@trustvc/trustvc 1.8.1 → 2.0.1

package/README.md

@@ -2,7 +2,7 @@
 
 ## About
 
-TrustVC is a comprehensive wrapper library designed to simplify the signing and verification processes for TrustVC W3C [Verifiable Credentials (VC)](https://github.com/TrustVC/w3c) and OpenAttestation Verifiable Documents (VD), adhering to the W3C [VC](https://www.w3.org/TR/vc-data-model/) Data Model v1.1 (W3C Standard). It ensures compatibility and interoperability for Verifiable Credentials while supporting OpenAttestation [Verifiable Documents (VD)](https://github.com/Open-Attestation/open-attestation) v6.9.5. TrustVC seamlessly integrates functionalities for handling W3C Verifiable Credentials and OpenAttestation Verifiable Documents, leveraging existing TradeTrust libraries and smart contracts for [Token Registry](https://github.com/TradeTrust/token-registry) (V4 and V5). Additionally, it includes essential utility functions for strings, networks, and chains, making it a versatile tool for developers working with decentralized identity and verifiable data solutions.
+TrustVC is a comprehensive wrapper library designed to simplify the signing and verification processes for TrustVC W3C [Verifiable Credentials (VC)](https://github.com/TrustVC/w3c) and OpenAttestation Verifiable Documents (VD), adhering to the W3C [VC](https://www.w3.org/TR/vc-data-model/) Data Model v2.0 (W3C Standard). It ensures compatibility and interoperability for Verifiable Credentials while supporting OpenAttestation [Verifiable Documents (VD)](https://github.com/Open-Attestation/open-attestation) v6.9.5. TrustVC seamlessly integrates functionalities for handling W3C Verifiable Credentials and OpenAttestation Verifiable Documents, leveraging existing TradeTrust libraries and smart contracts for [Token Registry](https://github.com/TradeTrust/token-registry) (V4 and V5). Additionally, it includes essential utility functions for strings, networks, and chains, making it a versatile tool for developers working with decentralized identity and verifiable data solutions.
 
 ## Table of Contents
 
@@ -16,15 +16,16 @@ TrustVC is a comprehensive wrapper library designed to simplify the signing and
     - [2. **Signing**](#2-signing)
       - [a) OpenAttestation Signing (signOA) v2 v3](#a-openattestation-signing-signoa-v2-v3)
       - [b) TrustVC W3C Signing (signW3C)](#b-trustvc-w3c-signing-signw3c)
-    - [3. **Verifying**](#3-verifying)
-    - [4. **Encryption**](#4-encryption)
-    - [5. **Decryption**](#5-decryption)
-    - [6. **TradeTrust Token Registry**](#6-tradetrust-token-registry)
+    - [3. **Deriving (Selective Disclosure)**](#3-deriving-selective-disclosure)
+    - [4. **Verifying**](#4-verifying)
+    - [5. **Encryption**](#5-encryption)
+    - [6. **Decryption**](#6-decryption)
+    - [7. **TradeTrust Token Registry**](#7-tradetrust-token-registry)
       - [Usage](#usage-2)
       - [TradeTrustToken](#tradetrusttoken)
       - [a) Token Registry v4](#a-token-registry-v4)
       - [b) Token Registry V5](#b-token-registry-v5)
-    - [7. **Document Builder**](#7-document-builder)
+    - [8. **Document Builder**](#8-document-builder)
 
 ## Installation
 
@@ -113,7 +114,7 @@ console.log(wrappedDocuments);
 
 ### 2. **Signing**
 
-> The TrustVC Signing feature simplifies the signing process for OA documents and W3C-compliant verifiable credentials using BBS+ signatures. This feature allows you to easily sign W3C Verifiable Credentials (VCs) and ensure they comply with the latest standards.
+> The TrustVC Signing feature simplifies the signing process for OA documents and W3C-compliant verifiable credentials using ECDSA signature. This feature allows you to easily sign W3C Verifiable Credentials (VCs) and ensure they comply with the latest standards.
 
