@trustvc/trustvc 1.8.0 → 2.0.0

package/README.md

@@ -16,15 +16,16 @@ TrustVC is a comprehensive wrapper library designed to simplify the signing and
     - [2. **Signing**](#2-signing)
       - [a) OpenAttestation Signing (signOA) v2 v3](#a-openattestation-signing-signoa-v2-v3)
       - [b) TrustVC W3C Signing (signW3C)](#b-trustvc-w3c-signing-signw3c)
-    - [3. **Verifying**](#3-verifying)
-    - [4. **Encryption**](#4-encryption)
-    - [5. **Decryption**](#5-decryption)
-    - [6. **TradeTrust Token Registry**](#6-tradetrust-token-registry)
+    - [3. **Deriving (Selective Disclosure)**](#3-deriving-selective-disclosure)
+    - [4. **Verifying**](#4-verifying)
+    - [5. **Encryption**](#5-encryption)
+    - [6. **Decryption**](#6-decryption)
+    - [7. **TradeTrust Token Registry**](#7-tradetrust-token-registry)
       - [Usage](#usage-2)
       - [TradeTrustToken](#tradetrusttoken)
       - [a) Token Registry v4](#a-token-registry-v4)
       - [b) Token Registry V5](#b-token-registry-v5)
-    - [7. **Document Builder**](#7-document-builder)
+    - [8. **Document Builder**](#8-document-builder)
 
 ## Installation
 
@@ -154,15 +155,17 @@ const signedWrappedDocument = await signOA(wrappedDocument, {
 
