The Trusted Nodes List is a list of the active node operators that have been onboarded by the Support Office. The list will be generated and signed by the Support Office before being reviewed and also signed by the Service Ops Manager. Once signed by both entities, it will be made available to the public on different channels. Here is a guide on how to issue the credential and the presentation.
Load user of Support Office
Load the keys of Support Office and accreditation:
==> using user ES256 did1 hardwarewallet
It's recommended to use a hardware wallet to sign this credential. For the installation follow the instructions here.
Now connect the wallet with the pilot environment:
==> env pilot
Define VC payload
Create a JSON file with the list of nodes:
[
{
"apis": "https://api-pilot.ebsi.stsisp.ro",
"explorer": "https://blockexplorer-pilot.ebsi.stsisp.ro",
"country": "rou"
},
{
"apis": "https://api-pilot.ebsi.fnmt.es",
"country": "esp"
}
]
Import the template for the Verifiable Credential and import the list of nodes:
==> payloadVcTnl: load assets/TrustedNodesList.json
==> nodes: load path-to-nodes-file.json
Check the status of the nodes (check the content of resultHealth to see which parts of the nodes are ok and which ones fail):
==> resultHealth: tnl healthNodes nodes
Fill the template:
# set Service Ops Manager
==> set payloadVcTnl.credentialSubject.id SET_SERVICE_OPS_MANAGER
# environment: test, pilot, preprod, or prod
==> set payloadVcTnl.credentialSubject.environment SET_ENV
# set chainId (test: 6175, pilot: 6179)
==> set payloadVcTnl.credentialSubject.chainId SET_CHAIN_ID
# set version
==> set payloadVcTnl.credentialSubject.version SET_TNL_VERSION
# set nodes
==> nodesTotal: compute length resultHealth.nodesOk
==> set payloadVcTnl.credentialSubject.nodesTotal nodesTotal
==> set payloadVcTnl.credentialSubject.nodes resultHealth.nodesOk
# Other updates
==> set payloadVcTnl.termsOfUse.id user.accreditationUrl
==> set payloadVcTnl.credentialSchema.id ebsi: payloadVcTnl.credentialSubject.environment :trusted-schemas-registry:/schemas/z6pHzVWcE9hygBq8UWRXXyR8nRst6rUXMKUkTjMoh3sfJ
Create and sign the VC
Finally, use this payload to create and sign the VC:
==> compute createVcJwt payloadVcTnl {} ES256
Please note that this credential is signed with the ES256 key, not the ES256K key.
You have issued a verifiable credential for Trusted Nodes List. Now you can share the credential with the Service Ops Manager to validate it.
Load user of the Service Ops Manager
Load the keys of Support Office and accreditation:
==> using user ES256 did1 hardwarewallet
It's recommended to use a hardware wallet to sign this credential. For the installation follow the instructions here.
Now connect the wallet with the pilot environment:
==> env pilot
Verify the VC
Run the following command to verify the credential:
==> compute verifyVcJwt PUT_VC_HERE
Verifiable Credential is valid
To see the content of the credential run:
==> compute decodeJWT PUT_VC_HERE
Create a VP
Run the following command to create a Verifiable Presentation containing the Verifiable Credential issued by Support Office:
==> set jwtPayload {"aud":"any"}
==> expiration: compute epochtime 2030-12-31
==> set jwtPayload.exp expiration
==> compute createVpJwt vcTnl {} jwtPayload ES256
Note that we are setting audience as "any" to target a generic audience, and the expiration in 2030 (update this date if required).
You have issued a verifiable presentation for Trusted Nodes List. Now publish it in the respective channels.
Export keys
Both Support Office and the Service Ops Manager need to export the keys and publish them in the respective channels. For that they can use the export command in the cli:
==> thumbprint: compute thumbprint user.keys.ES256.publicKeyJwk
==> set fileJwk thumbprint .jwk
==> set filePem thumbprint .pem
==> export user.keys.ES256.publicKeyJwk fileJwk
==> export user.keys.ES256.publicKeyPem filePem
You have exported your keys. Both files will be located in the current working directory.