 The signing functionality is split into two methods:
 
@@ -154,84 +155,169 @@ const signedWrappedDocument = await signOA(wrappedDocument, {
 
 #### b) TrustVC W3C Signing (signW3C)
 
+The `signW3C` function signs W3C Verifiable Credentials using the provided cryptographic suite and key pair. By default, it uses the **ecdsa-sd-2023** crypto suite unless otherwise specified.
+
 ```ts
 import { signW3C, VerificationType } from '@trustvc/trustvc';
 
 const rawDocument = {
   '@context': [
-    'https://www.w3.org/2018/credentials/v1',
-    'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v1.jsonld',
-    'https://w3id.org/security/bbs/v1',
+    'https://www.w3.org/ns/credentials/v2',
+    'https://w3id.org/security/data-integrity/v2',
     'https://w3id.org/vc/status-list/2021/v1',
+    'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v2.jsonld',
   ],
   credentialStatus: {
     id: 'https://trustvc.github.io/did/credentials/statuslist/1#1',
-    type: 'StatusList2021Entry',
+    type: 'BitstringStatusListEntry',
     statusPurpose: 'revocation',
     statusListIndex: '10',
     statusListCredential: 'https://trustvc.github.io/did/credentials/statuslist/1',
   },
   credentialSubject: {
-    name: 'TrustVC',
+    type: ['Person']
+    givenName: 'TrustVC',
     birthDate: '2024-04-01T12:19:52Z',
-    type: ['PermanentResident', 'Person'],
   },
-  expirationDate: '2029-12-03T12:19:52Z',
   issuer: 'did:web:trustvc.github.io:did:1',
   type: ['VerifiableCredential'],
-  issuanceDate: '2024-04-01T12:19:52Z',
+  validFrom: '2024-04-01T12:19:52Z',
+  validUntil: '2029-12-03T12:19:52Z'
 };
 
+// Using default ecdsa-sd-2023 crypto suite
 const signingResult = await signW3C(rawDocument, {
-  id: 'did:web:trustvc.github.io:did:1#keys-1',
+  '@context': 'https://w3id.org/security/multikey/v1',
+  id: 'did:web:trustvc.github.io:did:1#multikey-1',
+  type: VerificationType.Multikey,
   controller: 'did:web:trustvc.github.io:did:1',
-  type: VerificationType.Bls12381G2Key2020,
-  publicKeyBase58:
-    'oRfEeWFresvhRtXCkihZbxyoi2JER7gHTJ5psXhHsdCoU1MttRMi3Yp9b9fpjmKh7bMgfWKLESiK2YovRd8KGzJsGuamoAXfqDDVhckxuc9nmsJ84skCSTijKeU4pfAcxeJ',
-  privateKeyBase58: '<privateKeyBase58>',
+  publicKeyMultibase: 'zDnaemDNwi4G5eTzGfRooFFu5Kns3be6yfyVNtiaMhWkZbwtc',
+  secretKeyMultibase: '<secretKeyMultibase>'
 });
+
+// You can also specify mandatory pointers for selective disclosure with ecdsa-sd-2023
+const signingResultWithPointers = await signW3C(
+  rawDocument,
+  {
+    '@context': 'https://w3id.org/security/multikey/v1',
+    id: 'did:web:trustvc.github.io:did:1#multikey-1',
+    type: VerificationType.Multikey,
+    controller: 'did:web:trustvc.github.io:did:1',
+    publicKeyMultibase: 'zDnaemDNwi4G5eTzGfRooFFu5Kns3be6yfyVNtiaMhWkZbwtc',
+    secretKeyMultibase: '<secretKeyMultibase>'
+  },
+  'ecdsa-sd-2023',
+  {
+    mandatoryPointers: ['/credentialStatus']
+  }
+);
+
+// Alternatively, specify a different crypto suite. Ensure the context is updated to include the crypto suite.
+const signingResultWithBbs = await signW3C(
+  rawDocument,
+  {
+    id: 'did:web:trustvc.github.io:did:1#keys-1',
+    controller: 'did:web:trustvc.github.io:did:1',
+    type: VerificationType.Bls12381G2Key2020,
+    publicKeyBase58: 'oRfEeWFresvhRtXCkihZbxyoi2JER7gHTJ5psXhHsdCoU1MttRMi3Yp9b9fpjmKh7bMgfWKLESiK2YovRd8KGzJsGuamoAXfqDDVhckxuc9nmsJ84skCSTijKeU4pfAcxeJ',
+    privateKeyBase58: '<privateKeyBase58>',
+  },
+  'BbsBlsSignature2020'
+);
+
 ```
 
