createBbsCredential

The createBbsCredential function is an asynchronous method that generates a signed digital credential using BBS+ signatures. The credential conforms to the W3C Verifiable Credentials specification with additional mandatory and optional fields tailored to provide robust verification mechanisms.

​

Function Signature

export async function createBbsCredential(
  issuer: DIDWithKey,
  user: DID,
  credentials: Record<string, unknown>,
  type?: string[],
  validFrom?: Date,
  validUntil?: Date,
  options?: VerificationOptions,
  proofFunction?: (
    privateKey: string,
    publicKey: string,
    messages: Uint8Array[],
    mandatorySet: Set<string>,
    options: ProofOptions
  ) => Promise<Proof>,
  w3cBbs?: boolean
): Promise<SignedCredential>;

​

Parameters

• issuer (DIDWithKey): The digital identity of the credential issuer, including the public and private keys necessary for signing the credential.

• user (DID): The digital identity of the credential subject (the entity the credential is about).

• credentials (Record<string, unknown>): A collection of key-value pairs representing the attributes or claims about the credential subject.

• type (string[]): Types to be added to the credential.

• validFrom (Date, optional): Start date of the credential.

• validUntil (Date, optional): The expiration date of the credential. If not provided, the credential will not explicitly specify an expiration.

• options (VerificationOptions, optional): Additional options for creating the credential, such as information about revocation mechanisms, network details for blockchain-based identities, as well as a list of mandatory fields.

• proofFunction (Function, optional): A function that generates a proof for the credential.

• w3cBbs (boolean, optional): A parameter that defines whether the vc has to fully conform to w3c bbs standard and specifically have rdf serialization of the messages.

​

Returns

• Promise<SignedCredential>: A promise that resolves to an object representing the signed credential. This object includes all the data provided in the credentials parameter, along with metadata like issuance and expiration dates, and the cryptographic proof that verifies the authenticity and integrity of the credential.

## Signed Credential

export interface CredentialPayload {
  "@context": string[];
  extId: string;
  issuer: DIDString;
  credentialSubject: CredentialSubject;
  type: string[];
  validFrom?: string;
  validUntil?: string;
  credentialStatus?: unknown;
  proof: Proof;
}
export interface CredentialSubject {
  did: DIDString;
}

​

Exceptions

Throws an error if the signature type is unsupported or if the issuer’s identity type does not match the required type for the specified signature method (e.g., an issuer must be a BbsDID for BBS+ signatures).

import { BbsDID, createBbsCredential } from "@terminal3/bbs_vc";
import { DID, type VerificationOptions } from "@terminal3/vc_core";
import { ethers } from "ethers";

// Issuer's private key and setup
const issuerPrivateKey = "private_key_here";
const issuer = new BbsDID(issuerPrivateKey);

// Holder's DID
const holderDid = new DID("ethr", "0x.....");

// Creating a credential with BBS+ signature
const claims = { kyc: "passed" };
const revocationRegistryAddress = "0x77Fb69B24e4C659CE03fB129c19Ad591374C349e";
const didRegistryAddress = "0x312C15922c22B60f5557bAa1A85F2CdA4891C39a";
const provider = new ethers.JsonRpcProvider(process.env.BLOCKCHAIN_URL);
const options = {
  revocationRegistryAddress,
  provider,
  didRegistryAddress,
} as unknown as VerificationOptions;
const credential = await createBbsCredential(
  issuer,
  holderDid,
  claims,
  ["KYCCredential"],
  undefined,
  undefined,
  options
);

console.log("Credential Issued:", credential);