticCall(...args);
     } else {

package/dist/cjs/utils/documents/index.js

@@ -73,9 +73,36 @@ const getChainId = /* @__PURE__ */ __name((document) => {
     return void 0;
   }
 }, "getChainId");
+const isObfuscated = /* @__PURE__ */ __name((document) => {
+  if (openAttestation.isWrappedV3Document(document)) {
+    return !!document.proof.privacy?.obfuscated?.length;
+  }
+  if (openAttestation.isWrappedV2Document(document)) {
+    return !!document.privacy?.obfuscatedData?.length;
+  }
+  if (vc.isSignedDocument(document)) {
+    return document.proof?.type === "BbsBlsSignatureProof2020";
+  }
+  throw new Error(
+    "Unsupported document type: Can only check if there are obfuscated data from wrapped OpenAttestation v2, v3 documents and signed verifiable credentials."
+  );
+}, "isObfuscated");
+const getObfuscatedData = /* @__PURE__ */ __name((document) => {
+  if (openAttestation.isWrappedV3Document(document)) {
+    return document.proof.privacy?.obfuscated;
+  }
+  if (openAttestation.isWrappedV2Document(document)) {
+    return document.privacy?.obfuscatedData || [];
+  }
+  throw new Error(
+    "Unsupported document type: Can only retrieve obfuscated data from wrapped OpenAttestation v2 & v3 documents."
+  );
+}, "getObfuscatedData");
 
 exports.getChainId = getChainId;
+exports.getObfuscatedData = getObfuscatedData;
 exports.getTokenId = getTokenId;
 exports.getTokenRegistryAddress = getTokenRegistryAddress;
 exports.getTransferableRecordsCredentialStatus = getTransferableRecordsCredentialStatus;
+exports.isObfuscated = isObfuscated;
 exports.isTransferableRecord = isTransferableRecord;

package/dist/cjs/utils/errorMessages/index.js

@@ -1,10 +1,14 @@
 'use strict';
 
 var tradetrustUtils = require('@tradetrust-tt/tradetrust-utils');
+var types = require('./types');
 
+const errorMessages = tradetrustUtils.CONSTANTS;
 
-
-Object.defineProperty(exports, "errorMessages", {
-  enumerable: true,
-  get: function () { return tradetrustUtils.CONSTANTS; }
+exports.errorMessages = errorMessages;
+Object.keys(types).forEach(function (k) {
+  if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
+    enumerable: true,
+    get: function () { return types[k]; }
+  });
 });

package/dist/cjs/utils/errorMessages/types.js

@@ -0,0 +1,2 @@
+'use strict';
+

package/dist/cjs/verify/fragments/document-integrity/ecdsaW3CSignatureIntegrity.js

@@ -0,0 +1,87 @@
+'use strict';
+
+var __ = require('../../..');
+var w3cVc = require('@trustvc/w3c-vc');
+
+var __defProp = Object.defineProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+const PROOF_TYPE = "DataIntegrityProof";
+const CRYPTOSUITE = "ecdsa-sd-2023";
+const DERIVE_CREDENTIAL_ERROR = "Use deriveCredential() first";
+function isSignedVerifiableCredential(document) {
+  return typeof document === "object" && document !== null && "proof" in document;
+}
+__name(isSignedVerifiableCredential, "isSignedVerifiableCredential");
+const ecdsaW3CSignatureIntegrity = {
+  skip: /* @__PURE__ */ __name(async () => {
+    return {
+      type: "DOCUMENT_INTEGRITY",
+      name: "EcdsaW3CSignatureIntegrity",
+      reason: {
+        code: 0,
+        codeString: "SKIPPED",
+        message: `Document either has no proof or proof type is not '${PROOF_TYPE}' or proof cryptosuite is not '${CRYPTOSUITE}'.`
+      },
+      status: "SKIPPED"
+    };
+  }, "skip"),
+  test: /* @__PURE__ */ __name((document) => {
+    const doc = document;
+    return doc.proof?.type === "DataIntegrityProof" && doc.proof?.cryptosuite === "ecdsa-sd-2023";
+  }, "test"),
+  verify: /* @__PURE__ */ __name(async (document, verifierOptions) => {
+    if (!isSignedVerifiableCredential(document)) {
+      return {
+        type: "DOCUMENT_INTEGRITY",
+        name: "EcdsaW3CSignatureIntegrity",
+        data: false,
+        reason: {
+          message: "Document is not a valid SignedVerifiableCredential"
+        },
+        status: "INVALID"
+      };
+    }
+    try {
+      let verificationResult = await __.verifyW3CSignature(document, verifierOptions);
+      let isDerived = true;
+      if (!verificationResult.verified && verificationResult.error?.includes(DERIVE_CREDENTIAL_ERROR)) {
+        const derivedCredential = await w3cVc.deriveCredential(document, []);
+        verificationResult = await __.verifyW3CSignature(derivedCredential.derived, verifierOptions);
+        isDerived = false;
+      }
+      if (verificationResult.verified) {
+        return {
+          type: "DOCUMENT_INTEGRITY",
+          name: "EcdsaW3CSignatureIntegrity",
+          data: true,
+          reason: {
+            message: isDerived ? "Document verified successfully" : "Document verified after derivation"
+          },
+          status: "VALID"
+        };
+      } else {
+        return {
+          type: "DOCUMENT_INTEGRITY",
+          name: "EcdsaW3CSignatureIntegrity",
+          data: false,
+          reason: {
+            message: verificationResult.error || "Verification failed"
+          },
+          status: "INVALID"
+        };
+      }
+    } catch (error) {
+      return {
+        type: "DOCUMENT_INTEGRITY",
+        name: "EcdsaW3CSignatureIntegrity",
+        data: false,
+        reason: {
+          message: error instanceof Error ? error.message : "Unknown verification error"
+        },
+        status: "INVALID"
+      };
+    }
+  }, "verify")
+};
+
+exports.ecdsaW3CSignatureIntegrity = ecdsaW3CSignatureIntegrity;

