@trustvc/trustvc 1.6.0-alpha.5 → 1.6.0-alpha.6

package/README.md

@@ -16,15 +16,16 @@ TrustVC is a comprehensive wrapper library designed to simplify the signing and
     - [2. **Signing**](#2-signing)
       - [a) OpenAttestation Signing (signOA) v2 v3](#a-openattestation-signing-signoa-v2-v3)
       - [b) TrustVC W3C Signing (signW3C)](#b-trustvc-w3c-signing-signw3c)
-    - [3. **Verifying**](#3-verifying)
-    - [4. **Encryption**](#4-encryption)
-    - [5. **Decryption**](#5-decryption)
-    - [6. **TradeTrust Token Registry**](#6-tradetrust-token-registry)
+    - [3. **Deriving (Selective Disclosure)**](#3-deriving-selective-disclosure)
+    - [4. **Verifying**](#4-verifying)
+    - [5. **Encryption**](#5-encryption)
+    - [6. **Decryption**](#6-decryption)
+    - [7. **TradeTrust Token Registry**](#7-tradetrust-token-registry)
       - [Usage](#usage-2)
       - [TradeTrustToken](#tradetrusttoken)
       - [a) Token Registry v4](#a-token-registry-v4)
       - [b) Token Registry V5](#b-token-registry-v5)
-    - [7. **Document Builder**](#7-document-builder)
+    - [8. **Document Builder**](#8-document-builder)
 
 ## Installation
 
@@ -154,15 +155,17 @@ const signedWrappedDocument = await signOA(wrappedDocument, {
 