 #### b) TrustVC W3C Signing (signW3C)
 
+The `signW3C` function signs W3C Verifiable Credentials using the provided cryptographic suite and key pair. By default, it uses the **ecdsa-sd-2023** crypto suite unless otherwise specified.
+
 ```ts
 import { signW3C, VerificationType } from '@trustvc/trustvc';
 
 const rawDocument = {
   '@context': [
-    'https://www.w3.org/2018/credentials/v1',
-    'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v1.jsonld',
-    'https://w3id.org/security/bbs/v1',
+    'https://www.w3.org/ns/credentials/v2',
+    'https://w3id.org/security/data-integrity/v2',
     'https://w3id.org/vc/status-list/2021/v1',
+    'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v2.jsonld',
   ],
   credentialStatus: {
     id: 'https://trustvc.github.io/did/credentials/statuslist/1#1',
@@ -172,29 +175,113 @@ const rawDocument = {
     statusListCredential: 'https://trustvc.github.io/did/credentials/statuslist/1',
   },
   credentialSubject: {
-    name: 'TrustVC',
+    type: ['Person']
+    givenName: 'TrustVC',
     birthDate: '2024-04-01T12:19:52Z',
-    type: ['PermanentResident', 'Person'],
   },
-  expirationDate: '2029-12-03T12:19:52Z',
   issuer: 'did:web:trustvc.github.io:did:1',
   type: ['VerifiableCredential'],
-  issuanceDate: '2024-04-01T12:19:52Z',
+  validFrom: '2024-04-01T12:19:52Z',
+  validUntil: '2029-12-03T12:19:52Z'
 };
 
+// Using default ecdsa-sd-2023 crypto suite
 const signingResult = await signW3C(rawDocument, {
-  id: 'did:web:trustvc.github.io:did:1#keys-1',
+  '@context': 'https://w3id.org/security/multikey/v1',
+  id: 'did:web:trustvc.github.io:did:1#multikey-1',
+  type: VerificationType.Multikey,
   controller: 'did:web:trustvc.github.io:did:1',
-  type: VerificationType.Bls12381G2Key2020,
-  publicKeyBase58:
-    'oRfEeWFresvhRtXCkihZbxyoi2JER7gHTJ5psXhHsdCoU1MttRMi3Yp9b9fpjmKh7bMgfWKLESiK2YovRd8KGzJsGuamoAXfqDDVhckxuc9nmsJ84skCSTijKeU4pfAcxeJ',
-  privateKeyBase58: '<privateKeyBase58>',
+  publicKeyMultibase: 'zDnaemDNwi4G5eTzGfRooFFu5Kns3be6yfyVNtiaMhWkZbwtc',
+  secretKeyMultibase: '<secretKeyMultibase>'
+});
+
+// You can also specify mandatory pointers for selective disclosure with ecdsa-sd-2023
+const signingResultWithPointers = await signW3C(
+  rawDocument,
+  {
+    '@context': 'https://w3id.org/security/multikey/v1',
+    id: 'did:web:trustvc.github.io:did:1#multikey-1',
+    type: VerificationType.Multikey,
+    controller: 'did:web:trustvc.github.io:did:1',
+    publicKeyMultibase: 'zDnaemDNwi4G5eTzGfRooFFu5Kns3be6yfyVNtiaMhWkZbwtc',
+    secretKeyMultibase: '<secretKeyMultibase>'
+  },
+  'ecdsa-sd-2023',
+  {
+    mandatoryPointers: ['/credentialStatus']
+  }
+);
+
+// Alternatively, specify a different crypto suite. Ensure the context is updated to include the crypto suite.
+const signingResultWithBbs = await signW3C(
+  rawDocument,
+  {
+    id: 'did:web:trustvc.github.io:did:1#keys-1',
+    controller: 'did:web:trustvc.github.io:did:1',
+    type: VerificationType.Bls12381G2Key2020,