package/dist/cjs/verify/fragments/index.js

@@ -2,6 +2,7 @@
 
 var ttVerify = require('@tradetrust-tt/tt-verify');
 var w3cSignatureIntegrity = require('./document-integrity/w3cSignatureIntegrity');
+var ecdsaW3CSignatureIntegrity = require('./document-integrity/ecdsaW3CSignatureIntegrity');
 var transferableRecordVerifier = require('./document-status/transferableRecords/transferableRecordVerifier');
 var w3cCredentialStatus = require('./document-status/w3cCredentialStatus');
 var w3cIssuerIdentity = require('./issuer-identity/w3cIssuerIdentity');
@@ -41,6 +42,10 @@ Object.defineProperty(exports, "w3cSignatureIntegrity", {
   enumerable: true,
   get: function () { return w3cSignatureIntegrity.w3cSignatureIntegrity; }
 });
+Object.defineProperty(exports, "ecdsaW3CSignatureIntegrity", {
+  enumerable: true,
+  get: function () { return ecdsaW3CSignatureIntegrity.ecdsaW3CSignatureIntegrity; }
+});
 Object.defineProperty(exports, "TRANSFERABLE_RECORDS_TYPE", {
   enumerable: true,
   get: function () { return transferableRecordVerifier.TRANSFERABLE_RECORDS_TYPE; }

package/dist/cjs/verify/verify.js

@@ -2,6 +2,7 @@
 
 var ttVerify = require('@tradetrust-tt/tt-verify');
 var w3cSignatureIntegrity = require('./fragments/document-integrity/w3cSignatureIntegrity');
+var ecdsaW3CSignatureIntegrity = require('./fragments/document-integrity/ecdsaW3CSignatureIntegrity');
 var transferableRecordVerifier = require('./fragments/document-status/transferableRecords/transferableRecordVerifier');
 var w3cCredentialStatus = require('./fragments/document-status/w3cCredentialStatus');
 var w3cIssuerIdentity = require('./fragments/issuer-identity/w3cIssuerIdentity');
@@ -33,6 +34,7 @@ const openAttestationVerifiers = [
 ];
 const w3cVerifiers = [
   w3cSignatureIntegrity.w3cSignatureIntegrity,
+  ecdsaW3CSignatureIntegrity.ecdsaW3CSignatureIntegrity,
   w3cCredentialStatus.w3cCredentialStatus,
   transferableRecordVerifier.credentialStatusTransferableRecordVerifier,
   fragments.w3cEmptyCredentialStatus,

package/dist/cjs/w3c/derive.js

@@ -0,0 +1,11 @@
+'use strict';
+
+var w3cVc = require('@trustvc/w3c-vc');
+
+var __defProp = Object.defineProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+const deriveW3C = /* @__PURE__ */ __name(async (credential, revealedAttributes) => {
+  return w3cVc.deriveCredential(credential, revealedAttributes);
+}, "deriveW3C");
+
+exports.deriveW3C = deriveW3C;

package/dist/cjs/w3c/index.js

@@ -7,6 +7,7 @@ var sign = require('./sign');
 var types = require('./types');
 var vc = require('./vc');
 var verify = require('./verify');
+var derive = require('./derive');
 
 function _interopNamespace(e) {
   if (e && e.__esModule) return e;
@@ -55,3 +56,9 @@ Object.keys(verify).forEach(function (k) {
     get: function () { return verify[k]; }
   });
 });
+Object.keys(derive).forEach(function (k) {
+  if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
+    enumerable: true,
+    get: function () { return derive[k]; }
+  });
+});

package/dist/cjs/w3c/sign.js

@@ -4,8 +4,8 @@ var w3cVc = require('@trustvc/w3c-vc');
 
 var __defProp = Object.defineProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
-const signW3C = /* @__PURE__ */ __name(async (credential, keyPair, cryptoSuite = "BbsBlsSignature2020") => {
-  return w3cVc.signCredential(credential, keyPair, cryptoSuite);
+const signW3C = /* @__PURE__ */ __name(async (credential, keyPair, cryptoSuite = "ecdsa-sd-2023", options) => {
+  return w3cVc.signCredential(credential, keyPair, cryptoSuite, options);
 }, "signW3C");
 
 exports.signW3C = signW3C;

package/dist/esm/core/documentBuilder.js

@@ -6,7 +6,7 @@ import { constants } from '@tradetrust-tt/token-registry-v4';
 import { constants as constants$1 } from '@tradetrust-tt/token-registry-v5';
 import { v4Contracts } from '../token-registry-v4';
 import { v5Contracts } from '../token-registry-v5';
-import { SUPPORTED_CHAINS } from '@tradetrust-tt/tradetrust-utils';
+import { SUPPORTED_CHAINS } from '../utils';
 
 var __defProp = Object.defineProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });

package/dist/esm/open-attestation/utils.js

@@ -11,11 +11,10 @@ const {
   isSignedWrappedV3Document,
   isRawV2Document,
   isRawV3Document,
-  isObfuscated,
   getDocumentData,
   getIssuerAddress,
   diagnose,
   getTemplateURL
 } = utils;
 
-export { diagnose, getAssetId, getDocumentData, getIssuerAddress, getTemplateURL, isDocumentRevokable, isObfuscated, isRawV2Document, isRawV3Document, isSignedWrappedV2Document, isSignedWrappedV3Document, isTransferableAsset, isWrappedV2Document, isWrappedV3Document };
+export { diagnose, getAssetId, getDocumentData, getIssuerAddress, getTemplateURL, isDocumentRevokable, isRawV2Document, isRawV3Document, isSignedWrappedV2Document, isSignedWrappedV3Document, isTransferableAsset, isWrappedV2Document, isWrappedV3Document };

package/dist/esm/token-registry-functions/returnToken.js

@@ -185,7 +185,7 @@ const acceptReturned = /* @__PURE__ */ __name(async (contractOptions, signer, pa
   const encryptedRemarks = remarks && isV5TT ? `0x${encrypt(remarks, options.id)}` : "0x";
   try {
     const isV6 = isV6EthersProvider(signer.provider);
-    const args = isV5TT ? [encryptedRemarks] : [];
+    const args = isV5TT ? [tokenId, encryptedRemarks] : [tokenId];
     if (isV6) {
       await tradeTrustTokenContract.burn.staticCall(...args);
     } else {

