OPVC CLI
OPVC CLI is a tool for creating and managing Verifiable Credentials (VC) that comply with the Originator Profile (OP) specification. You can issue VCs related to OPs such as Core Profile (CP), Profile Annotation (PA), Web Media Profile (WMP), Website Profile (WSP), and Content Attestation (CA) from the command line. This document helps you better understand the Originator Profile by actually issuing VCs such as CP and PA using the OPVC CLI.
How to get started
Install
The OPVC CLI can be downloaded and run temporarily using npx, or installed and used with npm.
# npx
npx -y @originator-profile/opvc
# npm
npm i -g @originator-profile/opvc
If you are using npx, replace opvc with npx -y @originator-profile/opvc in the following documentation (for example, opvc help becomes npx -y @originator-profile/opvc help).
Verify installation
Once the installation is complete, verify that the CLI is working correctly.
opvc help
Prerequisites
Key generation
A private key is required to issue each VC. Generate a key with the following command.
opvc key-gen -o <File name to save the key>
Specify the file name to save the key without the extension.
<output>.priv.json (private key) and <output>.pub.json (public key) will be generated.
You are free to decide where to place the generated key file and the input files that will be needed from now on. There is no problem if you can specify the correct path with --input or -i when executing the command.
How to publish a Core Profile (CP)
This section explains how to publish a Core Profile. If you want to know more about Core Profile, check out Core Profile. Core Profile is the basis for identifying and verifying Originators.
Creating an input file
Create the input file (JSON file) required to publish a Core Profile. Please check Core Profile properties for the required properties and their meanings.
Example file name: cp.json
{
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://originator-profile.org/ns/credentials/v1"
],
"type": ["VerifiableCredential", "CoreProfile"],
"issuer": "dns:example.org",
"credentialSubject": {
"id": "dns:example.jp",
"type": "Core",
"jwks": {
"keys": [
{
"x": "ypAlUjo5O5soUNHk3mlRyfw6ujxqjfD_HMQt7XH-rSg",
"y": "1cmv9lmZvL0XAERNxvrT2kZkC4Uwu5i1Or1O-4ixJuE",
"crv": "P-256",
"kid": "jJYs5_ILgUc8180L-pBPxBpgA3QC7eZu9wKOkh9mYPU",
"kty": "EC"
}
]
}
}
}
Publishing a Core Profile
Publish the signed Core Profile by running the following command. The signed VC is displayed on standard output.
opvc sign -i <File path of created private key> --input <Path to the JSON file you created>
Example output of the above command:
eyJhbGciOiJFUzI1NiIsImtpZCI6ImpKWXM1X0lMZ1VjODE4MEwtcEJQeEJwZ0EzUUM3ZVp1OXdLT2toOW1ZUFUiLCJ0eXAiOiJ2Yytqd3QiLCJjdHkiOiJ2YyJ9...
How to publish a Profile Annotation (PA)
This section describes how to publish a Profile Annotation. If you want to know more about Profile Annotation, check out Profile Annotation. Profile Annotation is signed information that connects validated attributes to Core Profile.
Creating an input file
Create the input file (JSON file) required to publish a Profile Annotation. Please check Profile Annotation Properties for the required properties and their meanings.
Example file name: annotation.json
{
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://originator-profile.org/ns/credentials/v1",
{
"@language": "en"
}
],
"type": ["VerifiableCredential", "ProfileAnnotation"],
"issuer": "dns:profile-annotation-issuer.example.org",
"credentialSubject": {
"id": "dns:pa-holder.example.org",
"type": "<PA type>",
"name": "<PA name>",
"description": "<PA description>",
"annotation": {
"id": "urn:uuid:14270f8f-9f1c-4f89-9fa4-8c93767a8404",
"type": "ProfileAnnotationPolicy",
"name": "<Profile Annotation Policy name>",
"description": "<Profile Annotation Policy description>",
"ref": "https://annotation.example.org/about"
}
}
}
Publishing a Profile Annotation
Publish the signed Profile Annotation by running the following command. The signed VC is displayed on standard output.
opvc sign -i <File path of created private key> --input <Path to the JSON file you created>
Example output of the above command:
eyJhbGciOiJFUzI1NiIsImtpZCI6ImpKWXM1X0lMZ1VjODE4MEwtcEJQeEJwZ0EzUUM3ZVp1OXdLT2toOW1ZUFUiLCJ0eXAiOiJ2Yytqd3QiLCJjdHkiOiJ2YyJ9...
How to publish a Web Media Profile (WMP)
This section describes how to publish a Web Media Profile. If you want to know more about Web Media Profile, check out Web Media Profile. Web Media Profile is signed information that indicates the identity and trustworthiness of web media.
Creating an input file
Create the input file (JSON file) required to publish a Web Media Profile. Please check Web Media Profile Properties for the required properties and their meanings.
