Skip to main content
European CommissionEBSI European Blockchain

Issue VC/VP for TNL

The Trusted Nodes List is a list of the active node operators that have been onboarded by the Support Office. The list will be generated and signed by the Support Office before being reviewed and also signed by the Service Ops Manager. Once signed by both entities, it will be made available to the public on different channels. Here is a guide on how to issue the credential and the presentation.

Load user of Support Office

Load the keys of Support Office and accreditation:

Command
==> using user ES256 did1 hardwarewallet
note

It's recommended to use a hardware wallet to sign this credential. For the installation follow the instructions here.

Now connect the wallet with the pilot environment:

Command
==> env pilot

Define VC payload

Create a JSON file with the list of nodes:

[
{
"apis": "https://api-pilot.ebsi.stsisp.ro",
"explorer": "https://blockexplorer-pilot.ebsi.stsisp.ro",
"country": "rou"
},
{
"apis": "https://api-pilot.ebsi.fnmt.es",
"country": "esp"
}
]

Import the template for the Verifiable Credential and import the list of nodes:

Command
==> payloadVcTnl: load assets/TrustedNodesList.json
==> nodes: load path-to-nodes-file.json

Check the status of the nodes (check the content of resultHealth to see which parts of the nodes are ok and which ones fail):

Command
==> resultHealth: tnl healthNodes nodes

Fill the template:

Command
# set Service Ops Manager
==> set payloadVcTnl.credentialSubject.id SET_SERVICE_OPS_MANAGER

# environment: test, pilot, preprod, or prod
==> set payloadVcTnl.credentialSubject.environment SET_ENV

# set chainId (test: 6175, pilot: 6179)
==> set payloadVcTnl.credentialSubject.chainId SET_CHAIN_ID

# set version
==> set payloadVcTnl.credentialSubject.version SET_TNL_VERSION

# set nodes
==> nodesTotal: compute length resultHealth.nodesOk
==> set payloadVcTnl.credentialSubject.nodesTotal nodesTotal
==> set payloadVcTnl.credentialSubject.nodes resultHealth.nodesOk

# Other updates
==> set payloadVcTnl.termsOfUse.id user.accreditationUrl
==> set payloadVcTnl.credentialSchema.id ebsi: payloadVcTnl.credentialSubject.environment :trusted-schemas-registry:/schemas/zDjVp7fDTKbhqFUuCSQ7tvxGMPjns8KeyqfMSFUREuyq8

Create and sign the VC

Finally, use this payload to create and sign the VC:

Command
==> compute createVcJwt payloadVcTnl {} ES256

Please note that this credential is signed with the ES256 key, not the ES256K key.

Congratulations!

You have issued a verifiable credential for Trusted Nodes List. Now you can share the credential with the Service Ops Manager to validate it.

Load user of the Service Ops Manager

Load the keys of Support Office and accreditation:

Command
==> using user ES256 did1 hardwarewallet
note

It's recommended to use a hardware wallet to sign this credential. For the installation follow the instructions here.

Now connect the wallet with the pilot environment:

Command
==> env pilot

Verify the VC

Run the following command to verify the credential:

Command
==> compute verifyVcJwt PUT_VC_HERE
Verifiable Credential is valid

To see the content of the credential run:

Command
==> compute decodeJWT PUT_VC_HERE

Create a VP

Run the following command to create a Verifiable Presentation containing the Verifiable Credential issued by Support Office:

Command
==> set jwtPayload {"aud":"any"}
==> expiration: compute epochtime 2030-12-31
==> set jwtPayload.exp expiration
==> compute createVpJwt vcTnl {} jwtPayload ES256

Note that we are setting audience as "any" to target a generic audience, and the expiration in 2030 (update this date if required).

Congratulations!

You have issued a verifiable presentation for Trusted Nodes List. Now publish it in the respective channels.

Export keys

Both Support Office and the Service Ops Manager need to export the keys and publish them in the respective channels. For that they can use the export command in the cli:

==> thumbprint: compute thumbprint user.keys.ES256.publicKeyJwk
==> set fileJwk thumbprint .jwk
==> set filePem thumbprint .pem
==> export user.keys.ES256.publicKeyJwk fileJwk
==> export user.keys.ES256.publicKeyPem filePem
Congratulations!

You have exported your keys. Both files will be located in the current working directory.