package/dist/esm/utils/documents/index.js

@@ -71,5 +71,30 @@ const getChainId = /* @__PURE__ */ __name((document) => {
     return void 0;
   }
 }, "getChainId");
+const isObfuscated = /* @__PURE__ */ __name((document) => {
+  if (isWrappedV3Document(document)) {
+    return !!document.proof.privacy?.obfuscated?.length;
+  }
+  if (isWrappedV2Document(document)) {
+    return !!document.privacy?.obfuscatedData?.length;
+  }
+  if (isSignedDocument(document)) {
+    return document.proof?.type === "BbsBlsSignatureProof2020";
+  }
+  throw new Error(
+    "Unsupported document type: Can only check if there are obfuscated data from wrapped OpenAttestation v2, v3 documents and signed verifiable credentials."
+  );
+}, "isObfuscated");
+const getObfuscatedData = /* @__PURE__ */ __name((document) => {
+  if (isWrappedV3Document(document)) {
+    return document.proof.privacy?.obfuscated;
+  }
+  if (isWrappedV2Document(document)) {
+    return document.privacy?.obfuscatedData || [];
+  }
+  throw new Error(
+    "Unsupported document type: Can only retrieve obfuscated data from wrapped OpenAttestation v2 & v3 documents."
+  );
+}, "getObfuscatedData");
 
-export { getChainId, getTokenId, getTokenRegistryAddress, getTransferableRecordsCredentialStatus, isTransferableRecord };
+export { getChainId, getObfuscatedData, getTokenId, getTokenRegistryAddress, getTransferableRecordsCredentialStatus, isObfuscated, isTransferableRecord };

package/dist/esm/utils/errorMessages/index.js

@@ -1 +1,6 @@
-export { CONSTANTS as errorMessages } from '@tradetrust-tt/tradetrust-utils';
+import { CONSTANTS } from '@tradetrust-tt/tradetrust-utils';
+export * from './types';
+
+const errorMessages = CONSTANTS;
+
+export { errorMessages };

package/dist/esm/utils/errorMessages/types.js

@@ -0,0 +1 @@
+

package/dist/esm/verify/fragments/document-integrity/ecdsaW3CSignatureIntegrity.js

@@ -0,0 +1,85 @@
+import { verifyW3CSignature } from '../../..';
+import { deriveCredential } from '@trustvc/w3c-vc';
+
+var __defProp = Object.defineProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+const PROOF_TYPE = "DataIntegrityProof";
+const CRYPTOSUITE = "ecdsa-sd-2023";
+const DERIVE_CREDENTIAL_ERROR = "Use deriveCredential() first";
+function isSignedVerifiableCredential(document) {
+  return typeof document === "object" && document !== null && "proof" in document;
+}
+__name(isSignedVerifiableCredential, "isSignedVerifiableCredential");
+const ecdsaW3CSignatureIntegrity = {
+  skip: /* @__PURE__ */ __name(async () => {
+    return {
+      type: "DOCUMENT_INTEGRITY",
+      name: "EcdsaW3CSignatureIntegrity",
+      reason: {
+        code: 0,
+        codeString: "SKIPPED",
+        message: `Document either has no proof or proof type is not '${PROOF_TYPE}' or proof cryptosuite is not '${CRYPTOSUITE}'.`
+      },
+      status: "SKIPPED"
+    };
+  }, "skip"),
+  test: /* @__PURE__ */ __name((document) => {
+    const doc = document;
+    return doc.proof?.type === "DataIntegrityProof" && doc.proof?.cryptosuite === "ecdsa-sd-2023";
+  }, "test"),
+  verify: /* @__PURE__ */ __name(async (document, verifierOptions) => {
+    if (!isSignedVerifiableCredential(document)) {
+      return {
+        type: "DOCUMENT_INTEGRITY",
+        name: "EcdsaW3CSignatureIntegrity",
+        data: false,
+        reason: {
+          message: "Document is not a valid SignedVerifiableCredential"
+        },
+        status: "INVALID"
+      };
+    }
+    try {
+      let verificationResult = await verifyW3CSignature(document, verifierOptions);
+      let isDerived = true;
+      if (!verificationResult.verified && verificationResult.error?.includes(DERIVE_CREDENTIAL_ERROR)) {
+        const derivedCredential = await deriveCredential(document, []);
+        verificationResult = await verifyW3CSignature(derivedCredential.derived, verifierOptions);
+        isDerived = false;
+      }
+      if (verificationResult.verified) {
+        return {
+          type: "DOCUMENT_INTEGRITY",
+          name: "EcdsaW3CSignatureIntegrity",
+          data: true,
+          reason: {
+            message: isDerived ? "Document verified successfully" : "Document verified after derivation"
+          },
+          status: "VALID"
+        };
+      } else {
+        return {
+          type: "DOCUMENT_INTEGRITY",
+          name: "EcdsaW3CSignatureIntegrity",
+          data: false,
+          reason: {
+            message: verificationResult.error || "Verification failed"
+          },
+          status: "INVALID"
+        };
+      }
+    } catch (error) {
+      return {
+        type: "DOCUMENT_INTEGRITY",
+        name: "EcdsaW3CSignatureIntegrity",
+        data: false,
+        reason: {
+          message: error instanceof Error ? error.message : "Unknown verification error"
+        },
+        status: "INVALID"
+      };
+    }
+  }, "verify")
+};
+
+export { ecdsaW3CSignatureIntegrity };

package/dist/esm/verify/fragments/index.js

@@ -1,5 +1,6 @@
 export { openAttestationDidIdentityProof, openAttestationDidSignedDocumentStatus, openAttestationDnsDidIdentityProof, openAttestationDnsTxtIdentityProof, openAttestationEthereumDocumentStoreStatus, openAttestationEthereumTokenRegistryStatus, openAttestationHash } from '@tradetrust-tt/tt-verify';
 export { w3cSignatureIntegrity } from './document-integrity/w3cSignatureIntegrity';
+export { ecdsaW3CSignatureIntegrity } from './document-integrity/ecdsaW3CSignatureIntegrity';
 export { TRANSFERABLE_RECORDS_TYPE, credentialStatusTransferableRecordVerifier } from './document-status/transferableRecords/transferableRecordVerifier';
 export { w3cCredentialStatus } from './document-status/w3cCredentialStatus';
 export { w3cIssuerIdentity } from './issuer-identity/w3cIssuerIdentity';