+    publicKeyBase58: 'oRfEeWFresvhRtXCkihZbxyoi2JER7gHTJ5psXhHsdCoU1MttRMi3Yp9b9fpjmKh7bMgfWKLESiK2YovRd8KGzJsGuamoAXfqDDVhckxuc9nmsJ84skCSTijKeU4pfAcxeJ',
+    privateKeyBase58: '<privateKeyBase58>',
+  },
+  'BbsBlsSignature2020'
+);
+
+```
+
+---
+
+### 3. **Deriving (Selective Disclosure)**
+
+> When using ECDSA-SD-2023 crypto suite, we can derive a new credential with selective disclosure. This means you can choose which parts of the credential to reveal while keeping others hidden.
+
+```ts
+import { deriveW3C } from '@trustvc/trustvc';
+
+// This is a signed document using ecdsa-sd-2023
+const signedDocument = {
+  '@context': [
+    'https://www.w3.org/ns/credentials/v2',
+    'https://w3id.org/security/data-integrity/v2',
+    'https://w3id.org/vc/status-list/2021/v1',
+    'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v2.jsonld'
+  ],
+  credentialStatus: {
+    id: 'https://trustvc.github.io/did/credentials/statuslist/1#1',
+    type: 'StatusList2021Entry',
+    statusPurpose: 'revocation',
+    statusListIndex: '10',
+    statusListCredential: 'https://trustvc.github.io/did/credentials/statuslist/1'
+  },
+  credentialSubject: {
+    type: ['Person'],
+    givenName: 'TrustVC',
+    birthDate: '2024-04-01T12:19:52Z'
+  },
+  issuer: 'did:web:trustvc.github.io:did:1',
+  type: ['VerifiableCredential'],
+  validFrom: '2024-04-01T12:19:52Z',
+  validUntil: '2029-12-03T12:19:52Z',
+  id: 'urn:uuid:0198bd9e-6686-7ccd-9b2a-ce763ae710d7',
+  proof: {
+    type: 'DataIntegrityProof',
+    created: '2025-08-18T14:38:51Z',
+    verificationMethod: 'did:web:trustvc.github.io:did:1#multikey-1',
+    cryptosuite: 'ecdsa-sd-2023',
+    proofPurpose: 'assertionMethod',
+    proofValue: 'u2V0AhVhAxfLFkbv8J_O3zJAQrSWrEY3sgeMwN02b2eaHEgjnJYu1rnCBYORfZUVZwRoRuNIiY1NTGHmQpzlgqtQz7A0R3FgjgCQDzt3_aUvSMrlIZdsyVcB4KPHHjA4BbSv-PZ4Bbm4GpY5YIA1mQ8LYmpjJ7vNvN3DsfIengZrnziTLO9exbZjn1KqFilhA0lp1y6BZ-fhiUdWsojYesLDSzCy6Tq_AICaIvCjYSJMEaY7SomJnCkdpuhM0GQHDTy5kjzb7sSzowACqDDf9OVhAfOC7vg4WQGrI6M3dvLZW3KlBzp1SurRz1PPeHcqOGEDrqybzIlolwNXMhc2T8rcVLl-E04wNsiVjamvqWAQN-lhA4HmVqIxKuR0QvCMEVq3cjUU7G1pQbgMdp9HZDasOT9nh_k5l3JfcXB1_qtRblljXWN0FRKAr9T-DhxzDzGl3-lhA4nNDzd-6xl74rWqr_7U9XZE7LoE-mbgBsyOAOlfHGumMxwddnEZp2iD2uZ7lLXX8Q-nSDXJVvUqKLksy1l2vqVhAm3daNYjH1kVrTW7V-DElcj3K_QfbHEvjd1F2TGVGtBVhF8o01yCxXRX0vzk-AZLZnpDnAUBTSTF5Q8rF-t7L9lhAO7NeIXQtQsdncqtLm2qk1XzFYL2FM5Hx4GZOX39VyT4T0AlFRZQuY9WXYnvMZSvacRvJaSJk5S3cZ6uBminQgVhAExuTEvJQu42-SiaOJ_6M0EjuQfqIgJE-JHirmYs3AAoH_4EKUtPU3y_jRB8XFZxA-wtFDv3KJjqXtNo5aA_6f1hAaokZPSJghFufTaVR8LAwHpXOncGJblKpUZQjKWuA_o2s6tGmx-ja0wgpsqSxvAGMTtkhFTMOI2-tzUuGE05tk1hAzABtV2yEX-RAQFpxkuV0XydAsJDh2dPscrpPHqMfmORsC3xRNL73uDaqqlaL99CvOgq4kJWmChw7TUYO62yaSVhA5-F-snwj-OZtws7_qMwvBgeNK9wvkZTlFLjRV6GDYx6r5TaLkR05GVzyBMv0Qs2z-cXPRZByS7p7_hbeykoYSYJnL2lzc3VlcmovdmFsaWRGcm9t'
+  }
+};
+
+// Derive a new credential with only specific fields disclosed
+const derivationResult = await deriveW3C(signedDocument, {
+  // Only reveal the credential type and givenName, hide birthDate
+  selectivePointers: ['/type', '/credentialSubject/givenName']
 });
+
 ```
 
