TrustID is a production-grade, open-source decentralized identifier (DID) system built on the Algorand blockchain. It enables users to create, manage, and cryptographically verify credentials — with full W3C DID Core 1.0 compliance, IPFS-backed storage, and Universal Resolver compatibility.
- Overview
- Features
- Project Structure
- Architecture
- Technology Stack
- Getting Started
- Smart Contracts
- API Reference
- Pages & UI
- Deployment
- Contributing
- License
TrustID is a self-sovereign identity (SSI) platform that gives users complete ownership of their digital credentials. Built on the Algorand blockchain, it enables tamper-proof storage, privacy-preserving access control, and globally resolvable DIDs — all without relying on central authorities.
did:algo:testnet:<algorand-address>
Example:
did:algo:testnet:6E245BTHAHMBX6NCGEH2FE7MPPD7HB5AYNXNTHADTCE6RW46MEN7YNTZCI
| Principle | Description |
|---|---|
| Self-Sovereign | Users own and fully control their identities |
| Cryptographically Secure | Ed25519 signatures anchored on Algorand |
| Immutable | Credentials stored on-chain with IPFS integration |
| Granular Access | Public/private modes with time-limited access grants |
| Globally Resolvable | Compatible with the Universal Resolver |
| Standards-Compliant | Full W3C DID Core 1.0 and DID Resolution specification support |
| Feature | Description |
|---|---|
| DID Creation | Create a decentralized identifier anchored to your Algorand wallet |
| Credential Management | Upload, retrieve, and revoke verifiable credentials on-chain |
| Access Control | Granular public/private visibility per credential |
| Time-Limited Grants | Delegate credential access with expiry timestamps |
| W3C DID Documents | DID Documents served via a standards-compliant REST endpoint |
| Universal Resolver | DIDs resolvable at dev.uniresolver.io globally |
| IPFS Integration | Large files stored on IPFS; only the content hash lives on-chain |
| AES-256 Encryption | Private credentials encrypted with PBKDF2-derived keys |
| Algorand Box Storage | Scalable, efficient on-chain indexing via Algorand boxes |
| Multi-Page Dashboard | Intuitive UI for credential lifecycle management |
| Pera Wallet Connect | Native Algorand wallet integration in the browser |
┌──────────────────────────────────────────────────────────────────┐
│ Universal Resolver (dev.uniresolver.io) │
└───────────────────────────┬──────────────────────────────────────┘
│ GET /identifiers/{did}
▼
┌──────────────────────────────────────────────────────────────────┐
│ TrustID Frontend (Next.js) │
│ │
│ Pages: Home · Profile · Add · My Credentials · Verify │
│ DID Resolver · Share │
│ │
│ API Routes: │
│ • /api/identifiers/[did] → W3C DID Document │
│ • /api/credentials/[address] → Credential list │
└──────────┬────────────────────┬─────────────────────────────────┘
│ Contract calls │ Wallet signing
▼ ▼
┌──────────────────────────────────────────────────────────────────┐
│ Algorand Blockchain (Testnet) │
│ │
│ TrustID Smart Contract — App ID: 757490823 │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ add_credential() get_credential() grant_access() │ │
│ │ revoke_access() parse_owner() is_revoked() │ │
│ │ │ │
│ │ Storage: Box per credential → cred_{id} │ │
│ │ Format: hash|owner|cid|type|timestamp|status|access │ │
│ └─────────────────────────────────────────────────────────┘ │
└────────────────┬────────────────────────────────────────────────┘
│
┌─────────┴────────┐
▼ ▼
┌─────────────┐ ┌──────────────┐
│ IPFS │ │ Pera Wallet │
│ (File CDN) │ │ (Signing) │
└─────────────┘ └──────────────┘
- User connects Pera Wallet → Algorand address obtained
- User creates DID at
/profile→ DID registered on-chain - User uploads credential at
/add→ file hashed, stored on IPFS, record written to Algorand box - User shares credential at
/share→ access grant stored on-chain with expiry - Verifier opens
