Skip to main content
European CommissionEBSI European Blockchain
Get Help

2. Issue VC to Onboard

Role: Trusted Issuer/Support Office

This step is performed by an existing Trusted Issuer or Support Office to issue onboarding credentials for new entities.

The verifiable authorisation to onboard is a verifiable credential that can be issued only by a Trusted Issuer registered in EBSI, and it allows the subject to register a DID Document in the DID Registry.

Prerequisites

Before issuing the onboarding credential, ensure you have:

  1. Existing Trusted Issuer status in EBSI
  2. Valid issuer credentials and permissions
  3. New entity's DID (obtained from Step 1)
  4. Accreditation URL for your issuer credentials

Load the issuer

Load the keys of the Trusted Issuer:

Command
==> using user ES256K did1 <ISSUER_PRIVATE_KEY_ES256K> <ISSUER_DID>
==> using user ES256 did1 <ISSUER_PRIVATE_KEY_ES256> <ISSUER_DID>

Before issuing the credential, run the following commands to set the user accreditation URL and accreditation ID.

Command
==> set user.accreditationUrl ACCREDITATION_URL
info

ACCREDITATION_URL is the link (located in the Trusted Issuers Registry) to the credential that authorises the entity to issue other credentials.

Now connect the wallet with the pilot environment:

Command
==> env pilot

Define VC payload

Create a JSON file with this payload and fill it accordingly:

{
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "type": [
    "VerifiableCredential",
    "VerifiableAttestation",
    "VerifiableAuthorisationToOnboard"
  ],
  "issuer": "did:ebsi:zZeKyEJfUTGwajhNyNX928z",
  "credentialSubject": {
    "id": "did:ebsi:zzcJJuM4Z4AUKdL8kdMEKNw",
    "accreditedFor": []
  },
  "termsOfUse": {
    "id": "https://api-pilot.ebsi.eu/trusted-issuers-registry/v5/issuers/did:ebsi:zZeKyEJfUTGwajhNyNX928z/attributes/cf89e47e260eda53bb199096ca97347790c84d2c8a5f2ce3f411eaba14d0003e",
    "type": "IssuanceCertificate"
  },
  "credentialSchema": {
    "id": "https://api-pilot.ebsi.eu/trusted-schemas-registry/v3/schemas/zDpWGUBenmqXzurskry9Nsk6vq2R8thh9VSeoRqguoyMD",
    "type": "FullJsonSchemaValidator2021"
  }
}

Now import it in the CLI tool:

Command
==> payloadVcOnboard: load path-to-file.json

Create and sign the VC

Finally, use this payload to create and sign the VC:

Command
==> compute createVcJwt payloadVcOnboard {} ES256

Please note that this credential is signed with the ES256 key, not the ES256K key.

Congratulations!

You have issued a verifiable credential to onboard. Now you can share the credential with the new entity so they can proceed to Step 3 (Register DID Document).

Script to issue a VC to onboard

The CLI tool is equipped with a script to simplify the process to issue a VerifiableAuthorisationToOnboard. First, setup your wallet and then run:

Command
==> run issueVcOnboard DID_SUBJECT