 ---
 
-### 3. **Verifying**
+### 4. **Verifying**
 
 > TrustVC simplifies the verification process with a single function that supports both W3C Verifiable Credentials (VCs) and OpenAttestation Verifiable Documents (VDs). Whether you're working with W3C standards or OpenAttestation standards, TrustVC handles the verification seamlessly.
 
@@ -239,7 +326,7 @@ const resultFragments = await verifyDocument(signedDocument);
 
 ---
 
-### 4. **Encryption**
+### 5. **Encryption**
 
 > The `encrypt` function encrypts plaintext messages using the **ChaCha20** encryption algorithm, ensuring the security and integrity of the input data. It supports custom keys and nonces, returning the encrypted message in hexadecimal format.
 
@@ -316,7 +403,7 @@ It also relies on the `ts-chacha20` library for encryption operations.
 
 ---
 
-### 5. **Decryption**
+### 6. **Decryption**
 
 > The `decrypt` function decrypts messages encrypted with the **ChaCha20** algorithm. It converts the input from a hexadecimal format back into plaintext using the provided key and nonce.
 
@@ -399,7 +486,7 @@ It also relies on the `ts-chacha20` library for decryption operations.
 
 ---
 
-### 6. **TradeTrust Token Registry**
+### 7. **TradeTrust Token Registry**
 
 > The Electronic Bill of Lading (eBL) is a digital document that can be used to prove the ownership of goods. It is a standardized document that is accepted by all major shipping lines and customs authorities. The [Token Registry](https://github.com/TradeTrust/token-registry) repository contains both the smart contract (v4 and v5) code for token registry (in `/contracts`) as well as the node package for using this library (in `/src`).
 > The TrustVC library not only simplifies signing and verification but also imports and integrates existing TradeTrust libraries and smart contracts for token registry (V4 and V5), making it a versatile tool for decentralized identity and trust solutions.
@@ -589,8 +676,8 @@ function rejectTransferOwners(bytes calldata _remark) external;
 
 For more information on Token Registry and Title Escrow contracts **version v5**, please visit the readme of [TradeTrust Token Registry V5](https://github.com/TradeTrust/token-registry/blob/master/README.md)
 
-### 7. **Document Builder**
-> The `DocumentBuilder` class helps build and manage W3C Verifiable Credentials (VCs) with credential status features. It supports creating documents with two types of credential statuses: `transferableRecords` and `verifiableDocument`. It can sign the document using a private key, verify its signature, and serialize the document to a JSON format. Additionally, it allows for configuration of document rendering methods and expiration dates.
+### 8. **Document Builder**
+> The `DocumentBuilder` class helps build and manage W3C Verifiable Credentials (VCs) with credential status features, implementing the **W3C VC Data Model 2.0** specification. It supports creating documents with two types of credential statuses: `transferableRecords` and `verifiableDocument`. It can sign the document using a private key, verify its signature, and serialize the document to a JSON format. Additionally, it allows for configuration of document rendering methods and expiration dates.
 
