diff --git a/docs/extensions/credentials/reclaim.md b/docs/extensions/credentials/reclaim.md new file mode 100644 index 0000000..094b4d5 --- /dev/null +++ b/docs/extensions/credentials/reclaim.md @@ -0,0 +1,150 @@ +--- +title: Reclaim Credential +sidebar_position: 5 +description: The Verida Wallet supports the Reclaim verifiable credentials. +keywords: + [ + Verida, + Reclaim protocol, + Zero Knowledge, + Credentials, + Verifiable Credentials, + ] +--- + +import AppleAppStore from '/img/app_store_apple.svg'; +import GooglePlay from '/img/play_store_google.svg'; + +# Reclaim Protocol credential + +The Verida Wallet supports Reclaim protocol verifiable credentials. This allows users to receive and store Reclaim credentials as well as reply to proof requests in a privacy-preserving way thanks to Reclaim Zero Knowledge technology. + +To learn more about Reclaim protocol, [check reclaim protocol official doc](https://docs.reclaimprotocol.org/) and head over to [Reclaim Protocol Whitepaper](https://docs.reclaimprotocol.org/whitepaper). + +## Wallet Users + +Users can install the Verida Wallet to receive verifiable credentials from Issuers using the Zero Knowledge technology. These credentials are stored in your Vault (your private and secured storage space on the Verida Network) and therefore shown in the Verida Wallet alongside other credentials. + +Verifiers can also send you Reclaim proof requests. The Verida Wallet will automatically generate the Zero-Knowledge proof (ZKP) for you and send it to the Verifier. The Zero-Knowledge proof means no data is actually shared with the Verifier, only the fact that you have a valid credential satisfying the request. + +## Request Reclaim credential + +This part is the same as [zkPass protocol](/docs/extensions/credentials/zkpass#request-zkpass-credential) + +## Issuing a Reclaim Protocol credential + +The [proof-connector](https://prove.verida.network/) app can issue Reclaim Protocol credential. +You need to provide `veridaDid` where generated credential will go to in the url. For example, the url can be like this: + +``` + https://prove.verida.network/add-credential?veridaDid=[veridaDid] + https://prove.verida.network/add-credential?veridaDid=[veridaDid]&schemaId=[reclaim schemaId] +``` + +### Available reclaim protocol schemas + +``` +Verify ownership of your Uber account: f3a4394b-191a-4889-9f5c-e0d70dc26fac +Verify ownership of your Kaggle account: c94476a0-8a75-4563-b70a-bf6124d7c59b +``` + +It redirects you to page where you select schemas. +Once you select schema from Reclaim protocol, you can start process to create credentials. + +![Reclaim Protocol credential issuer - Start generating](/img/extensions/reclaim/start-process.png) + +It will redirect you to the platform (For example: Uber, Kaggle) and the the process should start. +![Reclaim Protocol credential issuer](/img/extensions/reclaim/generating-proofs.png) + +Check [this](https://docs.reclaimprotocol.org/node/quickstart) documentation how to generate proofs using Reclaim Protocol. + +### Example code + +#### Generate requestUrl and statusUrl from reclaim protocol + +``` + import { Reclaim } from "@reclaimprotocol/js-sdk"; + + // You can create your app and schema from Reclaim protocol + const app_id = "..."; + const schema_id = "..."; + const APP_SECRET = "..."; + + const reclaimClient = new Reclaim.ProofRequest(app_id, uuidv4()); + + await reclaimClient.buildProofRequest(schema_id); + + reclaimClient.setSignature( + await reclaimClient.generateSignature(APP_SECRET) + ); + const { requestUrl, statusUrl } = await reclaimClient.createVerificationRequest(); + + return {requestUrl, statusUrl}; +``` + +#### Monitor statusUrl and send message to Verida Wallet + +``` +const veridaDid = "..."; + +fetch(statusUrl) + .then(async (res) => { + const data = await res.json(); + if (data.session.status == "Ok") { + const context = data.session.proofs[0].claimData.context; + if (context) { + try { + // send context to verida wallet + // Please refer https://developers.verida.network/docs/client-sdk/messaging#sending-messages-outbox + console.log('Message sent'); + } catch (err) { + console.log("Verida Message error: ", err); + } + } + } + }) +``` + +## Verifying a Reclaim Protocol credential + +The [proof-connector](https://prove.verida.network/verify) can verify a zero knowledge proof generated from a Reclaim Protocol credential stored in the user's Verida Wallet. More information is available in the [Reclaim Protocol Verification documentation](https://docs.reclaimprotocol.org/node/callback). + +![Reclaim Protocol credential verifier - Select Credential](/img/extensions/zkpass/select-credential.png) + +### Verify the proofs + +``` +import { Reclaim } from '@reclaimprotocol/js-sdk' + +app.post('/callback/', async (req, res) => { + const sessionId = req.query.callbackId + const proof = JSON.parse(decodeURIComponent(req.body)) + + const isProofVerified = await Reclaim.verifySignedProof(proof) + if (!isProofVerified) { + return