 ---
 
-### 3. **Verifying**
+### 3. **Deriving (Selective Disclosure)**
 
-> TrustVC simplifies the verification process with a single function that supports both W3C Verifiable Credentials (VCs) and OpenAttestation Verifiable Documents (VDs). Whether you're working with W3C standards or OpenAttestation standards, TrustVC handles the verification seamlessly.
+> When using ECDSA-SD-2023 crypto suite, we can derive a new credential with selective disclosure. This means you can choose which parts of the credential to reveal while keeping others hidden.
 
 ```ts
-import { verifyDocument } from '@trustvc/trustvc';
+import { deriveW3C } from '@trustvc/trustvc';
 
+// This is a signed document using ecdsa-sd-2023
 const signedDocument = {
   '@context': [
-    'https://www.w3.org/2018/credentials/v1',
-    'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v1.jsonld',
-    'https://w3id.org/security/bbs/v1',
-    'https://w3id.org/vc/status-list/2021/v1',
+    'https://www.w3.org/ns/credentials/v2',
+    'https://w3id.org/security/data-integrity/v2',
+    'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v2.jsonld'
   ],
   credentialStatus: {
     id: 'https://trustvc.github.io/did/credentials/statuslist/1#1',
-    type: 'StatusList2021Entry',
+    type: 'BitstringStatusListEntry',
     statusPurpose: 'revocation',
     statusListIndex: '10',
-    statusListCredential: 'https://trustvc.github.io/did/credentials/statuslist/1',
+    statusListCredential: 'https://trustvc.github.io/did/credentials/statuslist/1'
   },
   credentialSubject: {
-    name: 'TrustVC',
-    birthDate: '2024-04-01T12:19:52Z',
-    type: ['PermanentResident', 'Person'],
+    type: ['Person'],
+    givenName: 'TrustVC',
+    birthDate: '2024-04-01T12:19:52Z'
   },
-  expirationDate: '2029-12-03T12:19:52Z',
   issuer: 'did:web:trustvc.github.io:did:1',
   type: ['VerifiableCredential'],
-  issuanceDate: '2024-04-01T12:19:52Z',
+  validFrom: '2024-04-01T12:19:52Z',
+  validUntil: '2029-12-03T12:19:52Z',
+  id: 'urn:uuid:0198e4a3-b601-7117-9d02-8c9a9a54ab5d',
   proof: {
-    type: 'BbsBlsSignature2020',
-    created: '2024-10-14T04:11:49Z',
+    type: 'DataIntegrityProof',
+    created: '2025-08-18T14:38:51Z',
+    verificationMethod: 'did:web:trustvc.github.io:did:1#multikey-1',
+    cryptosuite: 'ecdsa-sd-2023',
     proofPurpose: 'assertionMethod',
-    proofValue:
-      'l79dlFQMowalep+WCFqgCvpVBcCAr0GDEFUV6S7gRVY/TQ+sp/wcwaT61PaD19rJYUHlKfzccE4m7waZyoLEkBLFiK2g54Q2i+CdtYBgDdkUDsoULSBMcH1MwGHwdjfXpldFNFrHFx/IAvLVniyeMQ==',
-    verificationMethod: 'did:web:trustvc.github.io:did:1#keys-1',
+    proofValue: 'u2V0AhVhAWvyp4W7vt4DBhJy2JjKdbDjNSjh3mFsIfPv68Xk2uc4PSFf1iiAeq19rvnHou1LW_Ff0MrRxzcmuTsBO54q3vVgjgCQDz9CT1s28B8Wsk-i8hgzexvcOZgInRbK9VpG6pMwSfbNYIA0xoaqSwjMxAISQ2l2uRmBFlIdL3XFduNUlo93wj5EMilhA24fPUQHaYlpN2hezHkI2QbUpUzVdIoRFA9KdzA1JNWM9GuCKWF0A62W91QmN82237JIiF1d2aLq3lnCpgR_Y-VhAdhqKN1MXPH5BNYAmM1rSZLHGF92dYt2k3XLb84UsgBYNx0f5VKOKFKNY-ZNho59RdsSTRNbsUzU-zzH1CLkc-lhAKgI6LHZPLePwB-Vsad2jOO-_PGHoHas5-uNJDDSp-xTO2auFGmpI6OGx-U_xwcKYX3su3qwtYCJ3nf2-l-t5SFhAfNLg1QbwjJBStUFCcVZWzu1wDh1d9owiox2nNm9EDun4DU40ThWLoWJEEGtqJYE0XFeMxCNkGJGvBQkXJxKZYlhAXBhzKu4D8oXuUHymh5rXvp-a4cUHI0Mh0H0eEifx41FqPc_hNNhCEZKAl_lB6mxIAA-5rqDkUH8zj-gH0TDgq1hA8GZCjLF6wE5feS14DscTe_oVIAfe_2YYTdDLwtklycGXiIGjMs3XmX002URnASJU2RcX1hROupc2tpXFGOQZmlhAPwgkCD6aSL2gusl56goodXi7lg5GDJyh3iYSSA2qL0HkBs7q3FsbijIvscH3-bIEWZHUX127ZC3f1UL85WPR01hAQi-48VLrcfPC1aFuwuUQm_UEwkZ4LZsEvvPrPtrC1WjtGq7-NDAfNkz6cO9MgsUwjAncXliJW-tTNX3ujDfEA1hAARmh7uujgnsv7CoQt4suDhtVJKZA5UdKahJkUvqXZKRFfhRmJHPwJKnM04IV_AcQd8RH--v2ZUzD6IUGYXCUIVhABjkqmiaLL9PY20li9JBOd0VR7udnu0eM8JMGnnHm_gEIKM3eHWPqyfJyw9AfFymBwm0fgBqRxf0LIo9uDkLlwYJnL2lzc3VlcmovdmFsaWRGcm9t'