 #### Usage
 
@@ -603,7 +690,7 @@ To learn more about defining custom contexts, check out the [Credential Subject
 // Adds a custom vocabulary used to define terms in the `credentialSubject`.
 // Users can define their own context if they have domain-specific fields or custom data structures.
 const builder = new DocumentBuilder({
-  '@context': 'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v1.jsonld'
+  '@context': 'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v2.jsonld'
 });
 ```
 
@@ -612,8 +699,8 @@ Set the subject of the Verifiable Credential, which typically contains informati
 
 ```ts
 builder.credentialSubject({
-  id: 'did:example:123',
-  name: 'John Doe',
+  type: ['Person'],
+  givenName: 'TrustVC',
 });
 ```
 
@@ -649,7 +736,7 @@ builder.credentialStatus({
 ```
 
 ##### Set Expiration Date
-You can set an expiration date for the document.
+You can set a valid until date (expiration) for the document.
 
 ```ts
 builder.expirationDate('2026-01-01T00:00:00Z');
@@ -677,16 +764,17 @@ builder.qrCode({
 ```
 
 ##### Sign the Document
-To sign the document, provide a `PrivateKeyPair` from `@trustvc/trustvc`.
+To sign the document, provide a `PrivateKeyPair` from `@trustvc/trustvc`. The builder uses ECDSA key for signing by default.
 
 ```ts
 const privateKey: PrivateKeyPair = {
-  id: 'did:example:456#key1',
-  controller: 'did:example:456',
-  type: VerificationType.Bls12381G2Key2020,
-  publicKeyBase58: 'your-public-key-base58',
-  privateKeyBase58: 'your-private-key-base58',
-};
+    '@context': 'https://w3id.org/security/multikey/v1',
+    id: 'did:web:example.com#multikey-1',
+    type: VerificationType.Multikey,
+    controller: 'did:web:example.com',
+    publicKeyMultibase: 'your-public-key-multibase',
+    secretKeyMultibase: 'your-secret-key-multibase',
+}
 
 const signedDocument = await builder.sign(privateKey);
 console.log(signedDocument);
@@ -696,19 +784,18 @@ Example Output After Signing
 ```json
 {
   "@context": [
-    "https://www.w3.org/2018/credentials/v1",
-    "https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v1.jsonld",
-    "https://w3id.org/vc/status-list/2021/v1",
-    "https://trustvc.io/context/render-method-context.json",
+    "https://www.w3.org/ns/credentials/v2",
+    "https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v2.jsonld",
+    "https://trustvc.io/context/render-method-context-v2.json",
     "https://trustvc.io/context/qrcode-context.json",
-    "https://w3id.org/security/bbs/v1"
+    "https://w3id.org/security/data-integrity/v2"
   ],
   "type": ["VerifiableCredential"],
   "credentialSubject": {
-    "id": "did:example:123",
-    "name": "John Doe"
+    "type": ["Person"],
+    "givenName": "TrustVC",
   },
-  "expirationDate": "2026-01-01T00:00:00Z",
+  "validUntil": "2026-01-01T00:00:00Z",
   "renderMethod": [
     {
       "id": "https://example.com/rendering-method",
@@ -727,21 +814,30 @@ Example Output After Signing
     "statusListIndex": "<placeholder>",
     "statusListCredential": "https://example.com/status-list"
   },
-  "issuer": "did:example:456",
-  "issuanceDate": "2025-01-01T00:00:00Z",
+  "issuer": "did:web:example.com",
+  "validFrom": "2025-01-01T00:00:00Z",
   "id": "urn:bnid:_:0195fec2-4ae1-7cca-9182-03fd7da5142b",
   "proof": {
-    "type": "BbsBlsSignature2020",
+    "type": "DataIntegrityProof",
     "created": "2025-01-01T00:00:01Z",
+    "verificationMethod": "did:web:example.com#multikey-1",
+    "cryptosuite": "ecdsa-sd-2023",
     "proofPurpose": "assertionMethod",
-    "proofValue": "rV56L+QYozATRy3GOVLomzUo99sXtw2x0Cy9dEkHJ15wi4cS12cQJRIwzONVi3YscdhaSKoqD1jWmwb5A/khLZnDq5eo3QzDgTVClYuV86opL3HJyoS4+t2rRt3wl+chnATy2jqr5zMEvcVJ3gdXpQ==",
-    "verificationMethod": "did:example:456#key1"
+    "proofValue": "u2V0AhVhAh1oLoiuV2AwmSa2ZspbmrG2gCDbpZW.......",
   }
 }
 ```
 
+##### Deriving the Document
+Provide the attributes to reveal to the `derive` method.
+
+```ts
+const derivedDocument = await builder.derive(['/credentialSubject/givenName']);
+console.log(derivedDocument);
+```
+
 ##### Verify the Document
-To verify the signature of the signed document:
+To verify the signature of the signed document, ensure the document is derived first and then call the `verify` method.
 