package/dist/esm/verify/verify.js

@@ -1,6 +1,7 @@
 import { openAttestationVerifiers as openAttestationVerifiers$1, openAttestationDidIdentityProof, openAttestationDnsTxtIdentityProof, openAttestationDnsDidIdentityProof, openAttestationEthereumTokenRegistryStatus, openAttestationEthereumDocumentStoreStatus, openAttestationDidSignedDocumentStatus, openAttestationHash } from '@tradetrust-tt/tt-verify';
 export { createResolver, getIdentifier, isValid, openAttestationDidIdentityProof, utils, verificationBuilder, verify } from '@tradetrust-tt/tt-verify';
 import { w3cSignatureIntegrity } from './fragments/document-integrity/w3cSignatureIntegrity';
+import { ecdsaW3CSignatureIntegrity } from './fragments/document-integrity/ecdsaW3CSignatureIntegrity';
 import { credentialStatusTransferableRecordVerifier } from './fragments/document-status/transferableRecords/transferableRecordVerifier';
 import { w3cCredentialStatus } from './fragments/document-status/w3cCredentialStatus';
 import { w3cIssuerIdentity } from './fragments/issuer-identity/w3cIssuerIdentity';
@@ -32,6 +33,7 @@ const openAttestationVerifiers = [
 ];
 const w3cVerifiers = [
   w3cSignatureIntegrity,
+  ecdsaW3CSignatureIntegrity,
   w3cCredentialStatus,
   credentialStatusTransferableRecordVerifier,
   w3cEmptyCredentialStatus,

package/dist/esm/w3c/derive.js

@@ -0,0 +1,9 @@
+import { deriveCredential } from '@trustvc/w3c-vc';
+
+var __defProp = Object.defineProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+const deriveW3C = /* @__PURE__ */ __name(async (credential, revealedAttributes) => {
+  return deriveCredential(credential, revealedAttributes);
+}, "deriveW3C");
+
+export { deriveW3C };

package/dist/esm/w3c/index.js

@@ -9,3 +9,4 @@ export * from './types';
 import * as vc from './vc';
 export { vc };
 export * from './verify';
+export * from './derive';

package/dist/esm/w3c/sign.js

@@ -2,8 +2,8 @@ import { signCredential } from '@trustvc/w3c-vc';
 
 var __defProp = Object.defineProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
-const signW3C = /* @__PURE__ */ __name(async (credential, keyPair, cryptoSuite = "BbsBlsSignature2020") => {
-  return signCredential(credential, keyPair, cryptoSuite);
+const signW3C = /* @__PURE__ */ __name(async (credential, keyPair, cryptoSuite = "ecdsa-sd-2023", options) => {
+  return signCredential(credential, keyPair, cryptoSuite, options);
 }, "signW3C");
 
 export { signW3C };

package/dist/types/core/documentBuilder.d.ts

@@ -1,5 +1,5 @@
 import { PrivateKeyPair } from '@trustvc/w3c-issuer';
-import { VerifiableCredential, SignedVerifiableCredential } from '@trustvc/w3c-vc';
+import { VerifiableCredential, CryptoSuiteName, SignedVerifiableCredential } from '@trustvc/w3c-vc';
 
 /**
  * Configuration for a W3C Verifiable Document using a Bitstring Status List.
@@ -69,7 +69,7 @@ declare class DocumentBuilder {
     expirationDate(date: string | Date): this;
     renderMethod(method: RenderMethod): this;
     qrCode(method: qrCode): this;
-    sign(privateKey: PrivateKeyPair, cryptoSuite?: string): Promise<SignedVerifiableCredential>;
+    sign(privateKey: PrivateKeyPair, cryptoSuite?: CryptoSuiteName): Promise<SignedVerifiableCredential>;
     verify(): Promise<boolean>;
     toString(): string;
     private isTransferableRecordsConfig;

package/dist/types/{index-CRVFHzes.d.ts → index-LpXMEhhr.d.ts}

@@ -1,5 +1,6 @@
 import { openAttestationDidIdentityProof, openAttestationDidSignedDocumentStatus, openAttestationDnsDidIdentityProof, openAttestationDnsTxtIdentityProof, openAttestationEthereumDocumentStoreStatus, openAttestationEthereumTokenRegistryStatus, openAttestationHash } from '@tradetrust-tt/tt-verify';
 import { w3cSignatureIntegrity } from './verify/fragments/document-integrity/w3cSignatureIntegrity.js';
+import { ecdsaW3CSignatureIntegrity } from './verify/fragments/document-integrity/ecdsaW3CSignatureIntegrity.js';
 import { TRANSFERABLE_RECORDS_TYPE, credentialStatusTransferableRecordVerifier } from './verify/fragments/document-status/transferableRecords/transferableRecordVerifier.js';
 import { w3cCredentialStatus } from './verify/fragments/document-status/w3cCredentialStatus.js';
 import { w3cIssuerIdentity } from './verify/fragments/issuer-identity/w3cIssuerIdentity.js';
@@ -7,6 +8,7 @@ import { w3cEmptyCredentialStatus } from './verify/fragments/document-status/w3c
 