/verify→ credential resolved from blockchain, signature validated - External resolver calls
/api/identifiers/{did}→ W3C DID Document returned
| Technology | Version | Purpose |
|---|---|---|
| React | 19.x | UI framework |
| Next.js | 16.x | Full-stack React framework + API routes |
| TypeScript | 5.x | Type-safe JavaScript |
| Tailwind CSS | 4.x | Utility-first styling |
| Lucide React | Latest | Icon system |
Algorand SDK (algosdk) |
3.5.2 | Blockchain interaction |
| Pera Wallet Connect | 1.5.1 | Browser wallet integration |
| ESLint 9 | Latest | Code linting |
| Technology | Version | Purpose |
|---|---|---|
| Algorand Python | 3.x | Smart contract language |
| PuyaPy | Latest | Python → AVM TEAL compiler |
| AlgoKit CLI | 2.0.0+ | Project scaffolding & deployment |
| algokit-utils | 4.0.0 | TypeScript/Python client utilities |
| Python | 3.12+ | Runtime environment |
| Poetry | Latest | Dependency & virtual env management |
| pytest | Latest | Contract unit testing |
| Layer | Technology |
|---|---|
| Blockchain | Algorand Testnet (upgradeable to Mainnet) |
| RPC Nodes | AlgoNode public nodes |
| Decentralized Storage | IPFS |
| Frontend Hosting | Vercel |
| Local Dev Network | AlgoKit LocalNet (Docker) |
Make sure the following tools are installed:
- Node.js 18+ and npm
- Python 3.12+
- Poetry —
pip install poetry - AlgoKit CLI 2.0.0+ —
npm install -g @algorandfoundation/algokit - Docker (optional — for local Algorand network)
- Pera Wallet browser extension or mobile app for testing
git clone https://github.com/GRPS-1/TrustID.git
cd TrustIDcd frontend
npm installCreate a .env.local file in the frontend/ directory:
NEXT_PUBLIC_ALGORAND_APP_ID=757490823
NEXT_PUBLIC_NETWORK=testnetStart the development server:
npm run dev
# Open http://localhost:3000cd algorand/projects/trustid
# Install Python dependencies via Poetry
poetry install
# Bootstrap and compile contracts
algokit project bootstrap all
algokit project run buildDeploy to LocalNet (optional):
# In a separate terminal, start the local Algorand network
algokit localnet start
# Deploy the TrustID contract
algokit project deploy localnetAfter deployment, update NEXT_PUBLIC_ALGORAND_APP_ID in .env.local with the newly assigned App ID.
- Start the frontend:
npm run devinsidefrontend/ - Open http://localhost:3000
- Connect your Pera Wallet
- Navigate to
/profileto create your DID - Upload your first credential at
/add - Verify it at
/verify
| Property | Value |
|---|---|
| File | algorand/projects/trustid/smart_contracts/trustid/contract.py |
| Language | Algorand Python (compiled via PuyaPy) |
| Network | Algorand Testnet |
| App ID | 757490823 |
| Method | Parameters | Returns | Description |
|---|---|---|---|
add_credential |
cred_id, hash_value, cid, cred_type, access |
success flag | Stores credential metadata to an on-chain box |
get_credential |
cred_id |
credential data | Retrieves credential, enforcing access control |
grant_access |
cred_id, grantee, expiry_timestamp |
success flag | Grants time-limited read access to a grantee |
revoke_access |
cred_id, grantee |
success flag | Revokes a previously issued access grant |
parse_owner |
value, hash_length |
address | Extracts the owner address from box data |
parse_access |
value |
access flag | Extracts the public/private visibility flag |
is_revoked |
value |
boolean | Checks whether a credential has been revoked |
Box Storage — one box per credential:
Key: cred_{credential_id}
Value: hash|owner|cid|type|timestamp|status|access
Access Grant Boxes:
Key: g_{hash(cred_id)}_{grantee_address}
Value: expiry_timestamp
| Level | Who Can Read |
|---|---|
| Public | Anyone |
| Private | Credential owner only |
| Private + Grant | Owner + all valid, non-expired grantees |
| Revoked | Nobody (owner can re-enable) |
Resolves a TrustID DID to a W3C-compliant DID Document. Compatible with the Universal Resolver.
Example:
curl https://trust-id-seven.vercel.app/api/identifiers/did:algo:testnet:6E245BTHAHMBX6NCGEH2FE7MPPD7HB5AYNXNTHADTCE6RW46MEN7YNTZCIResponse 200 OK:
{
"@context": "https://www.w3.org/ns/did/v1",
"id": "did:algo:testnet:6E245BTHAHMBX6NCGEH2FE7MPPD7HB5AYNXNTHADTCE6RW46MEN7YNTZCI",
"verificationMethod": [
{
"id": "did:algo:testnet:6E245...#keys-1",
"type": "Ed25519VerificationKey2018",
"controller": "did:algo:testnet:6E245...",
"publicKeyBase58": "<base58-encoded-public-key>"
}
],
"authentication": [
"did:algo:testnet:6E245...#keys-1"
]
}Returns all public credentials associated with an Algorand address.
Example:
curl https://trust-id-seven.vercel.app/api/credentials/6E245BTHAHMBX6NCGEH2FE7MPPD7HB5AYNXNTHADTCE6RW46MEN7YNTZCIResponse 200 OK:
{
"credentials": [
{
"id": "cred_001",
"hash": "QmXoypizjW...",
"cid": "bafyreib...",
"type": "certificate",
"timestamp": 1703001600,
"access": "public"
}
]
}| Endpoint | Description |
|---|---|
GET /api/debug-boxes |
Inspect all credential boxes on-chain |
GET /api/test-resolver |
Test the DID resolution pipeline |
These endpoints are intended for local development only. Do not expose them in production.
| Route | Page | Description |
|---|---|---|
/ |
Home | Feature showcase, use cases, and onboarding flow |
/profile |
Profile | Create and manage your DID |
/add |
Add Credential | Upload and register a new credential on-chain |
/my-credentials |
Dashboard | View, share, and revoke your credentials |
/verify |
Verify | Publicly verify any credential by ID |
/did |
DID Resolver | Resolve any TrustID DID to its DID Document |
/share |
Share | Manage time-limited access grants |
# Install Vercel CLI
npm install -g vercel
# Deploy from the frontend directory
cd frontend
vercelSet these environment variables in the Vercel dashboard:
| Variable | Value |
|---|---|
NEXT_PUBLIC_ALGORAND_APP_ID |
Your deployed App ID (e.g. 757490823) |
NEXT_PUBLIC_NETWORK |
testnet or mainnet |
cd algorand/projects/trustid
# Deploy to Testnet
algokit project deploy testnetalgokit project deploy mainnetAfter deployment, update NEXT_PUBLIC_ALGORAND_APP_ID in your environment configuration to reflect the new App ID.
Contributions are welcome! Please follow these steps:
-
Fork this repository and clone your fork:
git clone https://github.com/YOUR_USERNAME/TrustID.git cd TrustID -
Create a feature branch:
git checkout -b feature/your-feature-name
-
Make your changes. Write clear, conventional commits:
git commit -m "feat: add [feature name]" git commit -m "fix: resolve [issue description]" git commit -m "docs: update [section name]"
-
Push and open a Pull Request:
git push origin feature/your-feature-name
| Language | Standard |
|---|---|
| TypeScript | Strict mode; avoid any types |
| Python | PEP 8; use type hints throughout |
| Commits | Conventional Commits (feat:, fix:, docs:, test:) |
| File | Purpose |
|---|---|
algorand/projects/trustid/smart_contracts/trustid/contract.py |
Core AVM smart contract |
frontend/src/lib/did.ts |
DID creation & document building |
frontend/src/lib/contract.ts |
Smart contract interaction layer |
frontend/src/lib/algorand.ts |
Algorand SDK configuration |
frontend/src/app/api/ |
Next.js API routes |
When opening a bug report, please include:
- Steps to reproduce the issue
- Expected vs. actual behaviour
- Your environment (OS, Node.js version, browser, wallet)
- Any relevant error messages or screenshots
- W3C DID Core 1.0 Specification
- W3C DID Resolution Specification
- Universal Resolver
- Algorand Developer Portal
- AlgoKit Documentation
- Algorand Python Documentation
- Pera Wallet Connect
- Next.js Documentation
Built on Algorand · Live at trust-id-seven.vercel.app
TrustID maintains full compliance with the W3C DID Core 1.0 specification and is compatible with the global decentralized identity ecosystem.