 ```ts
 const isVerified = await builder.verify();

package/dist/cjs/core/documentBuilder.js

@@ -1,5 +1,6 @@
 'use strict';
 
+var w3cIssuer = require('@trustvc/w3c-issuer');
 var w3c = require('../w3c');
 var w3cCredentialStatus = require('@trustvc/w3c-credential-status');
 var w3cVc = require('@trustvc/w3c-vc');
@@ -9,6 +10,7 @@ var tokenRegistryV5$1 = require('@tradetrust-tt/token-registry-v5');
 var tokenRegistryV4 = require('../token-registry-v4');
 var tokenRegistryV5 = require('../token-registry-v5');
 var utils = require('../utils');
+var w3cContext = require('@trustvc/w3c-context');
 
 var __defProp = Object.defineProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
@@ -30,6 +32,8 @@ class DocumentBuilder {
   // Required fields that must be present in the document.
   isSigned = false;
   // Tracks if a document is signed
+  isDerived = false;
+  // Tracks if a document is derived
   /**
    * Constructor to initialize the document builder.
    * @param {Partial<VerifiableCredential>} input - The input document.
@@ -63,18 +67,17 @@ class DocumentBuilder {
         tokenRegistry: config.tokenRegistry
       };
       this.rpcProviderUrl = config.rpcProviderUrl;
-      this.addContext("https://trustvc.io/context/transferable-records-context.json");
+      this.addContext(w3cContext.TR_CONTEXT_URL);
     } else if (isVerifiable) {
       this.selectedStatusType = "verifiableDocument";
       this.statusConfig = {
         id: `${config.url}#${config.index}`,
-        type: "StatusList2021Entry",
+        type: "BitstringStatusListEntry",
         statusPurpose: config.purpose || "revocation",
         // Set status purpose to "revocation" by default.
         statusListIndex: config.index,
         statusListCredential: config.url
       };
-      this.addContext("https://w3id.org/vc/status-list/2021/v1");
     } else {
       throw new Error("Configuration Error: Missing required fields for credential status.");
     }
@@ -83,25 +86,25 @@ class DocumentBuilder {
   // Sets the expiration date of the document.
   expirationDate(date) {
     if (this.isSigned) throw new Error("Configuration Error: Document is already signed.");
-    this.document.expirationDate = typeof date === "string" ? date : date.toISOString();
+    this.document.validUntil = typeof date === "string" ? date : date.toISOString();
     return this;
   }
   // Defines the rendering method for the document.
   renderMethod(method) {
     if (this.isSigned) throw new Error("Configuration Error: Document is already signed.");
     this.document.renderMethod = [method];
-    this.addContext("https://trustvc.io/context/render-method-context.json");
+    this.addContext(w3cContext.RENDER_CONTEXT_V2_URL);
     return this;
   }
   // Defines the qrcode for the document.
   qrCode(method) {
     if (this.isSigned) throw new Error("Configuration Error: Document is already signed.");
     this.document.qrCode = method;
-    this.addContext("https://trustvc.io/context/qrcode-context.json");
+    this.addContext(w3cContext.QRCODE_CONTEXT_URL);
     return this;
   }
   // Sign the document using the provided private key and an optional cryptographic suite.
-  async sign(privateKey, cryptoSuite) {
+  async sign(privateKey, cryptoSuite, options) {
     if (this.isSigned) throw new Error("Configuration Error: Document is already signed.");
     if (this.selectedStatusType) {
       this.document.credentialStatus = this.statusConfig;
@@ -119,16 +122,36 @@ class DocumentBuilder {
       await this.verifyTokenRegistry();
     }
     this.document.issuer = privateKey.id.split("#")[0];
-    this.document.issuanceDate = this.document.issuanceDate || (/* @__PURE__ */ new Date()).toISOString();
-    this.addContext("https://w3id.org/security/bbs/v1");
-    const signedVC = await w3c.signW3C(this.document, privateKey, cryptoSuite);
+    this.document.validFrom = this.document.validFrom || (/* @__PURE__ */ new Date()).toISOString();
+    if (!cryptoSuite || cryptoSuite === "ecdsa-sd-2023") {
+      this.addContext(w3cContext.DATA_INTEGRITY_V2_URL);
+    } else {
+      this.addContext(w3cContext.BBS_V1_URL);
+    }
+    const signedVC = await w3c.signW3C(this.document, privateKey, cryptoSuite, options);
     if (signedVC.error) throw new Error(`Signing Error: ${signedVC.error}`);
     this.isSigned = true;
     return signedVC.signed;
   }
+  async derive(revealedAttributes) {
+    if (!this.isSigned) throw new Error("Configuration Error: Document is not signed yet.");
+    if (this.isDerived) throw new Error("Configuration Error: Document is already derived.");
+    const derivedCredential = await w3c.deriveW3C(
+      this.document,
+      revealedAttributes
+    );
+    if (derivedCredential.error) throw new Error(`Derivation Error: ${derivedCredential.error}`);
+    this.document = derivedCredential.derived;
+    this.isDerived = true;
+    return derivedCredential.derived;
+  }
   // Verify the document.
   async verify() {
     if (!this.isSigned) throw new Error("Verification Error: Document is not signed yet.");
+    const cryptosuite = this.document?.proof?.cryptosuite;
+    if (cryptosuite === w3cIssuer.CryptoSuite.EcdsaSd2023 && !this.isDerived) {
+      throw new Error("Verification Error: Document is not derived yet. Use derive() first.");
+    }
     const verificationResult = await w3c.verifyW3CSignature(
       this.document
     );
@@ -167,10 +190,11 @@ class DocumentBuilder {
   }
   // Private helper method to build the context for the document, ensuring uniqueness and adding the default W3C context.
   buildContext(context) {
-    return [
-      "https://www.w3.org/2018/credentials/v1",
-      ...Array.isArray(context) ? context : context ? [context] : []
-    ].filter((v, i, a) => a.indexOf(v) === i);
+    const arrayContext = Array.isArray(context) ? context : context ? [context] : [];
+    if (arrayContext.includes(w3cContext.VC_V1_URL)) {
+      throw new Error("Document builder does not support data model v1.1.");
+    }
+    return [w3cContext.VC_V2_URL, ...arrayContext].filter((v, i, a) => a.indexOf(v) === i);
   }
   // Private helper method to add a new context to the document if it does not already exist.
   addContext(context) {

package/dist/cjs/open-attestation/utils.js

@@ -12,7 +12,6 @@ const {
   isSignedWrappedV3Document,
   isRawV2Document,
   isRawV3Document,
-  isObfuscated,
   getDocumentData,
   getIssuerAddress,
   diagnose,
@@ -49,7 +48,6 @@ exports.getDocumentData = getDocumentData;
 exports.getIssuerAddress = getIssuerAddress;
 exports.getTemplateURL = getTemplateURL;
 exports.isDocumentRevokable = isDocumentRevokable;
-exports.isObfuscated = isObfuscated;
 exports.isRawV2Document = isRawV2Document;
 exports.isRawV3Document = isRawV3Document;
 exports.isSignedWrappedV2Document = isSignedWrappedV2Document;

package/dist/cjs/token-registry-functions/returnToken.js

@@ -187,7 +187,7 @@ const acceptReturned = /* @__PURE__ */ __name(async (contractOptions, signer, pa
   const encryptedRemarks = remarks && isV5TT ? `0x${core.encrypt(remarks, options.id)}` : "0x";
   try {
     const isV6 = ethers.isV6EthersProvider(signer.provider);
-    const args = isV5TT ? [encryptedRemarks] : [];
+    const args = isV5TT ? [tokenId, encryptedRemarks] : [tokenId];
     if (isV6) {
       await tradeTrustTokenContract.burn.staticCall(...args);
     } else {