 declare const index_TRANSFERABLE_RECORDS_TYPE: typeof TRANSFERABLE_RECORDS_TYPE;
 declare const index_credentialStatusTransferableRecordVerifier: typeof credentialStatusTransferableRecordVerifier;
+declare const index_ecdsaW3CSignatureIntegrity: typeof ecdsaW3CSignatureIntegrity;
 declare const index_openAttestationDidIdentityProof: typeof openAttestationDidIdentityProof;
 declare const index_openAttestationDidSignedDocumentStatus: typeof openAttestationDidSignedDocumentStatus;
 declare const index_openAttestationDnsDidIdentityProof: typeof openAttestationDnsDidIdentityProof;
@@ -19,7 +21,7 @@ declare const index_w3cEmptyCredentialStatus: typeof w3cEmptyCredentialStatus;
 declare const index_w3cIssuerIdentity: typeof w3cIssuerIdentity;
 declare const index_w3cSignatureIntegrity: typeof w3cSignatureIntegrity;
 declare namespace index {
-  export { index_TRANSFERABLE_RECORDS_TYPE as TRANSFERABLE_RECORDS_TYPE, index_credentialStatusTransferableRecordVerifier as credentialStatusTransferableRecordVerifier, index_openAttestationDidIdentityProof as openAttestationDidIdentityProof, index_openAttestationDidSignedDocumentStatus as openAttestationDidSignedDocumentStatus, index_openAttestationDnsDidIdentityProof as openAttestationDnsDidIdentityProof, index_openAttestationDnsTxtIdentityProof as openAttestationDnsTxtIdentityProof, index_openAttestationEthereumDocumentStoreStatus as openAttestationEthereumDocumentStoreStatus, index_openAttestationEthereumTokenRegistryStatus as openAttestationEthereumTokenRegistryStatus, index_openAttestationHash as openAttestationHash, index_w3cCredentialStatus as w3cCredentialStatus, index_w3cEmptyCredentialStatus as w3cEmptyCredentialStatus, index_w3cIssuerIdentity as w3cIssuerIdentity, index_w3cSignatureIntegrity as w3cSignatureIntegrity };
+  export { index_TRANSFERABLE_RECORDS_TYPE as TRANSFERABLE_RECORDS_TYPE, index_credentialStatusTransferableRecordVerifier as credentialStatusTransferableRecordVerifier, index_ecdsaW3CSignatureIntegrity as ecdsaW3CSignatureIntegrity, index_openAttestationDidIdentityProof as openAttestationDidIdentityProof, index_openAttestationDidSignedDocumentStatus as openAttestationDidSignedDocumentStatus, index_openAttestationDnsDidIdentityProof as openAttestationDnsDidIdentityProof, index_openAttestationDnsTxtIdentityProof as openAttestationDnsTxtIdentityProof, index_openAttestationEthereumDocumentStoreStatus as openAttestationEthereumDocumentStoreStatus, index_openAttestationEthereumTokenRegistryStatus as openAttestationEthereumTokenRegistryStatus, index_openAttestationHash as openAttestationHash, index_w3cCredentialStatus as w3cCredentialStatus, index_w3cEmptyCredentialStatus as w3cEmptyCredentialStatus, index_w3cIssuerIdentity as w3cIssuerIdentity, index_w3cSignatureIntegrity as w3cSignatureIntegrity };
 }
 
 export { index as i };

package/dist/types/index.d.ts

@@ -27,11 +27,11 @@ export { TitleEscrowInterface, checkSupportsInterface, fetchEndorsementChain, ge
 export { DocumentBuilder, RenderMethod, W3CTransferableRecordsConfig, W3CVerifiableDocumentConfig, qrCode } from './core/documentBuilder.js';
 export { signOA } from './open-attestation/sign.js';
 export { KeyPair } from './open-attestation/types.js';
-export { diagnose, getAssetId, getDocumentData, getIssuerAddress, getTemplateURL, isDocumentRevokable, isObfuscated, isRawV2Document, isRawV3Document, isSignedWrappedV2Document, isSignedWrappedV3Document, isTransferableAsset, isWrappedV2Document, isWrappedV3Document } from './open-attestation/utils.js';
+export { diagnose, getAssetId, getDocumentData, getIssuerAddress, getTemplateURL, isDocumentRevokable, isRawV2Document, isRawV3Document, isSignedWrappedV2Document, isSignedWrappedV3Document, isTransferableAsset, isWrappedV2Document, isWrappedV3Document } from './open-attestation/utils.js';
 export { verifyOASignature } from './open-attestation/verify.js';
 export { wrapOADocument, wrapOADocumentV2, wrapOADocuments, wrapOADocumentsV2 } from './open-attestation/wrap.js';
 export { openAttestationVerifiers, verifiers, w3cVerifiers } from './verify/verify.js';
-export { i as fragments } from './index-CRVFHzes.js';
+export { i as fragments } from './index-LpXMEhhr.js';
 export { i as context } from './index-DwAYXQn2.js';
 export { i as credentialStatus } from './index-CjwEVGoM.js';
 export { i as issuer } from './index-ClF4_Nqk.js';
@@ -40,18 +40,21 @@ export { RawVerifiableCredential, SignedVerifiableCredential, SigningResult, Ver
 export { PrivateKeyPair } from '@trustvc/w3c-issuer';
 export { i as vc } from './index-1ws_BWZW.js';
 export { verifyW3CSignature } from './w3c/verify.js';
+export { deriveW3C } from './w3c/derive.js';
 export { errorMessageHandling, w3cCredentialStatusRevoked, w3cCredentialStatusSuspended } from './utils/fragment/index.js';
 export * from '@tradetrust-tt/tradetrust-utils/constants/network';
 export { generate12ByteNonce, generate32ByteKey, stringToUint8Array } from './utils/stringUtils/index.js';
 export * from '@tradetrust-tt/tradetrust-utils/constants/supportedChains';
-export { GasStationFeeData, GasStationFunction, calculateMaxFee, CONSTANTS as errorMessages, gasStation, interpretFragments, scaleBigNumber } from '@tradetrust-tt/tradetrust-utils';
-export { WrappedOrSignedOpenAttestationDocument, getChainId, getTokenId, getTokenRegistryAddress, getTransferableRecordsCredentialStatus, isTransferableRecord } from './utils/documents/index.js';
+export { errorMessages } from './utils/errorMessages/index.js';
+export { WrappedOrSignedOpenAttestationDocument, getChainId, getObfuscatedData, getTokenId, getTokenRegistryAddress, getTransferableRecordsCredentialStatus, isObfuscated, isTransferableRecord } from './utils/documents/index.js';
+export { GasStationFeeData, GasStationFunction, calculateMaxFee, gasStation, interpretFragments, scaleBigNumber } from '@tradetrust-tt/tradetrust-utils';
 export { AwsKmsSigner, AwsKmsSignerCredentials } from '@tradetrust-tt/ethers-aws-kms-signer';
 export { CustomDnsResolver, IDNSQueryResponse, IDNSRecord, OpenAttestationDNSTextRecord, OpenAttestationDnsDidRecord, defaultDnsResolvers, getDnsDidRecords, getDocumentStoreRecords, parseDnsDidResults, parseDocumentStoreResults, parseOpenAttestationRecord, queryDns } from '@tradetrust-tt/dnsprove';
 export { OpenAttestationDocument, SUPPORTED_SIGNING_ALGORITHM, SchemaId, SignedWrappedDocument, WrappedDocument, getData as getDataV2, isSchemaValidationError, obfuscateDocument, v2, v3, validateSchema, __unsafe__use__it__at__your__own__risks__wrapDocument as wrapOADocumentV3, __unsafe__use__it__at__your__own__risks__wrapDocuments as wrapOADocumentsV3 } from '@tradetrust-tt/tradetrust';
 export { DiagnoseError } from '@tradetrust-tt/tradetrust/dist/types/shared/utils';
 export { createResolver, getIdentifier, isValid, openAttestationDidIdentityProof, utils, verificationBuilder, verify } from '@tradetrust-tt/tt-verify';
 export { DocumentsToVerify, ErrorVerificationFragment, InvalidVerificationFragment, ProviderDetails, providerType as ProviderType, SkippedVerificationFragment, ValidVerificationFragment, VerificationBuilderOptions, VerificationFragment, VerificationFragmentStatus, VerificationFragmentType, VerificationFragmentWithData, Verifier, VerifierOptions } from '@tradetrust-tt/tt-verify/dist/types/src/types/core';
+export { ErrorMessage, ErrorMessageTypes, ErrorMessages, MessagesDictionary } from './utils/errorMessages/types.js';
 import '@tradetrust-tt/token-registry-v4/contracts';
 import 'ethers';
 import '@typechain/ethers-v5/static/common';
@@ -69,6 +72,7 @@ import '@tradetrust-tt/tradetrust/dist/types/__generated__/schema.2.0';
 import '@tradetrust-tt/tradetrust/dist/types/shared/utils/@types/diagnose';
 import './verify/fragments/document-status/transferableRecords/transferableRecordVerifier.types.js';
 import './verify/fragments/document-integrity/w3cSignatureIntegrity.js';
+import './verify/fragments/document-integrity/ecdsaW3CSignatureIntegrity.js';
 import './verify/fragments/document-status/transferableRecords/transferableRecordVerifier.js';
 import './verify/fragments/document-status/w3cCredentialStatus.js';
 import './verify/fragments/issuer-identity/w3cIssuerIdentity.js';