 #### b) TrustVC W3C Signing (signW3C)
 
+The `signW3C` function signs W3C Verifiable Credentials using the provided cryptographic suite and key pair. By default, it uses the **ecdsa-sd-2023** crypto suite unless otherwise specified.
+
 ```ts
 import { signW3C, VerificationType } from '@trustvc/trustvc';
 
 const rawDocument = {
   '@context': [
-    'https://www.w3.org/2018/credentials/v1',
-    'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v1.jsonld',
-    'https://w3id.org/security/bbs/v1',
+    'https://www.w3.org/ns/credentials/v2',
+    'https://w3id.org/security/data-integrity/v2',
     'https://w3id.org/vc/status-list/2021/v1',
+    'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v2.jsonld',
   ],
   credentialStatus: {
     id: 'https://trustvc.github.io/did/credentials/statuslist/1#1',
@@ -172,29 +175,113 @@ const rawDocument = {
     statusListCredential: 'https://trustvc.github.io/did/credentials/statuslist/1',
   },
   credentialSubject: {
-    name: 'TrustVC',
+    type: ['Person']
+    givenName: 'TrustVC',
     birthDate: '2024-04-01T12:19:52Z',
-    type: ['PermanentResident', 'Person'],
   },
-  expirationDate: '2029-12-03T12:19:52Z',
   issuer: 'did:web:trustvc.github.io:did:1',
   type: ['VerifiableCredential'],
-  issuanceDate: '2024-04-01T12:19:52Z',
+  validFrom: '2024-04-01T12:19:52Z',
+  validUntil: '2029-12-03T12:19:52Z'
 };
 
+// Using default ecdsa-sd-2023 crypto suite
 const signingResult = await signW3C(rawDocument, {
-  id: 'did:web:trustvc.github.io:did:1#keys-1',
+  '@context': 'https://w3id.org/security/multikey/v1',
+  id: 'did:web:trustvc.github.io:did:1#multikey-1',
+  type: VerificationType.Multikey,
   controller: 'did:web:trustvc.github.io:did:1',
-  type: VerificationType.Bls12381G2Key2020,
-  publicKeyBase58:
-    'oRfEeWFresvhRtXCkihZbxyoi2JER7gHTJ5psXhHsdCoU1MttRMi3Yp9b9fpjmKh7bMgfWKLESiK2YovRd8KGzJsGuamoAXfqDDVhckxuc9nmsJ84skCSTijKeU4pfAcxeJ',
-  privateKeyBase58: '<privateKeyBase58>',
+  publicKeyMultibase: 'zDnaemDNwi4G5eTzGfRooFFu5Kns3be6yfyVNtiaMhWkZbwtc',
+  secretKeyMultibase: '<secretKeyMultibase>'
 });
+
+// You can also specify mandatory pointers for selective disclosure with ecdsa-sd-2023
+const signingResultWithPointers = await signW3C(
+  rawDocument,
+  {
+    '@context': 'https://w3id.org/security/multikey/v1',
+    id: 'did:web:trustvc.github.io:did:1#multikey-1',
+    type: VerificationType.Multikey,
+    controller: 'did:web:trustvc.github.io:did:1',
+    publicKeyMultibase: 'zDnaemDNwi4G5eTzGfRooFFu5Kns3be6yfyVNtiaMhWkZbwtc',
+    secretKeyMultibase: '<secretKeyMultibase>'
+  },
+  'ecdsa-sd-2023',
+  {
+    mandatoryPointers: ['/credentialStatus']
+  }
+);
+
+// Alternatively, specify a different crypto suite. Ensure the context is updated to include the crypto suite.
+const signingResultWithBbs = await signW3C(
+  rawDocument,
+  {
+    id: 'did:web:trustvc.github.io:did:1#keys-1',
+    controller: 'did:web:trustvc.github.io:did:1',
+    type: VerificationType.Bls12381G2Key2020,
+    publicKeyBase58: 'oRfEeWFresvhRtXCkihZbxyoi2JER7gHTJ5psXhHsdCoU1MttRMi3Yp9b9fpjmKh7bMgfWKLESiK2YovRd8KGzJsGuamoAXfqDDVhckxuc9nmsJ84skCSTijKeU4pfAcxeJ',
+    privateKeyBase58: '<privateKeyBase58>',
+  },
+  'BbsBlsSignature2020'
+);
+
+```
+
+---
+
+### 3. **Deriving (Selective Disclosure)**
+
+> When using ECDSA-SD-2023 crypto suite, we can derive a new credential with selective disclosure. This means you can choose which parts of the credential to reveal while keeping others hidden.
+
+```ts
+import { deriveW3C } from '@trustvc/trustvc';
+
+// This is a signed document using ecdsa-sd-2023
+const signedDocument = {
+  '@context': [
+    'https://www.w3.org/ns/credentials/v2',
+    'https://w3id.org/security/data-integrity/v2',
+    'https://w3id.org/vc/status-list/2021/v1',
+    'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v2.jsonld'
+  ],
+  credentialStatus: {
+    id: 'https://trustvc.github.io/did/credentials/statuslist/1#1',
+    type: 'StatusList2021Entry',
+    statusPurpose: 'revocation',
+    statusListIndex: '10',
+    statusListCredential: 'https://trustvc.github.io/did/credentials/statuslist/1'
+  },
+  credentialSubject: {
+    type: ['Person'],
+    givenName: 'TrustVC',
+    birthDate: '2024-04-01T12:19:52Z'
+  },
+  issuer: 'did:web:trustvc.github.io:did:1',
+  type: ['VerifiableCredential'],
+  validFrom: '2024-04-01T12:19:52Z',
+  validUntil: '2029-12-03T12:19:52Z',
+  id: 'urn:uuid:0198bd9e-6686-7ccd-9b2a-ce763ae710d7',
+  proof: {
+    type: 'DataIntegrityProof',
+    created: '2025-08-18T14:38:51Z',
+    verificationMethod: 'did:web:trustvc.github.io:did:1#multikey-1',
+    cryptosuite: 'ecdsa-sd-2023',
+    proofPurpose: 'assertionMethod',
+    proofValue: 'u2V0AhVhAxfLFkbv8J_O3zJAQrSWrEY3sgeMwN02b2eaHEgjnJYu1rnCBYORfZUVZwRoRuNIiY1NTGHmQpzlgqtQz7A0R3FgjgCQDzt3_aUvSMrlIZdsyVcB4KPHHjA4BbSv-PZ4Bbm4GpY5YIA1mQ8LYmpjJ7vNvN3DsfIengZrnziTLO9exbZjn1KqFilhA0lp1y6BZ-fhiUdWsojYesLDSzCy6Tq_AICaIvCjYSJMEaY7SomJnCkdpuhM0GQHDTy5kjzb7sSzowACqDDf9OVhAfOC7vg4WQGrI6M3dvLZW3KlBzp1SurRz1PPeHcqOGEDrqybzIlolwNXMhc2T8rcVLl-E04wNsiVjamvqWAQN-lhA4HmVqIxKuR0QvCMEVq3cjUU7G1pQbgMdp9HZDasOT9nh_k5l3JfcXB1_qtRblljXWN0FRKAr9T-DhxzDzGl3-lhA4nNDzd-6xl74rWqr_7U9XZE7LoE-mbgBsyOAOlfHGumMxwddnEZp2iD2uZ7lLXX8Q-nSDXJVvUqKLksy1l2vqVhAm3daNYjH1kVrTW7V-DElcj3K_QfbHEvjd1F2TGVGtBVhF8o01yCxXRX0vzk-AZLZnpDnAUBTSTF5Q8rF-t7L9lhAO7NeIXQtQsdncqtLm2qk1XzFYL2FM5Hx4GZOX39VyT4T0AlFRZQuY9WXYnvMZSvacRvJaSJk5S3cZ6uBminQgVhAExuTEvJQu42-SiaOJ_6M0EjuQfqIgJE-JHirmYs3AAoH_4EKUtPU3y_jRB8XFZxA-wtFDv3KJjqXtNo5aA_6f1hAaokZPSJghFufTaVR8LAwHpXOncGJblKpUZQjKWuA_o2s6tGmx-ja0wgpsqSxvAGMTtkhFTMOI2-tzUuGE05tk1hAzABtV2yEX-RAQFpxkuV0XydAsJDh2dPscrpPHqMfmORsC3xRNL73uDaqqlaL99CvOgq4kJWmChw7TUYO62yaSVhA5-F-snwj-OZtws7_qMwvBgeNK9wvkZTlFLjRV6GDYx6r5TaLkR05GVzyBMv0Qs2z-cXPRZByS7p7_hbeykoYSYJnL2lzc3VlcmovdmFsaWRGcm9t'
+  }
+};
+
+// Derive a new credential with only specific fields disclosed
+const derivationResult = await deriveW3C(signedDocument, {
+  // Only reveal the credential type and givenName, hide birthDate
+  selectivePointers: ['/type', '/credentialSubject/givenName']
+});
+
 ```
 