package/dist/cjs/utils/documents/index.js

@@ -73,9 +73,36 @@ const getChainId = /* @__PURE__ */ __name((document) => {
     return void 0;
   }
 }, "getChainId");
+const isObfuscated = /* @__PURE__ */ __name((document) => {
+  if (openAttestation.isWrappedV3Document(document)) {
+    return !!document.proof.privacy?.obfuscated?.length;
+  }
+  if (openAttestation.isWrappedV2Document(document)) {
+    return !!document.privacy?.obfuscatedData?.length;
+  }
+  if (vc.isSignedDocument(document)) {
+    return document.proof?.type === "BbsBlsSignatureProof2020";
+  }
+  throw new Error(
+    "Unsupported document type: Can only check if there are obfuscated data from wrapped OpenAttestation v2, v3 documents and signed verifiable credentials."
+  );
+}, "isObfuscated");
+const getObfuscatedData = /* @__PURE__ */ __name((document) => {
+  if (openAttestation.isWrappedV3Document(document)) {
+    return document.proof.privacy?.obfuscated;
+  }
+  if (openAttestation.isWrappedV2Document(document)) {
+    return document.privacy?.obfuscatedData || [];
+  }
+  throw new Error(
+    "Unsupported document type: Can only retrieve obfuscated data from wrapped OpenAttestation v2 & v3 documents."
+  );
+}, "getObfuscatedData");
 
 exports.getChainId = getChainId;
+exports.getObfuscatedData = getObfuscatedData;
 exports.getTokenId = getTokenId;
 exports.getTokenRegistryAddress = getTokenRegistryAddress;
 exports.getTransferableRecordsCredentialStatus = getTransferableRecordsCredentialStatus;
+exports.isObfuscated = isObfuscated;
 exports.isTransferableRecord = isTransferableRecord;

package/dist/cjs/verify/fragments/document-integrity/ecdsaW3CSignatureIntegrity.js

@@ -0,0 +1,87 @@
+'use strict';
+
+var verify = require('../../../w3c/verify');
+var w3cVc = require('@trustvc/w3c-vc');
+
+var __defProp = Object.defineProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+const PROOF_TYPE = "DataIntegrityProof";
+const CRYPTOSUITE = "ecdsa-sd-2023";
+const DERIVE_CREDENTIAL_ERROR = "Use deriveCredential() first";
+function isSignedVerifiableCredential(document) {
+  return typeof document === "object" && document !== null && "proof" in document;
+}
+__name(isSignedVerifiableCredential, "isSignedVerifiableCredential");
+const ecdsaW3CSignatureIntegrity = {
+  skip: /* @__PURE__ */ __name(async () => {
+    return {
+      type: "DOCUMENT_INTEGRITY",
+      name: "EcdsaW3CSignatureIntegrity",
+      reason: {
+        code: 0,
+        codeString: "SKIPPED",
+        message: `Document either has no proof or proof type is not '${PROOF_TYPE}' or proof cryptosuite is not '${CRYPTOSUITE}'.`
+      },
+      status: "SKIPPED"
+    };
+  }, "skip"),
+  test: /* @__PURE__ */ __name((document) => {
+    const doc = document;
+    return doc.proof?.type === "DataIntegrityProof" && doc.proof?.cryptosuite === "ecdsa-sd-2023";
+  }, "test"),
+  verify: /* @__PURE__ */ __name(async (document, verifierOptions) => {
+    if (!isSignedVerifiableCredential(document)) {
+      return {
+        type: "DOCUMENT_INTEGRITY",
+        name: "EcdsaW3CSignatureIntegrity",
+        data: false,
+        reason: {
+          message: "Document is not a valid SignedVerifiableCredential"
+        },
+        status: "INVALID"
+      };
+    }
+    try {
+      let verificationResult = await verify.verifyW3CSignature(document, verifierOptions);
+      let isDerived = true;
+      if (!verificationResult.verified && verificationResult.error?.includes(DERIVE_CREDENTIAL_ERROR)) {
+        const derivedCredential = await w3cVc.deriveCredential(document, []);
+        verificationResult = await verify.verifyW3CSignature(derivedCredential.derived, verifierOptions);
+        isDerived = false;
+      }
+      if (verificationResult.verified) {
+        return {
+          type: "DOCUMENT_INTEGRITY",
+          name: "EcdsaW3CSignatureIntegrity",
+          data: true,
+          reason: {
+            message: isDerived ? "Document verified successfully" : "Document verified after derivation"
+          },
+          status: "VALID"
+        };
+      } else {
+        return {
+          type: "DOCUMENT_INTEGRITY",
+          name: "EcdsaW3CSignatureIntegrity",
+          data: false,
+          reason: {
+            message: verificationResult.error || "Verification failed"
+          },
+          status: "INVALID"
+        };
+      }
+    } catch (error) {
+      return {
+        type: "DOCUMENT_INTEGRITY",
+        name: "EcdsaW3CSignatureIntegrity",
+        data: false,
+        reason: {
+          message: error instanceof Error ? error.message : "Unknown verification error"
+        },
+        status: "INVALID"
+      };
+    }
+  }, "verify")
+};
+
+exports.ecdsaW3CSignatureIntegrity = ecdsaW3CSignatureIntegrity;