package/dist/types/open-attestation/index.d.ts

@@ -1,6 +1,6 @@
 export { signOA } from './sign.js';
 export { KeyPair } from './types.js';
-export { diagnose, getAssetId, getDocumentData, getIssuerAddress, getTemplateURL, isDocumentRevokable, isObfuscated, isRawV2Document, isRawV3Document, isSignedWrappedV2Document, isSignedWrappedV3Document, isTransferableAsset, isWrappedV2Document, isWrappedV3Document } from './utils.js';
+export { diagnose, getAssetId, getDocumentData, getIssuerAddress, getTemplateURL, isDocumentRevokable, isRawV2Document, isRawV3Document, isSignedWrappedV2Document, isSignedWrappedV3Document, isTransferableAsset, isWrappedV2Document, isWrappedV3Document } from './utils.js';
 export { verifyOASignature } from './verify.js';
 export { wrapOADocument, wrapOADocumentV2, wrapOADocuments, wrapOADocumentsV2 } from './wrap.js';
 export { OpenAttestationDocument, SUPPORTED_SIGNING_ALGORITHM, SchemaId, SignedWrappedDocument, WrappedDocument, getData as getDataV2, isSchemaValidationError, obfuscateDocument, v2, v3, validateSchema, __unsafe__use__it__at__your__own__risks__wrapDocument as wrapOADocumentV3, __unsafe__use__it__at__your__own__risks__wrapDocuments as wrapOADocumentsV3 } from '@tradetrust-tt/tradetrust';

package/dist/types/open-attestation/utils.d.ts

@@ -28,7 +28,6 @@ declare const isRawV2Document: (document: any, { mode }?: {
 declare const isRawV3Document: (document: any, { mode }?: {
     mode: _tradetrust_tt_tradetrust_dist_types_shared_utils__types_diagnose.Mode;
 }) => document is _tradetrust_tt_tradetrust_dist_types___generated___schema_3_0.OpenAttestationDocument;
-declare const isObfuscated: (document: _tradetrust_tt_tradetrust_dist_types_3_0_types.WrappedDocument<_tradetrust_tt_tradetrust_dist_types___generated___schema_3_0.OpenAttestationDocument> | _tradetrust_tt_tradetrust_dist_types_2_0_types.WrappedDocument<_tradetrust_tt_tradetrust_dist_types___generated___schema_2_0.OpenAttestationDocument>) => boolean;
 declare const getDocumentData: (document: _tradetrust_tt_tradetrust.WrappedDocument<_tradetrust_tt_tradetrust.OpenAttestationDocument>) => _tradetrust_tt_tradetrust.OpenAttestationDocument;
 declare const getIssuerAddress: typeof utils.getIssuerAddress;
 declare const diagnose: ({ version, kind, document, debug, mode, }: {
@@ -40,4 +39,4 @@ declare const diagnose: ({ version, kind, document, debug, mode, }: {
 }) => utils.DiagnoseError[];
 declare const getTemplateURL: (document: any) => string | undefined;
 
