Skip to main content
European CommissionEBSI European Blockchain

Register a Trusted Issuer

Load the keys of the new issuer:

Command
==> using user ES256K did1 <ISSUER_PRIVATE_KEY_ES256K> <ISSUER_DID>
==> using user ES256 did1 <ISSUER_PRIVATE_KEY_ES256> <ISSUER_DID>

Now connect the wallet with the pilot environment and switch to the upcoming APIs:

Command
==> env pilot
==> version upcoming

Request a credential to be an issuer

For this step contact with the Trusted Issuer related to your use case. There are 3 basic types in EBSI: Root TAO, TAO, or TI. If you want to register a Root TAO then contact with Support Office to issue a "Verifiable Authorisation For Trust Chain".

The verifiable credential should contain your DID and a reservedAttributeId in the credentialSubject.

Apart from issuing the credential, Support Office (or the respective parent issuer) should make the pre-registration of the new issuer in the Trusted Issuers Registry. To check it run the following command, you should see an empty attribute:

Command
==> tir get /issuers/ user.did
Output
{
"did": "did:ebsi:zy8Psj9ez9wrsSZ7vrHE221",
"attributes": [
{
"hash": "b84fc4439b46ab5f2c9800e97b2edabfd1bdc83b4778ad1cec3cd92c7cc93bb4",
"body": "",
"issuerType": "TI",
"tao": "did:ebsi:zZeKyEJfUTGwajhNyNX928z",
"rootTao": "did:ebsi:zZeKyEJfUTGwajhNyNX928z"
}
]
}

Request an access token

In this step you will request an access token to the authorisation API. If this is the first time you register a Trusted issuer request an access token with scope tir_invite and present the credential. If the issuer already exists then request an access token with scope tir_write (in this case there is no need to present a credential):

Command
# For first time
==> resAuthTIR: authorisation auth tir_invite_presentation ES256 vcIssuer

# For existing issuers
==> resAuthTIR: authorisation auth tir_write_presentation ES256

Now load the access token:

Command
using token resAuthTIR.access_token

Register the credential

To register the credential run:

Command
==> tir setAttributeData user.did <RESERVED_ATTRIBUTE_ID> <VC_ISSUER>

You can get the reserved attribute ID from the verifiable credential.

Finally, verify that the credential is registered:

Command
==> tir get /issuers/ user.did
Output
{
"did": "did:ebsi:zy8Psj9ez9wrsSZ7vrHE221",
"attributes": [
{
"hash": "fb7be957fcc15a506ce3a5ea403823ee5f81ccbe92fd288c91d3ded95828e0c9",
"body": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRpZDplYnNpOnpaZUt5RUpmVVRHd2FqaE55Tlg5Mjh6I1NvMUhJUnQwS3FmMF9CU3dxdjRWTU5na2F4M21DRjlJamNRSndNbkIzYnMifQ.eyJpYXQiOjE3MDAyMjk5NDksImp0aSI6InVybjp1dWlkOjY2MDI3ZmY4LThmNGQtNGFhNi1iOGJjLTY1ZGQ5YmNlYTMxMSIsIm5iZiI6MTcwMDIyOTk0OSwiZXhwIjoxNzMxNzY1OTQ5LCJzdWIiOiJkaWQ6ZWJzaTp6eThQc2o5ZXo5d3JzU1o3dnJIRTIyMSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImlkIjoidXJuOnV1aWQ6NjYwMjdmZjgtOGY0ZC00YWE2LWI4YmMtNjVkZDliY2VhMzExIiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIlZlcmlmaWFibGVBdHRlc3RhdGlvbiIsIlZlcmlmaWFibGVBY2NyZWRpdGF0aW9uIiwiVmVyaWZpYWJsZUFjY3JlZGl0YXRpb25Ub0F0dGVzdCJdLCJpc3N1ZXIiOiJkaWQ6ZWJzaTp6WmVLeUVKZlVUR3dhamhOeU5YOTI4eiIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMTEtMTdUMTQ6MDU6NDlaIiwiaXNzdWVkIjoiMjAyMy0xMS0xN1QxNDowNTo0OVoiLCJ2YWxpZEZyb20iOiIyMDIzLTExLTE3VDE0OjA1OjQ5WiIsImV4cGlyYXRpb25EYXRlIjoiMjAyNC0xMS0xNlQxNDowNTo0OVoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDplYnNpOnp5OFBzajllejl3cnNTWjd2ckhFMjIxIiwiYWNjcmVkaXRlZEZvciI6W3sic2NoZW1hSWQiOiJodHRwczovL2FwaS1waWxvdC5lYnNpLmV1L3RydXN0ZWQtc2NoZW1hcy1yZWdpc3RyeS92My9zY2hlbWFzL3ozTWdVRlVrYjcyMnVxNHgzZHY1eUFKbW5ObXpERmVLNVVDOHg4M1FvZUxKTSIsInR5cGVzIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF0dGVzdGF0aW9uIiwiQ1RSZXZvY2FibGUiXSwibGltaXRKdXJpc2RpY3Rpb24iOiJodHRwczovL3B1YmxpY2F0aW9ucy5ldXJvcGEuZXUvcmVzb3VyY2UvYXV0aG9yaXR5L2F0dS9FVVIifV0sInJlc2VydmVkQXR0cmlidXRlSWQiOiJiODRmYzQ0MzliNDZhYjVmMmM5ODAwZTk3YjJlZGFiZmQxYmRjODNiNDc3OGFkMWNlYzNjZDkyYzdjYzkzYmI0In0sInRlcm1zT2ZVc2UiOnsiaWQiOiJodHRwczovL2FwaS1waWxvdC5lYnNpLmV1L3RydXN0ZWQtaXNzdWVycy1yZWdpc3RyeS92NS9pc3N1ZXJzL2RpZDplYnNpOnpaZUt5RUpmVVRHd2FqaE55Tlg5Mjh6L2F0dHJpYnV0ZXMvY2Y4OWU0N2UyNjBlZGE1M2JiMTk5MDk2Y2E5NzM0Nzc5MGM4NGQyYzhhNWYyY2UzZjQxMWVhYmExNGQwMDAzZSIsInR5cGUiOiJJc3N1YW5jZUNlcnRpZmljYXRlIn0sImNyZWRlbnRpYWxTY2hlbWEiOnsiaWQiOiJodHRwczovL2FwaS1waWxvdC5lYnNpLmV1L3RydXN0ZWQtc2NoZW1hcy1yZWdpc3RyeS92My9zY2hlbWFzL3ozTWdVRlVrYjcyMnVxNHgzZHY1eUFKbW5ObXpERmVLNVVDOHg4M1FvZUxKTSIsInR5cGUiOiJGdWxsSnNvblNjaGVtYVZhbGlkYXRvcjIwMjEifX0sImlzcyI6ImRpZDplYnNpOnpaZUt5RUpmVVRHd2FqaE55Tlg5Mjh6In0.xx2750myIbG9ojkycuHEg9ZSHDCQ1ZJuYKFE59GdlxwD0Ehe75mtVA7z1FAiCpkxkjLBZ9RV_4RBlxyL0ij4OQ",
"issuerType": "TI",
"tao": "did:ebsi:zZeKyEJfUTGwajhNyNX928z",
"rootTao": "did:ebsi:zZeKyEJfUTGwajhNyNX928z"
}
]
}
Congratulations!

You registered an issuer in the Trusted Issuers Registry

Script to register a credential

The CLI tool is equipped with a script to simplify the process to register a verifible credential. First, setup your wallet and then run:

Command
==> run registerIssuer VERIFIABLE_CREDENTIAL