# Example for SSI-CLI command verify

This command could be used to check if signuatures (proof) of a verifiable Credential or verifiable presentation are correct.

In [1]:
import subprocess
import json

# Test Data

In [2]:
signedCred1 = {
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "type": [
    "VerifiableCredential"
  ],
  "credentialSubject": {
    "id": "did:ethr:0x4d7EC6C217b5d3Ab7811C1932196Af3C5A489d64",
    "type": "NameCredential",
    "issuanceDate": "0x9a16cf1fec743db9afad5c503c4b275c4b7c1c50e0a91eff83534d24dba9f3d4",
    "givenName": "0xbff7d1896062b42f83167e4e3b140af7a36af150d7f1c75fce4a2e3712306e8a",
    "familyName": "0x623d091b5b9c6a3ac97a8bfec23f677b38105f79d5a2fb320b511d70555cc360"
  },
  "issuer": "did:ethr:0xCb139d22052749D2Fafc8406dD942453A10cD03D",
  "issuanceDate": "2021-03-24T14:50:11.613723Z",
  "credentialStatus": {
    "id": "0x2D0bD2c91b4B011AA53207d96813b521E432F96C",
    "type": "EthereumRevocationList"
  },
  "proof": {
    "type": "EcdsaSecp256k1RecoverySignature2020",
    "proofPurpose": "assertionMethod",
    "verificationMethod": "did:ethr:0xCb139d22052749D2Fafc8406dD942453A10cD03D",
    "created": "2021-03-24T14:50:11.615724Z",
    "jws": "eyJhbGciOiJFUzI1NkstUiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..ZguE1rqSOiij3GUC3LPQY3J6p2Ycz/xxbkALG90bLphUqd5cgiblSOtodylnNH14BrTDbwJH63BUy7iz49nMoQE="
  }
}

In [3]:
signedCred2 = {
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "type": [
    "VerifiableCredential"
  ],
  "credentialSubject": {
    "id": "did:ethr:0x681eb9E865AA9A92BA1A7822FcF82039aE53A598",
    "type": "NameCredential",
    "issuanceDate": "0x13911f4efed0d6234700d0dd08a512caaa994059ebdf16220505a6825f74658d",
    "allowedVehicleCategories": [
      "0x42b457977dee8ca0c820e4b48a462a1af4a863d0c186f7cfccd4b16bd80e5df7",
      "0xa41ea86f6ccd380fc0df9b284e8106b1eb555db22172aafc56fd58066a4a5565"
    ]
  },
  "issuer": "did:ethr:0xCb139d22052749D2Fafc8406dD942453A10cD03D",
  "issuanceDate": "2021-03-24T14:50:11.614389Z",
  "credentialStatus": {
    "id": "0x2D0bD2c91b4B011AA53207d96813b521E432F96C",
    "type": "EthereumRevocationList"
  },
  "proof": {
    "type": "EcdsaSecp256k1RecoverySignature2020",
    "proofPurpose": "assertionMethod",
    "verificationMethod": "did:ethr:0xCb139d22052749D2Fafc8406dD942453A10cD03D",
    "created": "2021-03-24T14:50:11.693148Z",
    "jws": "eyJhbGciOiJFUzI1NkstUiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..j+Cytt8agnXGDiSbV9aHMKgjDnkpnXtAz3w12GQrmhck+fRC8CTW/98wgDy0qDPppv1Jokp2EcHZhyAp5rroKAE="
  }
}