res.status(400).send({ message: 'Proof verification failed' }) + } +}) + +``` + +### Verify the metadata + +``` +import { Reclaim } from '@reclaimprotocol/js-sdk' + +app.post('/callback/', async (req, res) => { + const sessionId = req.query.callbackId + const proof = JSON.parse(decodeURIComponent(req.body)) + + const isProofVerified = await ReclaimClient.verifySignedProof(proof) + if (!isProofVerified) { + return res.status(400).send({ message: 'Proof verification failed' }) + } + + const context = proof.claimData.context + const extractedParameterValues = proof.extractedParameterValues + + return res.status(200).send({ message: 'Proof verified' }) +}) +``` diff --git a/docs/extensions/credentials/zkpass.md b/docs/extensions/credentials/zkpass.md new file mode 100644 index 0000000..e9814d2 --- /dev/null +++ b/docs/extensions/credentials/zkpass.md @@ -0,0 +1,197 @@ +--- +title: zkPass Credential +sidebar_position: 4 +description: The Verida Wallet supports the zkPass verifiable credentials. +keywords: [Verida, zkPass, Zero Knowledge, Credentials, Verifiable Credentials] +--- + +import AppleAppStore from '/img/app_store_apple.svg'; +import GooglePlay from '/img/play_store_google.svg'; + +# zkPass credentials + +The Verida Wallet supports zkPass verifiable credentials. This allows users to receive and store zkPass credentials as well as reply to proof requests in a privacy-preserving way thanks to zkPass technology. + +To learn more about zkPass, [check zkPass official doc](https://zkpass.gitbook.io/zkpass/user-guides/overview) and head over to [zkPass developer documentation](https://zkpass.gitbook.io/zkpass/developer-guides/extension-js-sdk). + +## Wallet Users + +Users can install the Verida Wallet to receive verifiable credentials from Issuers using the Zero Knowledge technology. These credentials are stored in your Vault (your private and secured storage space on the Verida Network) and therefore shown in the Verida Wallet alongside other credentials. + +Verifiers can also send you zkPass proof requests. The Verida Wallet will automatically generate the Zero-Knowledge proof (ZKP) for you and send it to the Verifier. The Zero-Knowledge proof means no data is actually shared with the Verifier, only the fact that you have a valid credential satisfying the request. + +## Request zkPass credential + +You can request credential which is generated from zkPass protocol for your purpose. + +### Example code + +``` + const did = "..."; // Verida Did + // Get message object from verida context + const messaging = await context.getMessaging(); + + // setup a callback to show the response + await messaging.onMessage((data) => { + // This callback should be called once user shares credential + console.log('Received credentials: ', data); + }); + + const messageType = "inbox/type/dataRequest"; + const config = { + did, + recipientContextName: "Verida: Vault", + }; + const dataToSend = { + requestSchema: "https://common.schemas.verida.io/credential/base/v0.2.0/schema.json", + filter: { + $or: [ + { credentialSchema: "https://common.schemas.verida.io/credential/zkpass/v0.1.0/schema.json" } + ] + }, + userSelect: true, + }; + + // This is the DID the message will go to + const requestFromDID = did; + const messageSubject = "Please select your verifiable credential to verify", + + const res = await messaging.send( + requestFromDID, + messageType, + dataToSend, + msg.messageSubject, + config + ); + + console.log("Request sent"); +``` + +![Request zkPass credential from Verida Wallet](/img/extensions/zkpass/request-credential-process.png) + +## Issuing a zkPass credential + +You need to install [zkPass TransGate extension](https://zkpass.gitbook.io/zkpass/user-guides/transgate) to issue zkPass credentials. + +If you don't have credentials in your Verida Wallet, you can issue zkPass credential through the [proof-connector](https://prove.verida.network/). +You need to provide `veridaDid` where generated credential will go to in the url. For example, the url can be like this: + +``` + https://prove.verida.network/add-credential?veridaDid=[veridaDid] + https://prove.verida.network/add-credential?veridaDid=[veridaDid]&schemaId=[zkPass schemaId] +``` + +### Available zkPass schemas + +``` +Verify ownership of Uber account: ef39adb26c88439591279e25e7856b61 +Verify ownership of Discord account: c0519cf1b26c403096a6af51f41e3f8d +Verify ownership of Binance account: 556ed720e40c4fb48ea7545708e47c90 +Verify ownership of Bybit account: afc3447c5b0f48588db5640472691d37 +Verify ownership of KuCoin account: 01c1439e852f47aaa4f697cef14d3e94 +Verify ownership of MEXC account: d73e2c2227f642dcbade873ff2b09173 +Verify ownership of Gate account: a3b6bf7a231e45a582ffd0e50245c849 + +``` + +It redirects you to page where you select schemas. +Once you select schema from zkPass protocol, you can start process to create credentials. + +### Example code + +``` +import TransgateConnect from "@zkpass/transgate-js-sdk"; + +// You can create your own