-export { diagnose, getAssetId, getDocumentData, getIssuerAddress, getTemplateURL, isDocumentRevokable, isObfuscated, isRawV2Document, isRawV3Document, isSignedWrappedV2Document, isSignedWrappedV3Document, isTransferableAsset, isWrappedV2Document, isWrappedV3Document };
+export { diagnose, getAssetId, getDocumentData, getIssuerAddress, getTemplateURL, isDocumentRevokable, isRawV2Document, isRawV3Document, isSignedWrappedV2Document, isSignedWrappedV3Document, isTransferableAsset, isWrappedV2Document, isWrappedV3Document };

package/dist/types/utils/documents/index.d.ts

@@ -9,5 +9,7 @@ declare const isTransferableRecord: (document: WrappedOrSignedOpenAttestationDoc
 declare const getTokenRegistryAddress: (document: WrappedOrSignedOpenAttestationDocument | SignedVerifiableCredential) => string | undefined;
 declare const getTokenId: (document: WrappedOrSignedOpenAttestationDocument | SignedVerifiableCredential) => string;
 declare const getChainId: (document: WrappedOrSignedOpenAttestationDocument | SignedVerifiableCredential) => CHAIN_ID | undefined;
+declare const isObfuscated: (document: WrappedDocument<OpenAttestationDocument> | SignedVerifiableCredential) => boolean;
+declare const getObfuscatedData: (document: WrappedDocument<OpenAttestationDocument>) => string[];
 
-export { type WrappedOrSignedOpenAttestationDocument, getChainId, getTokenId, getTokenRegistryAddress, getTransferableRecordsCredentialStatus, isTransferableRecord };
+export { type WrappedOrSignedOpenAttestationDocument, getChainId, getObfuscatedData, getTokenId, getTokenRegistryAddress, getTransferableRecordsCredentialStatus, isObfuscated, isTransferableRecord };

package/dist/types/utils/errorMessages/index.d.ts

@@ -1 +1,6 @@
-export { CONSTANTS as errorMessages } from '@tradetrust-tt/tradetrust-utils';
+import { ErrorMessages } from './types.js';
+export { ErrorMessage, ErrorMessageTypes, MessagesDictionary } from './types.js';
+
+declare const errorMessages: ErrorMessages;
+
+export { ErrorMessages, errorMessages };

package/dist/types/utils/errorMessages/types.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Type definitions matching the structure in @tradetrust-tt/tradetrust-utils/VerificationErrorMessages.ts
+ */
+interface ErrorMessage {
+    failureTitle: string;
+    failureMessage: string;
+    successTitle: string;
+}
+interface MessagesDictionary {
+    [key: string]: ErrorMessage;
+}
+interface ErrorMessageTypes {
+    [key: string]: string;
+}
+interface ErrorMessages {
+    MESSAGES: MessagesDictionary;
+    TYPES: ErrorMessageTypes;
+}
+
+export type { ErrorMessage, ErrorMessageTypes, ErrorMessages, MessagesDictionary };

package/dist/types/utils/index.d.ts

@@ -2,9 +2,11 @@ export { errorMessageHandling, w3cCredentialStatusRevoked, w3cCredentialStatusSu
 export * from '@tradetrust-tt/tradetrust-utils/constants/network';
 export { generate12ByteNonce, generate32ByteKey, stringToUint8Array } from './stringUtils/index.js';
 export * from '@tradetrust-tt/tradetrust-utils/constants/supportedChains';
-export { GasStationFeeData, GasStationFunction, calculateMaxFee, CONSTANTS as errorMessages, gasStation, interpretFragments, scaleBigNumber } from '@tradetrust-tt/tradetrust-utils';
-export { WrappedOrSignedOpenAttestationDocument, getChainId, getTokenId, getTokenRegistryAddress, getTransferableRecordsCredentialStatus, isTransferableRecord } from './documents/index.js';
+export { errorMessages } from './errorMessages/index.js';
+export { WrappedOrSignedOpenAttestationDocument, getChainId, getObfuscatedData, getTokenId, getTokenRegistryAddress, getTransferableRecordsCredentialStatus, isObfuscated, isTransferableRecord } from './documents/index.js';
+export { GasStationFeeData, GasStationFunction, calculateMaxFee, gasStation, interpretFragments, scaleBigNumber } from '@tradetrust-tt/tradetrust-utils';
 export { AwsKmsSigner, AwsKmsSignerCredentials } from '@tradetrust-tt/ethers-aws-kms-signer';
+export { ErrorMessage, ErrorMessageTypes, ErrorMessages, MessagesDictionary } from './errorMessages/types.js';
 import '@tradetrust-tt/tt-verify';
 import '@tradetrust-tt/tradetrust';
 import '@trustvc/w3c-credential-status';

package/dist/types/verify/fragments/document-integrity/ecdsaW3CSignatureIntegrity.d.ts

@@ -0,0 +1,5 @@
+import { Verifier, VerificationFragment } from '@tradetrust-tt/tt-verify';
+
+declare const ecdsaW3CSignatureIntegrity: Verifier<VerificationFragment>;
+
+export { ecdsaW3CSignatureIntegrity };

package/dist/types/verify/fragments/index.d.ts

@@ -1,5 +1,6 @@
 export { openAttestationDidIdentityProof, openAttestationDidSignedDocumentStatus, openAttestationDnsDidIdentityProof, openAttestationDnsTxtIdentityProof, openAttestationEthereumDocumentStoreStatus, openAttestationEthereumTokenRegistryStatus, openAttestationHash } from '@tradetrust-tt/tt-verify';
 export { w3cSignatureIntegrity } from './document-integrity/w3cSignatureIntegrity.js';
+export { ecdsaW3CSignatureIntegrity } from './document-integrity/ecdsaW3CSignatureIntegrity.js';
 export { TRANSFERABLE_RECORDS_TYPE, credentialStatusTransferableRecordVerifier } from './document-status/transferableRecords/transferableRecordVerifier.js';
 export { w3cCredentialStatus } from './document-status/w3cCredentialStatus.js';
 export { w3cIssuerIdentity } from './issuer-identity/w3cIssuerIdentity.js';