+  }
+};
+
+// Derive a new credential with only specific fields disclosed
+const derivationResult = await deriveW3C(signedDocument, {
+  // Only reveal the credential type and givenName, hide birthDate
+  selectivePointers: ['/type', '/credentialSubject/givenName']
+});
+
+```
+
+---
+
+### 4. **Verifying**
+
+> TrustVC simplifies the verification process with a single function that supports both W3C Verifiable Credentials (VCs) and OpenAttestation Verifiable Documents (VDs). Whether you're working with W3C standards or OpenAttestation standards, TrustVC handles the verification seamlessly. For ECDSA-signed documents, which normally require derivation before verification, TrustVC automatically handles this process internally - if a document is not derived, the `verifyDocument` function will automatically derive and verify the document in a single step.
+
+```ts
+import { verifyDocument } from '@trustvc/trustvc';
+
+const signedDocument = {
+  '@context': [
+    'https://www.w3.org/ns/credentials/v2',
+    'https://w3id.org/security/data-integrity/v2',
+    'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v2.jsonld'
+  ],
+  credentialStatus: {
+    id: 'https://trustvc.github.io/did/credentials/statuslist/1#1',
+    type: 'BitstringStatusListEntry',
+    statusPurpose: 'revocation',
+    statusListIndex: '10',
+    statusListCredential: 'https://trustvc.github.io/did/credentials/statuslist/1'
   },
+  credentialSubject: {
+    type: ['Person'],
+    givenName: 'TrustVC',
+    birthDate: '2024-04-01T12:19:52Z'
+  },
+  issuer: 'did:web:trustvc.github.io:did:1',
+  type: ['VerifiableCredential'],
+  validFrom: '2024-04-01T12:19:52Z',
+  validUntil: '2029-12-03T12:19:52Z',
+  id: 'urn:uuid:0198e4a3-b601-7117-9d02-8c9a9a54ab5d',
+  proof: {
+    type: 'DataIntegrityProof',
+    created: '2025-08-18T14:38:51Z',
+    verificationMethod: 'did:web:trustvc.github.io:did:1#multikey-1',
+    cryptosuite: 'ecdsa-sd-2023',
+    proofPurpose: 'assertionMethod',
+    proofValue: 'u2V0AhVhAWvyp4W7vt4DBhJy2JjKdbDjNSjh3mFsIfPv68Xk2uc4PSFf1iiAeq19rvnHou1LW_Ff0MrRxzcmuTsBO54q3vVgjgCQDz9CT1s28B8Wsk-i8hgzexvcOZgInRbK9VpG6pMwSfbNYIA0xoaqSwjMxAISQ2l2uRmBFlIdL3XFduNUlo93wj5EMilhA24fPUQHaYlpN2hezHkI2QbUpUzVdIoRFA9KdzA1JNWM9GuCKWF0A62W91QmN82237JIiF1d2aLq3lnCpgR_Y-VhAdhqKN1MXPH5BNYAmM1rSZLHGF92dYt2k3XLb84UsgBYNx0f5VKOKFKNY-ZNho59RdsSTRNbsUzU-zzH1CLkc-lhAKgI6LHZPLePwB-Vsad2jOO-_PGHoHas5-uNJDDSp-xTO2auFGmpI6OGx-U_xwcKYX3su3qwtYCJ3nf2-l-t5SFhAfNLg1QbwjJBStUFCcVZWzu1wDh1d9owiox2nNm9EDun4DU40ThWLoWJEEGtqJYE0XFeMxCNkGJGvBQkXJxKZYlhAXBhzKu4D8oXuUHymh5rXvp-a4cUHI0Mh0H0eEifx41FqPc_hNNhCEZKAl_lB6mxIAA-5rqDkUH8zj-gH0TDgq1hA8GZCjLF6wE5feS14DscTe_oVIAfe_2YYTdDLwtklycGXiIGjMs3XmX002URnASJU2RcX1hROupc2tpXFGOQZmlhAPwgkCD6aSL2gusl56goodXi7lg5GDJyh3iYSSA2qL0HkBs7q3FsbijIvscH3-bIEWZHUX127ZC3f1UL85WPR01hAQi-48VLrcfPC1aFuwuUQm_UEwkZ4LZsEvvPrPtrC1WjtGq7-NDAfNkz6cO9MgsUwjAncXliJW-tTNX3ujDfEA1hAARmh7uujgnsv7CoQt4suDhtVJKZA5UdKahJkUvqXZKRFfhRmJHPwJKnM04IV_AcQd8RH--v2ZUzD6IUGYXCUIVhABjkqmiaLL9PY20li9JBOd0VR7udnu0eM8JMGnnHm_gEIKM3eHWPqyfJyw9AfFymBwm0fgBqRxf0LIo9uDkLlwYJnL2lzc3VlcmovdmFsaWRGcm9t'
+  }
 };
 
 const resultFragments = await verifyDocument(signedDocument);