package/dist/cjs/verify/fragments/document-integrity/w3cSignatureIntegrity.js

@@ -1,6 +1,6 @@
 'use strict';
 
-var __ = require('../../..');
+var verify = require('../../../w3c/verify');
 
 var __defProp = Object.defineProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
@@ -23,7 +23,7 @@ const w3cSignatureIntegrity = {
   }, "test"),
   verify: /* @__PURE__ */ __name(async (document, verifierOptions) => {
     const doc = document;
-    const verificationResult = await __.verifyW3CSignature(doc, verifierOptions);
+    const verificationResult = await verify.verifyW3CSignature(doc, verifierOptions);
     if (verificationResult.verified) {
       return {
         type: "DOCUMENT_INTEGRITY",

package/dist/cjs/verify/fragments/index.js

@@ -2,6 +2,7 @@
 
 var ttVerify = require('@tradetrust-tt/tt-verify');
 var w3cSignatureIntegrity = require('./document-integrity/w3cSignatureIntegrity');
+var ecdsaW3CSignatureIntegrity = require('./document-integrity/ecdsaW3CSignatureIntegrity');
 var transferableRecordVerifier = require('./document-status/transferableRecords/transferableRecordVerifier');
 var w3cCredentialStatus = require('./document-status/w3cCredentialStatus');
 var w3cIssuerIdentity = require('./issuer-identity/w3cIssuerIdentity');
@@ -41,6 +42,10 @@ Object.defineProperty(exports, "w3cSignatureIntegrity", {
   enumerable: true,
   get: function () { return w3cSignatureIntegrity.w3cSignatureIntegrity; }
 });
+Object.defineProperty(exports, "ecdsaW3CSignatureIntegrity", {
+  enumerable: true,
+  get: function () { return ecdsaW3CSignatureIntegrity.ecdsaW3CSignatureIntegrity; }
+});
 Object.defineProperty(exports, "TRANSFERABLE_RECORDS_TYPE", {
   enumerable: true,
   get: function () { return transferableRecordVerifier.TRANSFERABLE_RECORDS_TYPE; }

package/dist/cjs/verify/verify.js

@@ -2,6 +2,7 @@
 
 var ttVerify = require('@tradetrust-tt/tt-verify');
 var w3cSignatureIntegrity = require('./fragments/document-integrity/w3cSignatureIntegrity');
+var ecdsaW3CSignatureIntegrity = require('./fragments/document-integrity/ecdsaW3CSignatureIntegrity');
 var transferableRecordVerifier = require('./fragments/document-status/transferableRecords/transferableRecordVerifier');
 var w3cCredentialStatus = require('./fragments/document-status/w3cCredentialStatus');
 var w3cIssuerIdentity = require('./fragments/issuer-identity/w3cIssuerIdentity');
@@ -33,6 +34,7 @@ const openAttestationVerifiers = [
 ];
 const w3cVerifiers = [
   w3cSignatureIntegrity.w3cSignatureIntegrity,
+  ecdsaW3CSignatureIntegrity.ecdsaW3CSignatureIntegrity,
   w3cCredentialStatus.w3cCredentialStatus,
   transferableRecordVerifier.credentialStatusTransferableRecordVerifier,
   fragments.w3cEmptyCredentialStatus,