In [4]:
 signedPresentation1 = {
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "type": [
    "VerifiablePresentation"
  ],
  "verifiableCredential": [
    {
      "@context": [
        "https://www.w3.org/2018/credentials/v1"
      ],
      "type": [
        "VerifiableCredential"
      ],
      "credentialSubject": {
        "id": "did:ethr:0x4d7EC6C217b5d3Ab7811C1932196Af3C5A489d64",
        "type": "NameCredential",
        "issuanceDate": "0x9a16cf1fec743db9afad5c503c4b275c4b7c1c50e0a91eff83534d24dba9f3d4",
        "givenName": "0xbff7d1896062b42f83167e4e3b140af7a36af150d7f1c75fce4a2e3712306e8a",
        "familyName": "0x623d091b5b9c6a3ac97a8bfec23f677b38105f79d5a2fb320b511d70555cc360"
      },
      "issuer": "did:ethr:0xCb139d22052749D2Fafc8406dD942453A10cD03D",
      "issuanceDate": "2021-03-24T14:50:11.613723Z",
      "credentialStatus": {
        "id": "0x2D0bD2c91b4B011AA53207d96813b521E432F96C",
        "type": "EthereumRevocationList"
      },
      "proof": {
        "type": "EcdsaSecp256k1RecoverySignature2020",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "did:ethr:0xCb139d22052749D2Fafc8406dD942453A10cD03D",
        "created": "2021-03-24T14:50:11.615724Z",
        "jws": "eyJhbGciOiJFUzI1NkstUiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..ZguE1rqSOiij3GUC3LPQY3J6p2Ycz/xxbkALG90bLphUqd5cgiblSOtodylnNH14BrTDbwJH63BUy7iz49nMoQE="
      }
    }
  ],
  "proof": [
    {
      "type": "EcdsaSecp256k1RecoverySignature2020",
      "proofPurpose": "assertionMethod",
      "verificationMethod": "did:ethr:0x4d7EC6C217b5d3Ab7811C1932196Af3C5A489d64",
      "created": "2021-03-24T14:50:11.975172Z",
      "challenge": "271affd7-1aaa-4bc3-9a40-194e55c4bae5",
      "jws": "eyJhbGciOiJFUzI1NkstUiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..x15XWkeMcpzmkfQQ304pADOQEAI7c+pPYGgzz8IxoMNNKzghrJtwSWNYDouLTJ40DXMTmsq4iI0/MsbFTC25YgA="
    }
  ]
}