@@ -239,7 +325,7 @@ const resultFragments = await verifyDocument(signedDocument);
 
 ---
 
-### 4. **Encryption**
+### 5. **Encryption**
 
 > The `encrypt` function encrypts plaintext messages using the **ChaCha20** encryption algorithm, ensuring the security and integrity of the input data. It supports custom keys and nonces, returning the encrypted message in hexadecimal format.
 
@@ -316,7 +402,7 @@ It also relies on the `ts-chacha20` library for encryption operations.
 
 ---
 
-### 5. **Decryption**
+### 6. **Decryption**
 
 > The `decrypt` function decrypts messages encrypted with the **ChaCha20** algorithm. It converts the input from a hexadecimal format back into plaintext using the provided key and nonce.
 
@@ -399,7 +485,7 @@ It also relies on the `ts-chacha20` library for decryption operations.
 
 ---
 
-### 6. **TradeTrust Token Registry**
+### 7. **TradeTrust Token Registry**
 
 > The Electronic Bill of Lading (eBL) is a digital document that can be used to prove the ownership of goods. It is a standardized document that is accepted by all major shipping lines and customs authorities. The [Token Registry](https://github.com/TradeTrust/token-registry) repository contains both the smart contract (v4 and v5) code for token registry (in `/contracts`) as well as the node package for using this library (in `/src`).
 > The TrustVC library not only simplifies signing and verification but also imports and integrates existing TradeTrust libraries and smart contracts for token registry (V4 and V5), making it a versatile tool for decentralized identity and trust solutions.
@@ -589,8 +675,8 @@ function rejectTransferOwners(bytes calldata _remark) external;
 
 For more information on Token Registry and Title Escrow contracts **version v5**, please visit the readme of [TradeTrust Token Registry V5](https://github.com/TradeTrust/token-registry/blob/master/README.md)
 
-### 7. **Document Builder**
-> The `DocumentBuilder` class helps build and manage W3C Verifiable Credentials (VCs) with credential status features. It supports creating documents with two types of credential statuses: `transferableRecords` and `verifiableDocument`. It can sign the document using a private key, verify its signature, and serialize the document to a JSON format. Additionally, it allows for configuration of document rendering methods and expiration dates.
+### 8. **Document Builder**
+> The `DocumentBuilder` class helps build and manage W3C Verifiable Credentials (VCs) with credential status features, implementing the **W3C VC Data Model 2.0** specification. It supports creating documents with two types of credential statuses: `transferableRecords` and `verifiableDocument`. It can sign the document using a private key, verify its signature, and serialize the document to a JSON format. Additionally, it allows for configuration of document rendering methods and expiration dates.
 
 #### Usage
 
@@ -603,7 +689,7 @@ To learn more about defining custom contexts, check out the [Credential Subject
 // Adds a custom vocabulary used to define terms in the `credentialSubject`.
 // Users can define their own context if they have domain-specific fields or custom data structures.
 const builder = new DocumentBuilder({
-  '@context': 'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v1.jsonld'
+  '@context': 'https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v2.jsonld'
 });
 ```
 
