PoC application to issue Verifiable Credentials.
This project is part of the 'Generieke Functies' project of the Ministry of Health, Welfare and Sport of the Dutch government.
Important
This project and all associated code serve solely as documentation and demonstration purposes to illustrate potential system communication patterns and architectures.
This codebase:
- Is NOT intended for production use
- Does NOT represent a final specification
- Should NOT be considered feature-complete or secure
- May contain errors, omissions, or oversimplified implementations
- Has NOT been tested or hardened for real-world scenarios
- Is not guaranteed to follow any versioning scheme
The code examples are only meant to help understand concepts and demonstrate possibilities.
By using or referencing this code, you acknowledge that you do so at your own risk and that the authors assume no liability for any consequences of its use.
Quickstart
The easiest way to get started is by using the example-setup. See the example-setup README for prerequisites, configuration, and troubleshooting.
If you would like to run the generieke-issuer-portaal in laraval sail, follow the steps below.
Requirements:
- php
- composer
- npm
- openssl
Run the following commands to run this application.
cp .env.example .env
composer install
php artisan key:generate
openssl ecparam -name prime256v1 -genkey -noout -out secrets/key.pem
npm install
npm run build
vendor/bin/sail up -dThe application is available at http://localhost:8600/flow.
The wallet is available at http://localhost:8610.
It is possible to test the connection to the Issuer API using the following command:
sail artisan app:make-credentialTo sign credentials, the application uses a private key. This is currently only for development purposes. In production, the private key should be generated with a secure algorithm and should be stored in a secure location. The private key can be generated using the following command:
openssl ecparam -name prime256v1 -genkey -noout -out secrets/key.pemThe VC issuer uses external opensource services to issue credentials. The following services are used:
The application is able to issue credentials using the Issuer API of walt.id and it is possible to load the credential in the walt.id dev wallet.
The current implementation issues JSON-LD credentials that are secured with JOSE. This is based on the Securing Verifiable Credentials using JOSE and COSE specification. The used Issuer API also supports SD-JWT credentials.
The walt.id Verifier API is used to verify presented credentials, including revocation status checks against the StatusList credential provided by the revocation API. The following verification policies are applied: signature, expired, not-before for the Verifiable Presentation, and additionally revoked-status-list for the Verifiable Credentials.
As stated in the Disclaimer this project and all associated code serve solely as documentation and demonstration purposes to illustrate potential system communication patterns and architectures.
For that reason we will only accept contributions that fit this goal. We do appreciate any effort from the community, but because our time is limited it is possible that your PR or issue is closed without a full justification.
If you plan to make non-trivial changes, we recommend to open an issue beforehand where we can discuss your planned changes. This increases the chance that we might be able to use your contribution (or it avoids doing work if there are reasons why we wouldn't be able to use it).
Note that all commits should be signed using a gpg key.