package/dist/types/verify/index.d.ts

@@ -1,9 +1,10 @@
 export { openAttestationVerifiers, verifiers, w3cVerifiers } from './verify.js';
-export { i as fragments } from '../index-CRVFHzes.js';
+export { i as fragments } from '../index-LpXMEhhr.js';
 export { createResolver, getIdentifier, isValid, openAttestationDidIdentityProof, utils, verificationBuilder, verify } from '@tradetrust-tt/tt-verify';
 export { DocumentsToVerify, ErrorVerificationFragment, InvalidVerificationFragment, ProviderDetails, providerType as ProviderType, SkippedVerificationFragment, ValidVerificationFragment, VerificationBuilderOptions, VerificationFragment, VerificationFragmentStatus, VerificationFragmentType, VerificationFragmentWithData, Verifier, VerifierOptions } from '@tradetrust-tt/tt-verify/dist/types/src/types/core';
 import './fragments/document-status/transferableRecords/transferableRecordVerifier.types.js';
 import './fragments/document-integrity/w3cSignatureIntegrity.js';
+import './fragments/document-integrity/ecdsaW3CSignatureIntegrity.js';
 import './fragments/document-status/transferableRecords/transferableRecordVerifier.js';
 import './fragments/document-status/w3cCredentialStatus.js';
 import './fragments/issuer-identity/w3cIssuerIdentity.js';

package/dist/types/w3c/derive.d.ts

@@ -0,0 +1,11 @@
+import { SignedVerifiableCredential, ContextDocument, DerivedResult } from '@trustvc/w3c-vc';
+
+/**
+ * Derives a credential with selective disclosure based on revealed attributes.
+ * @param {object} credential - The verifiable credential to be selectively disclosed.
+ * @param {object|string[]} revealedAttributes - For BBS+: The attributes from the credential that should be revealed. For ECDSA-SD-2023: Array of selective pointers.
+ * @returns {Promise<DerivedResult>} A DerivedResult containing the derived proof or an error message.
+ */
+declare const deriveW3C: (credential: SignedVerifiableCredential, revealedAttributes: ContextDocument | string[]) => Promise<DerivedResult>;
+
+export { deriveW3C };

package/dist/types/w3c/index.d.ts

@@ -6,5 +6,6 @@ export { RawVerifiableCredential, SignedVerifiableCredential, SigningResult, Ver
 export { PrivateKeyPair } from '@trustvc/w3c-issuer';
 export { i as vc } from '../index-1ws_BWZW.js';
 export { verifyW3CSignature } from './verify.js';
+export { deriveW3C } from './derive.js';
 import '@trustvc/w3c-context';
 import '@trustvc/w3c-credential-status';

package/dist/types/w3c/sign.d.ts

@@ -1,13 +1,17 @@
-import { RawVerifiableCredential, SigningResult } from '@trustvc/w3c-vc';
+import { RawVerifiableCredential, CryptoSuiteName, SigningResult } from '@trustvc/w3c-vc';
 import { PrivateKeyPair } from '@trustvc/w3c-issuer';
 
 /**
  * Signs a W3C Verifiable Credential using the provided cryptographic suite and key pair.
  * @param {RawVerifiableCredential} credential - The verifiable credential object that needs to be signed.
  * @param {PrivateKeyPair} keyPair - The private and public key pair used for signing the credential.
- * @param {string} [cryptoSuite='BbsBlsSignature2020'] - The cryptographic suite to be used for signing (default is 'BbsBlsSignature2020').
+ * @param {CryptoSuiteName} [cryptoSuite='ecdsa-sd-2023'] - The cryptographic suite to be used for signing (default is 'ecdsa-sd-2023').
+ * @param {object} [options] - Optional parameters including mandatoryPointers for ECDSA-SD-2023.
+ * @param {string[]} [options.mandatoryPointers] - Optional mandatory pointers for ECDSA-SD-2023.
  * @returns {Promise<SigningResult>} A promise that resolves to the result of the signing operation, which includes the signed credential.
  */
-declare const signW3C: (credential: RawVerifiableCredential, keyPair: PrivateKeyPair, cryptoSuite?: string) => Promise<SigningResult>;
+declare const signW3C: (credential: RawVerifiableCredential, keyPair: PrivateKeyPair, cryptoSuite?: CryptoSuiteName, options?: {
+    mandatoryPointers?: string[];
+}) => Promise<SigningResult>;
 
 export { signW3C };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@trustvc/trustvc",
-  "version": "1.6.0-alpha.4",
+  "version": "1.6.0-alpha.6",
   "description": "TrustVC library",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",
@@ -114,17 +114,18 @@
     }
   },
   "dependencies": {
-    "@tradetrust-tt/dnsprove": "^2.17.0",
+    "@tradetrust-tt/dnsprove": "^2.18.0",
     "@tradetrust-tt/ethers-aws-kms-signer": "^2.1.4",
     "@tradetrust-tt/token-registry-v4": "npm:@tradetrust-tt/token-registry@^4.16.0",
-    "@tradetrust-tt/token-registry-v5": "npm:@tradetrust-tt/token-registry@^5.3.0",
-    "@tradetrust-tt/tradetrust": "^6.10.1",
-    "@tradetrust-tt/tradetrust-utils": "^2.3.2",
-    "@tradetrust-tt/tt-verify": "^9.4.0",
-    "@trustvc/w3c-context": "^1.2.13",
-    "@trustvc/w3c-credential-status": "^1.2.13",
-    "@trustvc/w3c-issuer": "^1.2.4",
-    "@trustvc/w3c-vc": "^1.2.17",
+    "@tradetrust-tt/token-registry-v5": "npm:@tradetrust-tt/token-registry@^5.5.0",
+    "@tradetrust-tt/tradetrust": "^6.10.2",
+    "@tradetrust-tt/tradetrust-utils": "^2.4.2",
+    "@tradetrust-tt/tt-verify": "^9.5.1",
+    "@trustvc/w3c": "^1.3.0-alpha.6",
+    "@trustvc/w3c-context": "^1.3.0-alpha.6",
+    "@trustvc/w3c-credential-status": "^1.3.0-alpha.6",
+    "@trustvc/w3c-issuer": "^1.3.0-alpha.5",
+    "@trustvc/w3c-vc": "^1.3.0-alpha.6",
     "ethers": "^5.8.0",
     "ethersV6": "npm:ethers@^6.14.4",
     "js-sha3": "^0.9.3",