@@ -612,8 +698,8 @@ Set the subject of the Verifiable Credential, which typically contains informati
 
 ```ts
 builder.credentialSubject({
-  id: 'did:example:123',
-  name: 'John Doe',
+  type: ['Person'],
+  givenName: 'TrustVC',
 });
 ```
 
@@ -649,7 +735,7 @@ builder.credentialStatus({
 ```
 
 ##### Set Expiration Date
-You can set an expiration date for the document.
+You can set a valid until date (expiration) for the document.
 
 ```ts
 builder.expirationDate('2026-01-01T00:00:00Z');
@@ -677,16 +763,17 @@ builder.qrCode({
 ```
 
 ##### Sign the Document
-To sign the document, provide a `PrivateKeyPair` from `@trustvc/trustvc`.
+To sign the document, provide a `PrivateKeyPair` from `@trustvc/trustvc`. The builder uses ECDSA key for signing by default.
 
 ```ts
 const privateKey: PrivateKeyPair = {
-  id: 'did:example:456#key1',
-  controller: 'did:example:456',
-  type: VerificationType.Bls12381G2Key2020,
-  publicKeyBase58: 'your-public-key-base58',
-  privateKeyBase58: 'your-private-key-base58',
-};
+    '@context': 'https://w3id.org/security/multikey/v1',
+    id: 'did:web:example.com#multikey-1',
+    type: VerificationType.Multikey,
+    controller: 'did:web:example.com',
+    publicKeyMultibase: 'your-public-key-multibase',
+    secretKeyMultibase: 'your-secret-key-multibase',
+}
 
 const signedDocument = await builder.sign(privateKey);
 console.log(signedDocument);
@@ -696,19 +783,18 @@ Example Output After Signing
 ```json
 {
   "@context": [
-    "https://www.w3.org/2018/credentials/v1",
-    "https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v1.jsonld",
-    "https://w3id.org/vc/status-list/2021/v1",
-    "https://trustvc.io/context/render-method-context.json",
+    "https://www.w3.org/ns/credentials/v2",
+    "https://w3c-ccg.github.io/citizenship-vocab/contexts/citizenship-v2.jsonld",
+    "https://trustvc.io/context/render-method-context-v2.json",
     "https://trustvc.io/context/qrcode-context.json",
-    "https://w3id.org/security/bbs/v1"
+    "https://w3id.org/security/data-integrity/v2"
   ],
   "type": ["VerifiableCredential"],
   "credentialSubject": {
-    "id": "did:example:123",
-    "name": "John Doe"
+    "type": ["Person"],
+    "givenName": "TrustVC",
   },
-  "expirationDate": "2026-01-01T00:00:00Z",
+  "validUntil": "2026-01-01T00:00:00Z",
   "renderMethod": [
     {
       "id": "https://example.com/rendering-method",
@@ -722,26 +808,35 @@ Example Output After Signing
   },
   "credentialStatus": {
     "id": "https://example.com/status-list#<placeholder>",
-    "type": "StatusList2021Entry",
+    "type": "BitstringStatusListEntry",
     "statusPurpose": "revocation",
     "statusListIndex": "<placeholder>",
     "statusListCredential": "https://example.com/status-list"
   },
-  "issuer": "did:example:456",
-  "issuanceDate": "2025-01-01T00:00:00Z",
+  "issuer": "did:web:example.com",
+  "validFrom": "2025-01-01T00:00:00Z",
   "id": "urn:bnid:_:0195fec2-4ae1-7cca-9182-03fd7da5142b",
   "proof": {
-    "type": "BbsBlsSignature2020",
+    "type": "DataIntegrityProof",
     "created": "2025-01-01T00:00:01Z",
+    "verificationMethod": "did:web:example.com#multikey-1",
+    "cryptosuite": "ecdsa-sd-2023",
     "proofPurpose": "assertionMethod",
-    "proofValue": "rV56L+QYozATRy3GOVLomzUo99sXtw2x0Cy9dEkHJ15wi4cS12cQJRIwzONVi3YscdhaSKoqD1jWmwb5A/khLZnDq5eo3QzDgTVClYuV86opL3HJyoS4+t2rRt3wl+chnATy2jqr5zMEvcVJ3gdXpQ==",
-    "verificationMethod": "did:example:456#key1"
+    "proofValue": "u2V0AhVhAh1oLoiuV2AwmSa2ZspbmrG2gCDbpZW.......",
   }
 }
 ```
 