app in zkPass dashboard. +const ZKPASS_APP_ID = "bced693b-bedc-464c-8250-566743ff5855"; +// The schema Id for Uber account ownership verification +const schemaId = "ef39adb26c88439591279e25e7856b61"; + +// Create the connector instance +const connector = new TransgateConnect(ZKPASS_APP_ID); +// Check if the TransGate extension is installed +// If it returns false, please prompt to install it from chrome web store +const isAvailable = await connector.isTransgateAvailable(); +if (isAvailable) { + const res = await connector.launch(schemaId); + + return res; +} else { + throw new Error("You need to install zkPass extension"); +} +``` + +![zkPass credential issuer - Start generating](/img/extensions/zkpass/start-process.png) + +It will redirect you to the platform (For example: Binance) and once you click `Start` button in TransGate extension, the the process should start. +![zkPass credential issuer - TransGate](/img/extensions/zkpass/transgate.png) + +## Verifying a zkPass credential + +The [proof-connector](https://prove.verida.network/verify) can verify a zero knowledge proof generated from a zkPass credential stored in the user's Verida Wallet. More information is available in the [zkPass Verification documentation](https://zkpass.gitbook.io/zkpass/developer-guides/how-to-verify-the-result). + +![zkPass credential verifier - Select Credential](/img/extensions/zkpass/select-credential.png) + +### Example code + +``` +import Web3 from "web3"; +import { VeridaCredentialRecord } from "@verida/verifiable-credentials"; + +const web3 = new Web3(); +export const verifyZKProof = (proof: VeridaCredentialRecord): boolean => { + try { + const { credentialData } = proof; + const { + taskId, + zkPassSchemaId, + validatorAddress, + allocatorSignature, + uHash, + publicFields, + publicFieldsHash, + validatorSignature, + allocatorAddress + } = credentialData; + + // verify allocator signature + const taskIdHex = Web3.utils.stringToHex(taskId); + const schemaIdHex = Web3.utils.stringToHex(zkPassSchemaId); + const encodeParams = web3.eth.abi.encodeParameters( + ["bytes32", "bytes32", "address"], + [taskIdHex, schemaIdHex, validatorAddress] + ); + const paramsHash = Web3.utils.soliditySha3(encodeParams); + const signedAllocationAddress = web3.eth.accounts.recover( + paramsHash, + allocatorSignature + ); + + if (signedAllocationAddress !== allocatorAddress) { + return false; + } + + // verify validator signature + const encodeParamsForValidator = web3.eth.abi.encodeParameters( + ["bytes32", "bytes32", "bytes32", "bytes32"], + [taskIdHex, schemaIdHex, uHash, publicFieldsHash] + ); + const paramsHashForValidator = Web3.utils.soliditySha3( + encodeParamsForValidator + ); + const signedValidatorAddress = web3.eth.accounts.recover( + paramsHashForValidator, + validatorSignature + ); + + if (signedValidatorAddress !== validatorAddress) { + return false; + } + + return true; + } catch (err) { + console.log("something went wrong while verify result from zk: ", err); + return false; + } +}; +``` diff --git a/static/img/extensions/reclaim/generating-proofs.png b/static/img/extensions/reclaim/generating-proofs.png new file mode 100644 index 0000000..2c51665 Binary files /dev/null and b/static/img/extensions/reclaim/generating-proofs.png differ diff --git a/static/img/extensions/reclaim/start-process.png b/static/img/extensions/reclaim/start-process.png new file mode 100644 index 0000000..b6fd841 Binary files /dev/null and b/static/img/extensions/reclaim/start-process.png differ diff --git a/static/img/extensions/zkpass/request-credential-process.png b/static/img/extensions/zkpass/request-credential-process.png new file mode 100644 index 0000000..191a79b Binary files /dev/null and b/static/img/extensions/zkpass/request-credential-process.png differ diff --git a/static/img/extensions/zkpass/select-credential-solo.png b/static/img/extensions/zkpass/select-credential-solo.png new file mode 100644 index 0000000..8aeef33 Binary files /dev/null and b/static/img/extensions/zkpass/select-credential-solo.png differ diff --git a/static/img/extensions/zkpass/select-credential.png b/static/img/extensions/zkpass/select-credential.png new file mode 100644 index 0000000..02ca67c Binary files /dev/null and b/static/img/extensions/zkpass/select-credential.png differ diff --git a/static/img/extensions/zkpass/share-credential.png b/static/img/extensions/zkpass/share-credential.png new file mode 100644 index 0000000..68752a9 Binary files /dev/null and b/static/img/extensions/zkpass/share-credential.png differ diff --git a/static/img/extensions/zkpass/start-process.png b/static/img/extensions/zkpass/start-process.png new file mode 100644 index 0000000..826f7fa Binary files /dev/null and b/static/img/extensions/zkpass/start-process.png differ diff --git a/static/img/extensions/zkpass/transgate.png b/static/img/extensions/zkpass/transgate.png new file mode 100644 index 0000000..306a85f Binary files /dev/null and b/static/img/extensions/zkpass/transgate.png differ