 ---
 
-### 3. **Verifying**
+### 4. **Verifying**
 
 > TrustVC simplifies the verification process with a single function that supports both W3C Verifiable Credentials (VCs) and OpenAttestation Verifiable Documents (VDs). Whether you're working with W3C standards or OpenAttestation standards, TrustVC handles the verification seamlessly.
 
@@ -239,7 +326,7 @@ const resultFragments = await verifyDocument(signedDocument);
 
 ---
 
-### 4. **Encryption**
+### 5. **Encryption**
 
 > The `encrypt` function encrypts plaintext messages using the **ChaCha20** encryption algorithm, ensuring the security and integrity of the input data. It supports custom keys and nonces, returning the encrypted message in hexadecimal format.
 
@@ -316,7 +403,7 @@ It also relies on the `ts-chacha20` library for encryption operations.
 
 ---
 
-### 5. **Decryption**
+### 6. **Decryption**
 
 > The `decrypt` function decrypts messages encrypted with the **ChaCha20** algorithm. It converts the input from a hexadecimal format back into plaintext using the provided key and nonce.
 
@@ -399,7 +486,7 @@ It also relies on the `ts-chacha20` library for decryption operations.
 
 ---
 
-### 6. **TradeTrust Token Registry**
+### 7. **TradeTrust Token Registry**
 
 > The Electronic Bill of Lading (eBL) is a digital document that can be used to prove the ownership of goods. It is a standardized document that is accepted by all major shipping lines and customs authorities. The [Token Registry](https://github.com/TradeTrust/token-registry) repository contains both the smart contract (v4 and v5) code for token registry (in `/contracts`) as well as the node package for using this library (in `/src`).
 > The TrustVC library not only simplifies signing and verification but also imports and integrates existing TradeTrust libraries and smart contracts for token registry (V4 and V5), making it a versatile tool for decentralized identity and trust solutions.
@@ -589,7 +676,7 @@ function rejectTransferOwners(bytes calldata _remark) external;
 
 For more information on Token Registry and Title Escrow contracts **version v5**, please visit the readme of [TradeTrust Token Registry V5](https://github.com/TradeTrust/token-registry/blob/master/README.md)
 
-### 7. **Document Builder**
+### 8. **Document Builder**
 > The `DocumentBuilder` class helps build and manage W3C Verifiable Credentials (VCs) with credential status features. It supports creating documents with two types of credential statuses: `transferableRecords` and `verifiableDocument`. It can sign the document using a private key, verify its signature, and serialize the document to a JSON format. Additionally, it allows for configuration of document rendering methods and expiration dates.
 