In [5]:
signedPresentation2 = {
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "type": [
    "VerifiablePresentation"
  ],
  "verifiableCredential": [
    {
      "@context": [
        "https://www.w3.org/2018/credentials/v1"
      ],
      "type": [
        "VerifiableCredential"
      ],
      "credentialSubject": {
        "id": "did:ethr:0x4d7EC6C217b5d3Ab7811C1932196Af3C5A489d64",
        "type": "NameCredential",
        "issuanceDate": "0x9a16cf1fec743db9afad5c503c4b275c4b7c1c50e0a91eff83534d24dba9f3d4",
        "givenName": "0xbff7d1896062b42f83167e4e3b140af7a36af150d7f1c75fce4a2e3712306e8a",
        "familyName": "0x623d091b5b9c6a3ac97a8bfec23f677b38105f79d5a2fb320b511d70555cc360"
      },
      "issuer": "did:ethr:0xCb139d22052749D2Fafc8406dD942453A10cD03D",
      "issuanceDate": "2021-03-24T14:50:11.613723Z",
      "credentialStatus": {
        "id": "0x2D0bD2c91b4B011AA53207d96813b521E432F96C",
        "type": "EthereumRevocationList"
      },
      "proof": {
        "type": "EcdsaSecp256k1RecoverySignature2020",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "did:ethr:0xCb139d22052749D2Fafc8406dD942453A10cD03D",
        "created": "2021-03-24T14:50:11.615724Z",
        "jws": "eyJhbGciOiJFUzI1NkstUiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..ZguE1rqSOiij3GUC3LPQY3J6p2Ycz/xxbkALG90bLphUqd5cgiblSOtodylnNH14BrTDbwJH63BUy7iz49nMoQE="
      }
    },
    {
      "@context": [
        "https://www.w3.org/2018/credentials/v1"
      ],
      "type": [
        "VerifiableCredential"
      ],
      "credentialSubject": {
        "id": "did:ethr:0x681eb9E865AA9A92BA1A7822FcF82039aE53A598",
        "type": "NameCredential",
        "issuanceDate": "0x13911f4efed0d6234700d0dd08a512caaa994059ebdf16220505a6825f74658d",
        "allowedVehicleCategories": [
          "0x42b457977dee8ca0c820e4b48a462a1af4a863d0c186f7cfccd4b16bd80e5df7",
          "0xa41ea86f6ccd380fc0df9b284e8106b1eb555db22172aafc56fd58066a4a5565"
        ]
      },
      "issuer": "did:ethr:0xCb139d22052749D2Fafc8406dD942453A10cD03D",
      "issuanceDate": "2021-03-24T14:50:11.614389Z",
      "credentialStatus": {
        "id": "0x2D0bD2c91b4B011AA53207d96813b521E432F96C",
        "type": "EthereumRevocationList"
      },
      "proof": {
        "type": "EcdsaSecp256k1RecoverySignature2020",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "did:ethr:0xCb139d22052749D2Fafc8406dD942453A10cD03D",
        "created": "2021-03-24T14:50:11.693148Z",
        "jws": "eyJhbGciOiJFUzI1NkstUiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..j+Cytt8agnXGDiSbV9aHMKgjDnkpnXtAz3w12GQrmhck+fRC8CTW/98wgDy0qDPppv1Jokp2EcHZhyAp5rroKAE="
      }
    }
  ],
  "proof": [
    {
      "type": "EcdsaSecp256k1RecoverySignature2020",
      "proofPurpose": "assertionMethod",
      "verificationMethod": "did:ethr:0x4d7EC6C217b5d3Ab7811C1932196Af3C5A489d64",
      "created": "2021-03-24T14:50:12.031263Z",
      "challenge": "0aa85d36-f997-4afd-a723-31b39191e67d",
      "jws": "eyJhbGciOiJFUzI1NkstUiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..5ktOxYHBqR1NNSYv3xQI/Sl4KvFtULjwY4J7f7ldpOw3p7xEej3pJ30HtL8fOrnQYD31twXZcJQ4/X5UvnKO7wA="
    },
    {
      "type": "EcdsaSecp256k1RecoverySignature2020",
      "proofPurpose": "assertionMethod",
      "verificationMethod": "did:ethr:0x681eb9E865AA9A92BA1A7822FcF82039aE53A598",
      "created": "2021-03-24T14:50:12.086686Z",
      "challenge": "0aa85d36-f997-4afd-a723-31b39191e67d",
      "jws": "eyJhbGciOiJFUzI1NkstUiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19../xFGNJXDe+gbuYHKOCtaCtabhsg45C4I/mNCSxkz9E1YNGOfv9pQWhhikFanPhEmtfmAh28yQnaItj0u6XoD2AA="
    }
  ]
}

In [6]:
disclosedCred1 = {
  "id": "did:ethr:0x4d7EC6C217b5d3Ab7811C1932196Af3C5A489d64",
  "type": "NameCredential",
  "issuanceDate": {
    "value": "2021-03-24",
    "salt": "d7db8ce9-8acc-49ff-9601-a90b496a164c",
    "hash": "0x9a16cf1fec743db9afad5c503c4b275c4b7c1c50e0a91eff83534d24dba9f3d4"
  },
  "givenName": {
    "value": "Max",
    "salt": "9dc435b6-be74-4896-b2d0-b6f0cef98379",
    "hash": "0xbff7d1896062b42f83167e4e3b140af7a36af150d7f1c75fce4a2e3712306e8a"
  },
  "familyName": {
    "hash": "0x623d091b5b9c6a3ac97a8bfec23f677b38105f79d5a2fb320b511d70555cc360"
  }
}