+##### Deriving the Document
+Provide the attributes to reveal to the `derive` method.
+
+```ts
+const derivedDocument = await builder.derive(['/credentialSubject/givenName']);
+console.log(derivedDocument);
+```
+
 ##### Verify the Document
-To verify the signature of the signed document:
+To verify the signature of the signed document, ensure the document is derived first and then call the `verify` method.
 
 ```ts
 const isVerified = await builder.verify();

package/dist/cjs/core/documentBuilder.js

@@ -1,5 +1,6 @@
 'use strict';
 
+var w3cIssuer = require('@trustvc/w3c-issuer');
 var w3c = require('../w3c');
 var w3cCredentialStatus = require('@trustvc/w3c-credential-status');
 var w3cVc = require('@trustvc/w3c-vc');
@@ -9,6 +10,7 @@ var tokenRegistryV5$1 = require('@tradetrust-tt/token-registry-v5');
 var tokenRegistryV4 = require('../token-registry-v4');
 var tokenRegistryV5 = require('../token-registry-v5');
 var utils = require('../utils');
+var w3cContext = require('@trustvc/w3c-context');
 
 var __defProp = Object.defineProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
@@ -30,6 +32,8 @@ class DocumentBuilder {
   // Required fields that must be present in the document.
   isSigned = false;
   // Tracks if a document is signed
+  isDerived = false;
+  // Tracks if a document is derived
   /**
    * Constructor to initialize the document builder.
    * @param {Partial<VerifiableCredential>} input - The input document.
@@ -63,18 +67,17 @@ class DocumentBuilder {
         tokenRegistry: config.tokenRegistry
       };
       this.rpcProviderUrl = config.rpcProviderUrl;
-      this.addContext("https://trustvc.io/context/transferable-records-context.json");
+      this.addContext(w3cContext.TR_CONTEXT_URL);
     } else if (isVerifiable) {
       this.selectedStatusType = "verifiableDocument";
       this.statusConfig = {
         id: `${config.url}#${config.index}`,
-        type: "StatusList2021Entry",
+        type: "BitstringStatusListEntry",
         statusPurpose: config.purpose || "revocation",
         // Set status purpose to "revocation" by default.
         statusListIndex: config.index,
         statusListCredential: config.url
       };
-      this.addContext("https://w3id.org/vc/status-list/2021/v1");
     } else {
       throw new Error("Configuration Error: Missing required fields for credential status.");
     }
@@ -83,25 +86,25 @@ class DocumentBuilder {
   // Sets the expiration date of the document.
   expirationDate(date) {
     if (this.isSigned) throw new Error("Configuration Error: Document is already signed.");
-    this.document.expirationDate = typeof date === "string" ? date : date.toISOString();
+    this.document.validUntil = typeof date === "string" ? date : date.toISOString();
     return this;
   }
   // Defines the rendering method for the document.
   renderMethod(method) {
     if (this.isSigned) throw new Error("Configuration Error: Document is already signed.");
     this.document.renderMethod = [method];
-    this.addContext("https://trustvc.io/context/render-method-context.json");
+    this.addContext(w3cContext.RENDER_CONTEXT_V2_URL);
     return this;
   }
   // Defines the qrcode for the document.
   qrCode(method) {
     if (this.isSigned) throw new Error("Configuration Error: Document is already signed.");
     this.document.qrCode = method;
-    this.addContext("https://trustvc.io/context/qrcode-context.json");
+    this.addContext(w3cContext.QRCODE_CONTEXT_URL);
     return this;
   }
   // Sign the document using the provided private key and an optional cryptographic suite.
-  async sign(privateKey, cryptoSuite) {
+  async sign(privateKey, cryptoSuite, options) {
     if (this.isSigned) throw new Error("Configuration Error: Document is already signed.");
     if (this.selectedStatusType) {
       this.document.credentialStatus = this.statusConfig;
@@ -119,16 +122,36 @@ class DocumentBuilder {
       await this.verifyTokenRegistry();
     }
     this.document.issuer = privateKey.id.split("#")[0];
-    this.document.issuanceDate = this.document.issuanceDate || (/* @__PURE__ */ new Date()).toISOString();
-    this.addContext("https://w3id.org/security/bbs/v1");
-    const signedVC = await w3c.signW3C(this.document, privateKey, cryptoSuite);
+    this.document.validFrom = this.document.validFrom || (/* @__PURE__ */ new Date()).toISOString();
+    if (!cryptoSuite || cryptoSuite === "ecdsa-sd-2023") {