 #### Usage

package/dist/cjs/w3c/derive.js

@@ -0,0 +1,11 @@
+'use strict';
+
+var w3cVc = require('@trustvc/w3c-vc');
+
+var __defProp = Object.defineProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+const deriveW3C = /* @__PURE__ */ __name(async (credential, revealedAttributes) => {
+  return w3cVc.deriveCredential(credential, revealedAttributes);
+}, "deriveW3C");
+
+exports.deriveW3C = deriveW3C;

package/dist/cjs/w3c/index.js

@@ -7,6 +7,7 @@ var sign = require('./sign');
 var types = require('./types');
 var vc = require('./vc');
 var verify = require('./verify');
+var derive = require('./derive');
 
 function _interopNamespace(e) {
   if (e && e.__esModule) return e;
@@ -55,3 +56,9 @@ Object.keys(verify).forEach(function (k) {
     get: function () { return verify[k]; }
   });
 });
+Object.keys(derive).forEach(function (k) {
+  if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
+    enumerable: true,
+    get: function () { return derive[k]; }
+  });
+});

package/dist/cjs/w3c/sign.js

@@ -4,8 +4,8 @@ var w3cVc = require('@trustvc/w3c-vc');
 
 var __defProp = Object.defineProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
-const signW3C = /* @__PURE__ */ __name(async (credential, keyPair, cryptoSuite = "BbsBlsSignature2020") => {
-  return w3cVc.signCredential(credential, keyPair, cryptoSuite);
+const signW3C = /* @__PURE__ */ __name(async (credential, keyPair, cryptoSuite = "ecdsa-sd-2023", options) => {
+  return w3cVc.signCredential(credential, keyPair, cryptoSuite, options);
 }, "signW3C");
 
 exports.signW3C = signW3C;

package/dist/esm/w3c/derive.js

@@ -0,0 +1,9 @@
+import { deriveCredential } from '@trustvc/w3c-vc';
+
+var __defProp = Object.defineProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+const deriveW3C = /* @__PURE__ */ __name(async (credential, revealedAttributes) => {
+  return deriveCredential(credential, revealedAttributes);
+}, "deriveW3C");
+
+export { deriveW3C };

package/dist/esm/w3c/index.js

@@ -9,3 +9,4 @@ export * from './types';
 import * as vc from './vc';
 export { vc };
 export * from './verify';
+export * from './derive';

package/dist/esm/w3c/sign.js

@@ -2,8 +2,8 @@ import { signCredential } from '@trustvc/w3c-vc';
 
 var __defProp = Object.defineProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
-const signW3C = /* @__PURE__ */ __name(async (credential, keyPair, cryptoSuite = "BbsBlsSignature2020") => {
-  return signCredential(credential, keyPair, cryptoSuite);
+const signW3C = /* @__PURE__ */ __name(async (credential, keyPair, cryptoSuite = "ecdsa-sd-2023", options) => {
+  return signCredential(credential, keyPair, cryptoSuite, options);
 }, "signW3C");
 
 export { signW3C };

package/dist/types/index.d.ts

@@ -40,6 +40,7 @@ export { RawVerifiableCredential, SignedVerifiableCredential, SigningResult, Ver
 export { PrivateKeyPair } from '@trustvc/w3c-issuer';
 export { i as vc } from './index-1ws_BWZW.js';
 export { verifyW3CSignature } from './w3c/verify.js';
+export { deriveW3C } from './w3c/derive.js';
 export { errorMessageHandling, w3cCredentialStatusRevoked, w3cCredentialStatusSuspended } from './utils/fragment/index.js';
 export * from '@tradetrust-tt/tradetrust-utils/constants/network';
 export { generate12ByteNonce, generate32ByteKey, stringToUint8Array } from './utils/stringUtils/index.js';