In [7]:
disclosedCred2 = {
  "id": "did:ethr:0x681eb9E865AA9A92BA1A7822FcF82039aE53A598",
  "type": "NameCredential",
  "issuanceDate": {
    "value": "2021-03-24",
    "salt": "7cb71139-aaa4-43b0-98ec-c2e42d66ba8a",
    "hash": "0x13911f4efed0d6234700d0dd08a512caaa994059ebdf16220505a6825f74658d"
  },
  "allowedVehicleCategories": [
    {
      "value": "A",
      "salt": "2b358bd1-10ee-4459-9271-32abdd7db86d",
      "hash": "0x42b457977dee8ca0c820e4b48a462a1af4a863d0c186f7cfccd4b16bd80e5df7"
    },
    {
      "value": "B",
      "salt": "978fc5b6-254d-4a07-b77f-2984d2365e2f",
      "hash": "0xa41ea86f6ccd380fc0df9b284e8106b1eb555db22172aafc56fd58066a4a5565"
    }
  ]
}

In [8]:
challenge1 = '271affd7-1aaa-4bc3-9a40-194e55c4bae5'
challenge2 = '0aa85d36-f997-4afd-a723-31b39191e67d'

# Command Help

In [9]:
res = subprocess.run(['../build/main', 'verify', '--help'], capture_output=True)
print(res.stdout.decode())

Verifying credentials and presentations

Usage: main verify [arguments]
-h, --help                       Print this usage information.
    --rpcUrl                     Url for RPC-Endpoint of Ethereum-Node
                                 (defaults to "http://localhost:8545")
-r, --[no-]checkForRevocation    Indicates if the revocation status of credentials should be checked
-e, --erc1056Contract            Contract address of ErC1056-Contract (EthereumDIDRegistry)
-c, --challenge                  Expected challenge in a presentation. Therefor this option is only needed if you check a presentation.
-p, --plaintextCredential        The (disclosed) plaintext credentials. Multiple plaintext credentials allowed, but use -p every time; separating by comma wont work.
-s, --signedJson                 The signed json-object (credential or presentation) to check

Run "main help" to see global options.



# Positive Examples
- no error output
- exit-code = 0

Verify, if a credential has correct signature. No check for revocation. No comparision with (disclosed) plaintext Credential.

In [10]:
res = subprocess.run(["../build/main",
                      "verify", 
                      '-s', json.dumps(signedCred1), 
                      '-e0x0eE301c92471234038E320153A7F650ab9a72e28',
                      '--rpcUrl', 'http://localhost:7545'], 
                     capture_output=True )

print('---Stdout---')
print(res.stdout.decode())
print('---Stderr---')
print(res.stderr.decode())
print('---Exit-Code---')
print(res.returncode)

---Stdout---
Signature Check: true

---Stderr---

---Exit-Code---
0


Verify, if a credential has correct signature. With check for revocation and comparision with (disclosed) plaintext Credential.

In [11]:
res = subprocess.run(["../build/main",
                      "verify", 
                      '-s', json.dumps(signedCred2), 
                      '-e0x0eE301c92471234038E320153A7F650ab9a72e28',
                      '--rpcUrl', 'http://localhost:7545', 
                      '-r', 
                      '-p', json.dumps(disclosedCred2)], 
                     capture_output=True )

print('---Stdout---')
print(res.stdout.decode())
print('---Stderr---')
print(res.stderr.decode())
print('---Exit-Code---')
print(res.returncode)

---Stdout---
Signature Check: true
Comparision: true

---Stderr---

---Exit-Code---
0


Verify, if a presentation with one credential. With Check for Credential revocation and comparision with (disclosed) plaintext credential.

In [12]:
res = subprocess.run(["../build/main",
                      "verify", 
                      '-s', json.dumps(signedPresentation1), 
                      '-e0x0eE301c92471234038E320153A7F650ab9a72e28',
                      '--rpcUrl', 'http://localhost:7545', 
                      '-r', 
                      '-p', json.dumps(disclosedCred1), 
                      '-c', challenge1], 
                     capture_output=True )

print('---Stdout---')
print(res.stdout.decode())
print('---Stderr---')
print(res.stderr.decode())
print('---Exit-Code---')
print(res.returncode)

---Stdout---
Signature Check: true
Comparision: true

---Stderr---

---Exit-Code---
0


Verify, if a presentation with two credentials. With Check for Credential revocation and comparision with (disclosed) plaintext credentials. Add -p for every plaintext credential you would like to compare; separating them by comma would not work!