Example file name: media.json
{
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://originator-profile.org/ns/credentials/v1",
{ "@language": "en" }
],
"type": ["VerifiableCredential", "WebMediaProfile"],
"issuer": "dns:wmp-issuer.example.org",
"credentialSubject": {
"id": "dns:wmp-holder.example.jp",
"type": "OnlineBusiness",
"url": "https://www.wmp-holder.example.jp/",
"name": "Media Name (*Development sample)",
"logo": {
"id": "https://www.wmp-holder.example.jp/logo.svg",
"digestSRI": "sha256-OYP9B9EPFBi1vs0dUqOhSbHmtP+ZSTsUv2/OjSzWK0w="
},
"telephone": "0000000000",
"contactPoint": {
"id": "https://wmp-holder.example.jp/contact",
"name": "inquiry"
},
"informationTransmissionPolicy": {
"id": "https://wmp-holder.example.jp/statement",
"name": "Information dissemination policy"
},
"publishingPrinciple": {
"id": "https://wmp-holder.example.jp/editorial-guidelines",
"name": "Editing guidelines"
},
"privacyPolicy": {
"id": "https://wmp-holder.example.jp/privacy",
"name": "Privacy policy"
},
"description": [
{
"text": "This article provides supplementary information regarding this web media.",
"encodingFormat": "text/plain"
},
{
"text": "<p>This article provides supplementary information regarding this web media.</p>",
"encodingFormat": "text/html"
}
]
}
}
Publishing a Web Media Profile
Publish the signed Web Media Profile by running the following command. The signed VC is displayed on standard output.
opvc sign -i <File path of created private key> --input <Path to the JSON file you created>
Example output of the above command:
eyJhbGciOiJFUzI1NiIsImtpZCI6ImpKWXM1X0lMZ1VjODE4MEwtcEJQeEJwZ0EzUUM3ZVp1OXdLT2toOW1ZUFUiLCJ0eXAiOiJ2Yytqd3QiLCJjdHkiOiJ2YyJ9...
How to publish a Website Profile (WSP)
This section explains how to publish a Website Profile. If you want to know more about Website Profile, please check Website Profile. Website Profile is signed information that indicates the legitimacy of a website.
Creating an input file
Create the input file (JSON file) required to publish a Website Profile. Please check Website Profile Properties for the required properties and their meanings.
Example file name: site.json
{
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://originator-profile.org/ns/credentials/v1",
"https://originator-profile.org/ns/cip/v1",
{ "@language": "en" }
],
"type": ["VerifiableCredential", "WebsiteProfile"],
"issuer": "dns:example.com",
"credentialSubject": {
"id": "https://media.example.com",
"type": "WebSite",
"name": "<Website title>",
"description": "<Website description>",
"image": {
"id": "https://media.example.com/image.png",
"digestSRI": "sha256-Upwn7gYMuRmJlD1ZivHk876vXHzokXrwXj50VgfnMnY="
},
"allowedOrigin": ["https://media.example.com"]
}
}
Publishing a Website Profile
Publish the signed Website Profile by executing the following command. The signed VC is displayed on standard output.
opvc wsp:sign -i <File path of created private key> --input <Path to the JSON file you created>
Example output of the above command:
eyJhbGciOiJFUzI1NiIsImtpZCI6ImpKWXM1X0lMZ1VjODE4MEwtcEJQeEJwZ0EzUUM3ZVp1OXdLT2toOW1ZUFUiLCJ0eXAiOiJ2Yytqd3QiLCJjdHkiOiJ2YyJ9...
How to publish a Content Attestation (CA)
This section explains how to publish a Content Attestation. If you want to learn more about Content Attestation, check out Content Attestation. Content Attestation is signed information that indicates that the content was legitimately created by the Originator.
Creating an input file
Create the input file (JSON file) required to publish a Content Attestation. Please check Content Attestation Properties for the required properties and their meanings.
Example file name: ca.json
{
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://originator-profile.org/ns/credentials/v1",
"https://originator-profile.org/ns/cip/v1",
{ "@language": "en" }
],
"type": ["VerifiableCredential", "ContentAttestation"],
"issuer": "dns:example.com",
"credentialSubject": {
"id": "urn:uuid:78550fa7-f846-4e0f-ad5c-8d34461cb95b",
"type": "Article",
"headline": "<Article title>",
"image": {
"id": "https://media.example.com/image.png",
"digestSRI": "sha256-OYP9B9EPFBi1vs0dUqOhSbHmtP+ZSTsUv2/OjSzWK0w="
},
"description": "<Web page description>",
"author": ["Jane Smith"],
"editor": ["John Doe"],
"datePublished": "2023-07-04T19:14:00Z",
"dateModified": "2023-07-04T19:14:00Z",
"genre": "Arts & Entertainment"
},
"allowedUrl": ["https://media.example.com/articles/2024-06-30"],
"target": [
{
"type": "VisibleTextTargetIntegrity",
"cssSelector": "<CSS selector>",
"integrity": "sha256-GYC9PqfIw0qWahU6OlReQfuurCI5VLJplslVdF7M95U="
},
{
"type": "ExternalResourceTargetIntegrity",
"integrity": "sha256-+M3dMZXeSIwAP8BsIAwxn5ofFWUtaoSoDfB+/J8uXMo="
}
]
}
Publishing a Content Attestation
Publish a Content Attestation by executing the following command. The signed VC is displayed on standard output.
opvc ca:sign -i <File path of created private key> --input <Path to the JSON file you created>
Example output of the above command:
eyJhbGciOiJFUzI1NiIsImtpZCI6ImpKWXM1X0lMZ1VjODE4MEwtcEJQeEJwZ0EzUUM3ZVp1OXdLT2toOW1ZUFUiLCJ0eXAiOiJ2Yytqd3QiLCJjdHkiOiJ2YyJ9...
Command list
Below is a list of OPVC CLI commands. Please check README for detailed options for each command.
- opvc ca:sign
- opvc ca:unsigned
- opvc help [COMMAND]
- opvc key-gen
- opvc sign
- opvc wsp:sign
- opvc wsp:unsigned