package/dist/types/w3c/derive.d.ts

@@ -0,0 +1,11 @@
+import { SignedVerifiableCredential, ContextDocument, DerivedResult } from '@trustvc/w3c-vc';
+
+/**
+ * Derives a credential with selective disclosure based on revealed attributes.
+ * @param {object} credential - The verifiable credential to be selectively disclosed.
+ * @param {object|string[]} revealedAttributes - For BBS+: The attributes from the credential that should be revealed. For ECDSA-SD-2023: Array of selective pointers.
+ * @returns {Promise<DerivedResult>} A DerivedResult containing the derived proof or an error message.
+ */
+declare const deriveW3C: (credential: SignedVerifiableCredential, revealedAttributes: ContextDocument | string[]) => Promise<DerivedResult>;
+
+export { deriveW3C };

package/dist/types/w3c/index.d.ts

@@ -6,5 +6,6 @@ export { RawVerifiableCredential, SignedVerifiableCredential, SigningResult, Ver
 export { PrivateKeyPair } from '@trustvc/w3c-issuer';
 export { i as vc } from '../index-1ws_BWZW.js';
 export { verifyW3CSignature } from './verify.js';
+export { deriveW3C } from './derive.js';
 import '@trustvc/w3c-context';
 import '@trustvc/w3c-credential-status';

package/dist/types/w3c/sign.d.ts

@@ -5,9 +5,13 @@ import { PrivateKeyPair } from '@trustvc/w3c-issuer';
  * Signs a W3C Verifiable Credential using the provided cryptographic suite and key pair.
  * @param {RawVerifiableCredential} credential - The verifiable credential object that needs to be signed.
  * @param {PrivateKeyPair} keyPair - The private and public key pair used for signing the credential.
- * @param {CryptoSuiteName} [cryptoSuite='BbsBlsSignature2020'] - The cryptographic suite to be used for signing (default is 'BbsBlsSignature2020').
+ * @param {CryptoSuiteName} [cryptoSuite='ecdsa-sd-2023'] - The cryptographic suite to be used for signing (default is 'ecdsa-sd-2023').
+ * @param {object} [options] - Optional parameters including mandatoryPointers for ECDSA-SD-2023.
+ * @param {string[]} [options.mandatoryPointers] - Optional mandatory pointers for ECDSA-SD-2023.
  * @returns {Promise<SigningResult>} A promise that resolves to the result of the signing operation, which includes the signed credential.
  */
-declare const signW3C: (credential: RawVerifiableCredential, keyPair: PrivateKeyPair, cryptoSuite?: CryptoSuiteName) => Promise<SigningResult>;
+declare const signW3C: (credential: RawVerifiableCredential, keyPair: PrivateKeyPair, cryptoSuite?: CryptoSuiteName, options?: {
+    mandatoryPointers?: string[];
+}) => Promise<SigningResult>;
 
 export { signW3C };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@trustvc/trustvc",
-  "version": "1.6.0-alpha.5",
+  "version": "1.6.0-alpha.6",
   "description": "TrustVC library",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",
@@ -121,11 +121,11 @@
     "@tradetrust-tt/tradetrust": "^6.10.2",
     "@tradetrust-tt/tradetrust-utils": "^2.4.2",
     "@tradetrust-tt/tt-verify": "^9.5.1",
-    "@trustvc/w3c": "^1.3.0-alpha.5",
-    "@trustvc/w3c-context": "^1.3.0-alpha.5",
-    "@trustvc/w3c-credential-status": "^1.3.0-alpha.5",
+    "@trustvc/w3c": "^1.3.0-alpha.6",
+    "@trustvc/w3c-context": "^1.3.0-alpha.6",
+    "@trustvc/w3c-credential-status": "^1.3.0-alpha.6",
     "@trustvc/w3c-issuer": "^1.3.0-alpha.5",
-    "@trustvc/w3c-vc": "^1.3.0-alpha.5",
+    "@trustvc/w3c-vc": "^1.3.0-alpha.6",
     "ethers": "^5.8.0",
     "ethersV6": "npm:ethers@^6.14.4",
     "js-sha3": "^0.9.3",