In [13]:
res = subprocess.run(["../build/main",
                      "verify", 
                      '-s', json.dumps(signedPresentation2), 
                      '-e0x0eE301c92471234038E320153A7F650ab9a72e28',
                      '--rpcUrl', 'http://localhost:7545', 
                      '-r', 
                      '-p', json.dumps(disclosedCred1), 
                      '-p', json.dumps(disclosedCred2),
                      '-c', challenge2], 
                     capture_output=True )

print('---Stdout---')
print(res.stdout.decode())
print('---Stderr---')
print(res.stderr.decode())
print('---Exit-Code---')
print(res.returncode)

---Stdout---
Signature Check: true
Comparision: true

---Stderr---

---Exit-Code---
0


# Negative Examples
- exit-code = 2

ERC1056 contract address missing

In [14]:
res = subprocess.run(["../build/main",
                      "verify", 
                      '-s', json.dumps(signedPresentation2), 
                      '--rpcUrl', 'http://localhost:7545', 
                      '-r', 
                      '-p', json.dumps(disclosedCred1), 
                      '-c', challenge2], 
                     capture_output=True )

print('---Stdout---')
print(res.stdout.decode())
print('---Stderr---')
print(res.stderr.decode())
print('---Exit-Code---')
print(res.returncode)

---Stdout---

---Stderr---
Contract address for ERC1056 Contract missing

---Exit-Code---
2


Wrong RPCUrl

In [15]:
res = subprocess.run(["../build/main",
                      "verify", 
                      '-s', json.dumps(signedPresentation2), 
                      '-e0x0eE301c92471234038E320153A7F650ab9a72e28', 
                      '-r', 
                      '-p', json.dumps(disclosedCred1), 
                      '-p', json.dumps(disclosedCred2),
                      '-c', challenge2], 
                     capture_output=True )

print('---Stdout---')
print(res.stdout.decode())
print('---Stderr---')
print(res.stderr.decode())
print('---Exit-Code---')
print(res.returncode)

---Stdout---

---Stderr---
SocketException: OS Error: Connection refused, errno = 111, address = localhost, port = 46378

---Exit-Code---
2


No json-object for checking given.

In [16]:
res = subprocess.run(["../build/main",
                      "verify",  
                      '-e0x0eE301c92471234038E320153A7F650ab9a72e28',
                      '--rpcUrl', 'http://localhost:7545', 
                      '-r', 
                      '-p', json.dumps(disclosedCred1), 
                      '-p', json.dumps(disclosedCred2),
                      '-c', challenge1], 
                     capture_output=True )

print('---Stdout---')
print(res.stdout.decode())
print('---Stderr---')
print(res.stderr.decode())
print('---Exit-Code---')
print(res.returncode)

---Stdout---

---Stderr---
Checkable json-object missing

---Exit-Code---
2


Challenge is wrong

In [17]:
res = subprocess.run(["../build/main",
                      "verify", 
                      '-s', json.dumps(signedPresentation2), 
                      '-e0x0eE301c92471234038E320153A7F650ab9a72e28',
                      '--rpcUrl', 'http://localhost:7545', 
                      '-r', 
                      '-p', json.dumps(disclosedCred1), 
                      '-p', json.dumps(disclosedCred2),
                      '-c', challenge1], 
                     capture_output=True )

print('---Stdout---')
print(res.stdout.decode())
print('---Stderr---')
print(res.stderr.decode())
print('---Exit-Code---')
print(res.returncode)

---Stdout---

---Stderr---
Exception: Challenge does not match

---Exit-Code---
2


Plaintext Credential does not match.

