Skip to content

Instantly share code, notes, and snippets.

@first087
Forked from nolifelover/opencert.md
Created May 27, 2022 03:45
Show Gist options
  • Save first087/0236b139b65ec82e0f35dd15f3f3fc57 to your computer and use it in GitHub Desktop.
Save first087/0236b139b65ec82e0f35dd15f3f3fc57 to your computer and use it in GitHub Desktop.
OpenAttestation and OpenCert

Install open-attestation cli

npm install -g @govtechsg/open-attestation-cli

Creating a wallet

open-attestation wallet create --output-file wallet.json

During the creation, you will be prompted for a password. Make sure to remember it for the following steps. You will see a message after completion of the command:

password: hellooa

…  awaiting  Encrypting Wallet [====================] [100/100%]
ℹ  info      Wallet with public address 0x0Fae1e6159530CA1f074FbC30A27709E7556edC1 successfully created.
ℹ  info      Find more details at https://ropsten.etherscan.io/address/0x0Fae1e6159530CA1f074FbC30A27709E7556edC1
✔  success   Wallet successfully saved into /Users/earn/Projects/workshop/open-attestation/wallet.json

Deploying Document Store Smart Contract

open-attestation deploy document-store "My first document store" --network rinkeby --encrypted-wallet-path wallet.json

You will be prompted for the password that you used while creating the wallet. Once your document store smart contract has been successfully deployed, you will see the success message with the document store address.

…  awaiting  Waiting for transaction 0x00110ebb0ab825d9078ecad179cc0e45605795f4dacac749116dfdc478702478 to be mined
✔  success   Document store My first document store deployed at 0x3A6B0Ea0F3a42B84C1c526Eb32F6529c7B3B6349
ℹ  info      Find more details at https://rinkeby.etherscan.io/address/0x3A6B0Ea0F3a42B84C1c526Eb32F6529c7B3B6349

Configuring DNS

Every OA document's provenance can be verified and traced back to its creator or issuer. This is achieved by embedding an identityProof property in the document, which serves as a claim for identity. During the verification phase, the claim is checked against external records.

In this example above, the document's issuer is bound to demo.openattestation.com.

In this guide, we will bind the document issuer's identity to a valid domain name. This domain will be displayed as issuer every time the document is rendered in an OA-compliant decentralized renderer.

We will be inserting a temporary DNS record on our DNS at sandbox.openattestation.com so you do not need your own domain to follow the guide. If you prefer to use your own domain name for the identity, you may skip the steps involving the CLI and instead read the DNS Configuration Guide.

Creating Temporary DNS Proof with CLI

open-attestation dns txt-record create --address 0x3A6B0Ea0F3a42B84C1c526Eb32F6529c7B3B6349 --network-id 4

The network-id corresponds to the network ID for the different Ethereum networks. We generally use only the following networks:

Network ID Name Network
1 Ethereum Mainnet mainnet
3 Ethereum Testnet Ropsten
4 Ethereum Testnet Rinkeby

Once the DNS TXT record has been successfully deployed, you will see the success message with the bound location.

✔  success   Record created at detailed-coffee-octopus.sandbox.openattestation.com and will stay valid until Thu May 26 2022 23:57:11 GMT+0700 (Indochina Time)

https://mxtoolbox.com/txtlookup.aspx

Type Domain Name TTL Record
TXT detailed-coffee-octopus.sandbox.openattestation.com 60 sec "openatts net=ethereum netId=4 addr=0x3A6B0Ea0F3a42B84C1c526Eb32F6529c7B3B6349"

Creating Raw Document

Every OA document has a checksum that provides it a tamper-proof property. At the same time, because the checksum can be used to uniquely identify a document, the checksum (or its derived value) is stored onto the document store as evidence of issuance. To compute the checksum, a raw document goes through a process known as wrapping to become a wrapped document. Only then, the document is ready to be issued onto the blockchain.

In this guide, we will learn how to create one raw document that conforms to the OpenAttestation v2 Schema.

Understanding the OA Document Schema

The OpenAttestation v2.0 defines the shape of data for the raw document - the data before the wrapping process. It is defined in JSON Schema format.

The official OpenAttestation v2.0 schema can be found at https://schema.openattestation.com/2.0/schema.json

Using Online Schema Validator

Visit https://www.jsonschemavalidator.net/

Paste the contents from https://schema.openattestation.com/2.0/schema.json into the left panel under "Select Schema".

This will setup the JSON schema validator to validate the JSON inputs on the right against the defined schema.

img

Creating raw document

{
  "$template": {
    "name": "main",
    "type": "EMBEDDED_RENDERER",
    "url": "https://tutorial-renderer.openattestation.com"
  },
  "recipient": {
    "name": "John Doe"
  },
  "issuers": [
    {
      "name": "Demo Issuer",
      "documentStore": "0x3A6B0Ea0F3a42B84C1c526Eb32F6529c7B3B6349",
      "identityProof": {
        "type": "DNS-TXT",
        "location": "detailed-coffee-octopus.sandbox.openattestation.com"
      }
    }
  ]
}

Wrapping Documents

Every OA document has a checksum that provides it a tamper-proof property. At the same time, because the checksum can be used to uniquely identify a document, the checksum (or its derived value) is stored onto the document store as evidence of issuance. To compute the checksum, a raw document goes through a process known as wrapping to become a wrapped document. Only then, the document is ready to be issued onto the blockchain.

A merkleRoot, a 64 character long string prepended with 0x will be generated. The merkleRoot is the only information that will be stored onto the Blockchain to verify the issuance status of an OA document.

open-attestation wrap raw-documents --output-dir wrapped-documents
✔  success   Batch Document Root: 0x8394d512502b4e0050ce2a55efe32a84a41b4f54380fdad51cdffdeb22ee4172

After running the CLI you will see the success message with the Batch Document Root. In the above sample, the document root (also known as merkle root) is 0x8394d512502b4e0050ce2a55efe32a84a41b4f54380fdad51cdffdeb22ee4172, you will definitely have a different value.

Issuing Documents

After wrapping the documents and obtaining a merkle root, the documents are ready to be issued on the document store smart contract. To issue a batch of documents, we will use the merkle root that will be appended to the list of issued documents on the document store. This issuance only needs to be done once for all documents in a batch.

Issuing the documents

open-attestation document-store issue --address 0x3A6B0Ea0F3a42B84C1c526Eb32F6529c7B3B6349 --hash 0x8394d512502b4e0050ce2a55efe32a84a41b4f54380fdad51cdffdeb22ee4172  --network rinkeby --encrypted-wallet-path wallet.json
…  awaiting  Sending transaction to pool
…  awaiting  Waiting for transaction 0x001b268320683a212f6bb7ef35529d0bc92e16880bc7876114c7a0c23067a56f to be mined
✔  success   Document/Document Batch with hash 0x8394d512502b4e0050ce2a55efe32a84a41b4f54380fdad51cdffdeb22ee4172 has been issued on 0x3A6B0Ea0F3a42B84C1c526Eb32F6529c7B3B6349
ℹ  info      Find more details at https://rinkeby.etherscan.io/tx/0x001b268320683a212f6bb7ef35529d0bc92e16880bc7876114c7a0c23067a56f

Deploy Verify Website

git clone https://github.com/OpenCerts/opencerts-website
cd opencerts-website
npm install
NET=rinkeby npm run dev
Ref
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment