Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

@digitalbazaar/data-integrity

digitalbazaar13.5kBSD-3-Clause2.5.0

Data Integrity Proof library for use with jsonld-signatures.

readme

Data Integrity library (@digitalbazaar/data-integrity)

Build status Coverage status NPM Version

DataIntegrity library for use with cryptosuites and jsonld-signatures.

Table of Contents

Background

For use with https://github.com/digitalbazaar/jsonld-signatures v11.0 and above.

See also related specs:

Security

TBD

Install

  • Browsers and Node.js 18+ are supported.

To install from NPM:

npm install @digitalbazaar/data-integrity

To install locally (for development):

git clone https://github.com/digitalbazaar/data-integrity.git
cd data-integrity
npm install

Usage

The following code snippet provides a complete example of digitally signing a verifiable credential using this library:

import * as Ed25519Multikey from '@digitalbazaar/ed25519-multikey';
import {DataIntegrityProof} from '@digitalbazaar/data-integrity';
import {cryptosuite as eddsa2022CryptoSuite} from
  '@digitalbazaar/eddsa-2022-cryptosuite';
import jsigs from 'jsonld-signatures';
const {purposes: {AssertionProofPurpose}} = jsigs;


// create the unsigned credential
const unsignedCredential = {
  '@context': [
    'https://www.w3.org/2018/credentials/v1',
    {
      AlumniCredential: 'https://schema.org#AlumniCredential',
      alumniOf: 'https://schema.org#alumniOf'
    }
  ],
  id: 'http://example.edu/credentials/1872',
  type: [ 'VerifiableCredential', 'AlumniCredential' ],
  issuer: 'https://example.edu/issuers/565049',
  issuanceDate: '2010-01-01T19:23:24Z',
  credentialSubject: {
    id: 'https://example.edu/students/alice',
    alumniOf: 'Example University'
  }
};

// create the keypair to use when signing
const controller = 'https://example.edu/issuers/565049';
const keyPair = await Ed25519Multikey.from({
  '@context': 'https://w3id.org/security/multikey/v1',
  type: 'Multikey',
  controller,
  id: controller + '#z6MkwXG2WjeQnNxSoynSGYU8V9j3QzP3JSqhdmkHc6SaVWoT',
  publicKeyMultibase: 'z6MkwXG2WjeQnNxSoynSGYU8V9j3QzP3JSqhdmkHc6SaVWoT',
  secretKeyMultibase: 'zrv3rbPamVDGvrm7LkYPLWYJ35P9audujKKsWn3x29EUiGwwhdZQd' +
    '1iHhrsmZidtVALBQmhX3j9E5Fvx6Kr29DPt6LH'
});

// export public key and add to document loader
const publicKey = await keyPair.export({publicKey: true, includeContext: true});
addDocumentToLoader({url: publicKey.id, document: publicKey});

// create key's controller document
const controllerDoc = {
  '@context': [
    'https://www.w3.org/ns/did/v1',
    'https://w3id.org/security/multikey/v1'
  ],
  id: controller,
  assertionMethod: [publicKey]
};
addDocumentToLoader({url: controllerDoc.id, document: controllerDoc});

// create suite
const suite = new DataIntegrityProof({
  signer: keyPair.signer(), cryptosuite: eddsa2022CryptoSuite
});

// create signed credential
const signedCredential = await jsigs.sign(unsignedCredential, {
  suite,
  purpose: new AssertionProofPurpose(),
  documentLoader
});

// results in the following signed VC
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    {
      "AlumniCredential": "https://schema.org#AlumniCredential",
      "alumniOf": "https://schema.org#alumniOf"
    },
    "https://w3id.org/security/data-integrity/v2"
  ],
  "id": "http://example.edu/credentials/1872",
  "type": [
    "VerifiableCredential",
    "AlumniCredential"
  ],
  "issuer": "https://example.edu/issuers/565049",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "https://example.edu/students/alice",
    "alumniOf": "Example University"
  },
  "proof": {
    "type": "DataIntegrityProof",
    "created": "2022-09-06T21:29:24Z",
    "verificationMethod": "https://example.edu/issuers/565049#z6MkwXG2WjeQnNxSoynSGYU8V9j3QzP3JSqhdmkHc6SaVWoT",
    "cryptosuite": "eddsa-2022",
    "proofPurpose": "assertionMethod",
    "proofValue": "zakT6XP6P7ZVAGJKjvnVi1YjC96RufyeasEEMkDQrCkvMnG3QeAqBuoVoWAWkEEd5w8FATEigPA5788ByuwnCZrd"
  }
}