In [18]:
disclosedCred1Manipulated = {
  "id": "did:ethr:0x4d7EC6C217b5d3Ab7811C1932196Af3C5A489d64",
  "type": "NameCredential",
  "issuanceDate": {
    "value": "2021-03-24",
    "salt": "d7db8ce9-8acc-49ff-9601-a90b496a164c",
    "hash": "0x9a16cf1fec743db9afad5c503c4b275c4b7c1c50e0a91eff83534d24dba9f3d4"
  },
  "givenName": {
    "value": "Tina",
    "salt": "9dc435b6-be74-4896-b2d0-b6f0cef98379",
    "hash": "0xbff7d1896062b42f83167e4e3b140af7a36af150d7f1c75fce4a2e3712306e8a"
  },
  "familyName": {
    "hash": "0x623d091b5b9c6a3ac97a8bfec23f677b38105f79d5a2fb320b511d70555cc360"
  }
}

In [19]:
res = subprocess.run(["../build/main",
                      "verify", 
                      '-s', json.dumps(signedPresentation1), 
                      '-e0x0eE301c92471234038E320153A7F650ab9a72e28',
                      '--rpcUrl', 'http://localhost:7545', 
                      '-r', 
                      '-p', json.dumps(disclosedCred1Manipulated), 
                      '-c', challenge1], 
                     capture_output=True )

print('---Stdout---')
print(res.stdout.decode())
print('---Stderr---')
print(res.stderr.decode())
print('---Exit-Code---')
print(res.returncode)

---Stdout---

---Stderr---
Problem in credential with id did:ethr:0x4d7EC6C217b5d3Ab7811C1932196Af3C5A489d64 : Exception: Given hash and calculated hash do ot match at givenName

---Exit-Code---
2


Signature is wrong (Credential was manipulated/Signature itself was manipulated).

In [20]:
signedCred1Manipulated = {
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "type": [
    "VerifiableCredential"
  ],
  "credentialSubject": {
    "id": "did:ethr:0x4d7EC6C217b5d3Ab7811C1932196Af3C5A489d64",
    "type": "NameCredential",
    "issuanceDate": "0x1234",
    "givenName": "0xbff7d1896062b42f83167e4e3b140af7a36af150d7f1c75fce4a2e3712306e8a",
    "familyName": "0x623d091b5b9c6a3ac97a8bfec23f677b38105f79d5a2fb320b511d70555cc360"
  },
  "issuer": "did:ethr:0xCb139d22052749D2Fafc8406dD942453A10cD03D",
  "issuanceDate": "2021-03-24T14:50:11.613723Z",
  "credentialStatus": {
    "id": "0x2D0bD2c91b4B011AA53207d96813b521E432F96C",
    "type": "EthereumRevocationList"
  },
  "proof": {
    "type": "EcdsaSecp256k1RecoverySignature2020",
    "proofPurpose": "assertionMethod",
    "verificationMethod": "did:ethr:0xCb139d22052749D2Fafc8406dD942453A10cD03D",
    "created": "2021-03-24T14:50:11.615724Z",
    "jws": "eyJhbGciOiJFUzI1NkstUiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..ZguE1rqSOiij3GUC3LPQY3J6p2Ycz/xxbkALG90bLphUqd5cgiblSOtodylnNH14BrTDbwJH63BUy7iz49nMoQE="
  }
}

In [21]:
res = subprocess.run(["../build/main",
                      "verify", 
                      '-s', json.dumps(signedCred1Manipulated), 
                      '-e0x0eE301c92471234038E320153A7F650ab9a72e28',
                      '--rpcUrl', 'http://localhost:7545'], 
                     capture_output=True )

print('---Stdout---')
print(res.stdout.decode())
print('---Stderr---')
print(res.stderr.decode())
print('---Exit-Code---')
print(res.returncode)

---Stdout---
Signature Check: false

---Stderr---

---Exit-Code---
2
