Skip to main content
European CommissionEBSI European Blockchain

Register a Trusted Issuer

Load the keys of the new issuer:

Command
==> using user ES256K did1 <ISSUER_PRIVATE_KEY_ES256K> <ISSUER_DID>
==> using user ES256 did1 <ISSUER_PRIVATE_KEY_ES256> <ISSUER_DID>

Now connect the wallet with the pilot environment:

Command
==> env pilot

Request a credential to be an issuer

For this step contact with the Trusted Issuer related to your use case. There are 3 basic types in EBSI: Root TAO, TAO, or TI. If you want to register a Root TAO then contact with Support Office to issue a "Verifiable Authorisation For Trust Chain".

The verifiable credential should contain your DID and a reservedAttributeId in the credentialSubject.

Apart from issuing the credential, Support Office (or the respective parent issuer) should make the pre-registration of the new issuer in the Trusted Issuers Registry. To check it run the following command, you should see an empty attribute:

==> tir get /issuers/ user.did
Output
{
"did": "did:ebsi:zzcJJuM4Z4AUKdL8kdMEKNw",
"attributes": [
{
"hash": "4ec090a8a660a4bd431cc6d5e50b229cf0812ea8b8f4f642c2f3ad69eb84375f",
"body": "",
"issuerType": "TI",
"tao": "did:ebsi:zZeKyEJfUTGwajhNyNX928z",
"rootTao": "did:ebsi:zZeKyEJfUTGwajhNyNX928z"
}
]
}

Request an access token

In this step you will request an access token to the authorisation API. If this is the first time you register a Trusted Issuer request an access token with scope tir_invite and present the credential. If the issuer already exists then request an access token with scope tir_write (in this case there is no need to present a credential):

Command
# For first time
==> resAuthTIR: authorisation auth tir_invite_presentation ES256 <VC_ISSUER>

# For existing issuers
==> resAuthTIR: authorisation auth tir_write_presentation ES256

Now load the access token:

==> using token resAuthTIR.access_token

Register the credential

To register the credential run:

Command
==> tir setAttributeData user.did <RESERVED_ATTRIBUTE_ID> <VC_ISSUER>

You can get the reserved attribute ID from the verifiable credential.

Finally, verify that the credential is registered:

Command
==> tir get /issuers/ user.did
Output
{
"did": "did:ebsi:zzcJJuM4Z4AUKdL8kdMEKNw",
"attributes": [
{
"hash": "06bcfc35a6c342bd12d9975df3de5a2659e70318f208999341bc634006e32233",
"body": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRpZDplYnNpOnpaZUt5RUpmVVRHd2FqaE55Tlg5Mjh6I2tleXMtMiJ9.eyJpYXQiOjE3MDAyMjc0NjMsImp0aSI6InVybjp1dWlkOmQzNDQzMmFkLWQzZjgtNDhhYy05NjBkLTNjNTgzYzAwMDdiZSIsIm5iZiI6MTcwMDIyNzQ2MywiZXhwIjoxNzMxNzYzNDYzLCJzdWIiOiJkaWQ6ZWJzaTp6emNKSnVNNFo0QVVLZEw4a2RNRUtOdyIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImlkIjoidXJuOnV1aWQ6ZDM0NDMyYWQtZDNmOC00OGFjLTk2MGQtM2M1ODNjMDAwN2JlIiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIlZlcmlmaWFibGVBdHRlc3RhdGlvbiIsIlZlcmlmaWFibGVBY2NyZWRpdGF0aW9uIiwiVmVyaWZpYWJsZUFjY3JlZGl0YXRpb25Ub0F0dGVzdCJdLCJpc3N1ZXIiOiJkaWQ6ZWJzaTp6WmVLeUVKZlVUR3dhamhOeU5YOTI4eiIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMTEtMTdUMTM6MjQ6MjNaIiwiaXNzdWVkIjoiMjAyMy0xMS0xN1QxMzoyNDoyM1oiLCJ2YWxpZEZyb20iOiIyMDIzLTExLTE3VDEzOjI0OjIzWiIsImV4cGlyYXRpb25EYXRlIjoiMjAyNC0xMS0xNlQxMzoyNDoyM1oiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDplYnNpOnp6Y0pKdU00WjRBVUtkTDhrZE1FS053IiwiYWNjcmVkaXRlZEZvciI6W3sic2NoZW1hSWQiOiJodHRwczovL2FwaS1waWxvdC5lYnNpLmV1L3RydXN0ZWQtc2NoZW1hcy1yZWdpc3RyeS92Mi9zY2hlbWFzL3ozTWdVRlVrYjcyMnVxNHgzZHY1eUFKbW5ObXpERmVLNVVDOHg4M1FvZUxKTSIsInR5cGVzIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF0dGVzdGF0aW9uIiwiQ1RSZXZvY2FibGUiXSwibGltaXRKdXJpc2RpY3Rpb24iOiJodHRwczovL3B1YmxpY2F0aW9ucy5ldXJvcGEuZXUvcmVzb3VyY2UvYXV0aG9yaXR5L2F0dS9FVVIifV0sInJlc2VydmVkQXR0cmlidXRlSWQiOiI0ZWMwOTBhOGE2NjBhNGJkNDMxY2M2ZDVlNTBiMjI5Y2YwODEyZWE4YjhmNGY2NDJjMmYzYWQ2OWViODQzNzVmIn0sInRlcm1zT2ZVc2UiOnsiaWQiOiJodHRwczovL2FwaS1waWxvdC5lYnNpLmV1L3RydXN0ZWQtaXNzdWVycy1yZWdpc3RyeS92NC9pc3N1ZXJzL2RpZDplYnNpOnpaZUt5RUpmVVRHd2FqaE55Tlg5Mjh6L2F0dHJpYnV0ZXMvMTRiZDBkMjZmM2IwNWQ4MjViOTFjZWRlOGIzMTA2OGY0ZDNhM2RmZGE3NjczZTdkMzZlY2ZlOWY5ZDQwMjUwOSIsInR5cGUiOiJJc3N1YW5jZUNlcnRpZmljYXRlIn0sImNyZWRlbnRpYWxTY2hlbWEiOnsiaWQiOiJodHRwczovL2FwaS1waWxvdC5lYnNpLmV1L3RydXN0ZWQtc2NoZW1hcy1yZWdpc3RyeS92Mi9zY2hlbWFzL3ozTWdVRlVrYjcyMnVxNHgzZHY1eUFKbW5ObXpERmVLNVVDOHg4M1FvZUxKTSIsInR5cGUiOiJGdWxsSnNvblNjaGVtYVZhbGlkYXRvcjIwMjEifX0sImlzcyI6ImRpZDplYnNpOnpaZUt5RUpmVVRHd2FqaE55Tlg5Mjh6In0.51wxF6sasQeNmWt-f8uDhek_To8V3qpzudnZX2COe5t6j8H07lMH6coYVWuQm5xqx09zSNJ0NVm-uSWeBcUCqA",
"issuerType": "TI",
"tao": "did:ebsi:zZeKyEJfUTGwajhNyNX928z",
"rootTao": "did:ebsi:zZeKyEJfUTGwajhNyNX928z"
}
]
}
Congratulations!

You registered an issuer in the Trusted Issuers Registry

Script to register a credential

The CLI tool is equipped with a script to simplify the process to register a verifible credential. First, setup your wallet and then run:

Command
==> run registerIssuer VERIFIABLE_CREDENTIAL