Note: To create or verify proofs using legacy draft data integrity suites, you must pass legacyContext: true when creating a DataIntegrityProof instance; this will cause the appropriate legacy data integrity context ( https://w3id.org/security/data-integrity/v1) to be used.

Contribute

See the contribute file!

PRs accepted.

If editing the Readme, please conform to the standard-readme specification.

Commercial Support

Commercial support for this library is available upon request from Digital Bazaar: support@digitalbazaar.com

License

New BSD License (3-clause) © 2022 Digital Bazaar

changelog

@digitalbazaar/data-integrity Changelog

2.5.0 - 2024-09-06

Added

  • verifyProof() now checks that expires, if present, is properly formatted.

2.4.0 - 2024-09-05

Added

  • verifyProof() now checks that created, if present, is properly formatted.

2.3.0 - 2024-08-26

Changed

  • Ensure verificationMethod is passed to createVerifyData.

2.2.0 - 2024-08-01

Changed

2.1.0 - 2024-02-13

Added

  • Add option to pass date: null to the DataIntegrityProof constructor, preventing an auto-generated date from being set as the value of the proof.created property.

2.0.0 - 2023-11-13

Added

  • Add legacyContext flag to allow use of legacy context https://w3id.org/security/data-integrity/v1.

Changed

  • BREAKING: Update default this.contextUrl to point to https://w3id.org/security/data-integrity/v2.
  • BREAKING: Drop support for Node.js < 18.

1.5.0 - 2023-11-06

Changed

  • Refactor algorithm check to accommodate requiredAlgorithm represented as array.

1.4.1 - 2023-08-02

Fixed

  • Change JSON-LD context fallback in canonizeProof to the document's @context, adding the suite context only if necessary. This ensures that the canonicalized proof is identical in both issuance and verification.

1.4.0 - 2023-05-21

Added

  • Allow the VCDM 2.0 context to be used as an alternative to the data integrity context for simpler usage with 2.0 VCs.

1.3.1 - 2023-05-17

Fixed

  • Ensure custom createVerifyData is called in verifyProof.

1.3.0 - 2023-05-13

Added

  • Add support for derive function to be implemented by the given cryptosuite. The derive function is used to derive a new document with a new proof based on an existing document (and proof). The derive function will be used when calling derive from jsonld-signatures.
  • Enable cryptosuite to provide custom createVerifyData. If provided, the cryptosuite's function will be called passing the cryptosuite instance (that was given to the DataIntegrityProof constructor) and the dataIntegrityProof instance along with the usual parameters for that function. The resulting verify data may be either a Uint8Array or an object that will be understood by a compatible signer, verifier, or createProofValue custom function.
  • Enable cryptosuite to provide custom createProofValue. If provided, the cryptosuite's function will be called passing the cryptosuite instance (that was given to the DataIntegrityProof constructor) and the dataIntegrityProof instance along with the created verifyData, document, proof, proofSet, and documentLoader. The verifyData will be either a Uint8Array or an object based on the default createVerifyData function or a custom one if the cryptosuite also provides it.

1.2.0 - 2023-04-14

Added

  • Add matchProof() to override the one in LinkedDataProof to check cryptosuite value.

1.1.0 - 2022-09-20

Added

  • Assertion method validation is to be handled by cryptosuites that are responsible for creating verifier interfaces. This assertion work was being duplicated in this library but it must already be done by the cryptosuite responsible for converting a verification method to a verifier interface so it has been removed. Additionally, the assertion work being done in this library was too restrictive; not allowing cryptosuites to convert key types as needed. This library now relinquishes all validation to the cryptosuite.createVerifier method provided.

1.0.0 - 2022-09-08

Added

  • Initial version.