+      this.addContext(w3cContext.DATA_INTEGRITY_V2_URL);
+    } else {
+      this.addContext(w3cContext.BBS_V1_URL);
+    }
+    const signedVC = await w3c.signW3C(this.document, privateKey, cryptoSuite, options);
     if (signedVC.error) throw new Error(`Signing Error: ${signedVC.error}`);
     this.isSigned = true;
     return signedVC.signed;
   }
+  async derive(revealedAttributes) {
+    if (!this.isSigned) throw new Error("Configuration Error: Document is not signed yet.");
+    if (this.isDerived) throw new Error("Configuration Error: Document is already derived.");
+    const derivedCredential = await w3c.deriveW3C(
+      this.document,
+      revealedAttributes
+    );
+    if (derivedCredential.error) throw new Error(`Derivation Error: ${derivedCredential.error}`);
+    this.document = derivedCredential.derived;
+    this.isDerived = true;
+    return derivedCredential.derived;
+  }
   // Verify the document.
   async verify() {
     if (!this.isSigned) throw new Error("Verification Error: Document is not signed yet.");
+    const cryptosuite = this.document?.proof?.cryptosuite;
+    if (cryptosuite === w3cIssuer.CryptoSuite.EcdsaSd2023 && !this.isDerived) {
+      throw new Error("Verification Error: Document is not derived yet. Use derive() first.");
+    }
     const verificationResult = await w3c.verifyW3CSignature(
       this.document
     );
@@ -167,10 +190,11 @@ class DocumentBuilder {
   }
   // Private helper method to build the context for the document, ensuring uniqueness and adding the default W3C context.
   buildContext(context) {
-    return [
-      "https://www.w3.org/2018/credentials/v1",
-      ...Array.isArray(context) ? context : context ? [context] : []
-    ].filter((v, i, a) => a.indexOf(v) === i);
+    const arrayContext = Array.isArray(context) ? context : context ? [context] : [];
+    if (arrayContext.includes(w3cContext.VC_V1_URL)) {
+      throw new Error("Document builder does not support data model v1.1.");
+    }
+    return [w3cContext.VC_V2_URL, ...arrayContext].filter((v, i, a) => a.indexOf(v) === i);
   }
   // Private helper method to add a new context to the document if it does not already exist.
   addContext(context) {

package/dist/cjs/open-attestation/utils.js

@@ -12,7 +12,6 @@ const {
   isSignedWrappedV3Document,
   isRawV2Document,
   isRawV3Document,
-  isObfuscated,
   getDocumentData,
   getIssuerAddress,
   diagnose,
@@ -49,7 +48,6 @@ exports.getDocumentData = getDocumentData;
 exports.getIssuerAddress = getIssuerAddress;
 exports.getTemplateURL = getTemplateURL;
 exports.isDocumentRevokable = isDocumentRevokable;
-exports.isObfuscated = isObfuscated;
 exports.isRawV2Document = isRawV2Document;
 exports.isRawV3Document = isRawV3Document;
 exports.isSignedWrappedV2Document = isSignedWrappedV2Document;

package/dist/cjs/utils/documents/index.js

@@ -73,9 +73,36 @@ const getChainId = /* @__PURE__ */ __name((document) => {
     return void 0;
   }
 }, "getChainId");
+const isObfuscated = /* @__PURE__ */ __name((document) => {
+  if (openAttestation.isWrappedV3Document(document)) {
+    return !!document.proof.privacy?.obfuscated?.length;
+  }
+  if (openAttestation.isWrappedV2Document(document)) {
+    return !!document.privacy?.obfuscatedData?.length;
+  }
+  if (vc.isSignedDocument(document)) {
+    return document.proof?.type === "BbsBlsSignatureProof2020";
+  }
+  throw new Error(
+    "Unsupported document type: Can only check if there are obfuscated data from wrapped OpenAttestation v2, v3 documents and signed verifiable credentials."
+  );
+}, "isObfuscated");
+const getObfuscatedData = /* @__PURE__ */ __name((document) => {
+  if (openAttestation.isWrappedV3Document(document)) {
+    return document.proof.privacy?.obfuscated;
+  }
+  if (openAttestation.isWrappedV2Document(document)) {
+    return document.privacy?.obfuscatedData || [];
+  }
+  throw new Error(
+    "Unsupported document type: Can only retrieve obfuscated data from wrapped OpenAttestation v2 & v3 documents."
+  );
+}, "getObfuscatedData");
 
 exports.getChainId = getChainId;
+exports.getObfuscatedData = getObfuscatedData;
 exports.getTokenId = getTokenId;
 exports.getTokenRegistryAddress = getTokenRegistryAddress;
 exports.getTransferableRecordsCredentialStatus = getTransferableRecordsCredentialStatus;
+exports.isObfuscated = isObfuscated;
 exports.isTransferableRecord = isTransferableRecord;