KERI VDR API
keri.vdr.credentialing
KERI keri.vdr.credentialing module
VC issuer support
- class keri.vdr.credentialing.BaseRegistry(hab, reger, tvy, psr, name='test', regk=None, cues=None)[source]
Issuer provides encapsulation of creating a Verifiable Credential Registry with issuance and revocation of VCs against that registry.
The Registry consists of 1 management TEL for maintaining the state of the registry wrt special Backers that can act as witnesses of VC events, and 1 VC TEL for each VC issued that tracks the issuance and revocation status of those VCs.
- __init__(hab, reger, tvy, psr, name='test', regk=None, cues=None)[source]
Initialize BaseRegistry Instance
- Parameters:
hab (Habitat) – instance of local controller’s context
name (str) – alias for this issuer
reger (Reger) – database instance for controller’s credentials
tvy (Tevery) – injected Tevery instance for processing TEL events
psr (Parser) – injected Parser instance for parsing TEL events
regk (str) – registry key qb64 prefix for this registry read from Registry record
cues (Decking) – optional Decking instance for outbound event processing cues
- anchorMsg(pre, regd, seqner, saider)[source]
Adds to the anchor database a seal of a TEL event to a KEL event.
- processEvent(serder)[source]
Process registry events
- Parameters:
serder (Serder) – Registry TEL event to process
- property tevers
tevers property
Returns .reger.tevers
- class keri.vdr.credentialing.Credentialer(hby, rgy, registrar, verifier)[source]
Credentialer is a DoDoer that manages credential creation, validation, issuance, and escrow for credential events. This includes ensuring KEL events underlying TEL events have all needed signatures and then disseminating the credential events to witnesses for receipting.
- Doers:
escrowDo (doified function): Doer for processing credential escrows waiting for signatures
- __init__(hby, rgy, registrar, verifier)[source]
Initialize Credentialer instance.
- Parameters:
hby (Habery) – instance of local controller’s context
rgy (Regery) – instance of Regery for managing registries and TEL Tevery escrows
registrar (Registrar) – Registrar used for checking TEL event completion (has all signatures)
verifier (Verifier) – instance of Verifier for validating credentials against schemas
- complete(said)[source]
A credential event is complete when issued and sent to witnesses for receipting.
- create(regname, recp: str, schema, source, rules, data, private: bool = False, private_credential_nonce: str | None = None, private_subject_nonce: str | None = None)[source]
Create and validate a credential returning the fully populated Creder
- Parameters:
regname
recp (str)
schema
source
rules
data
private (bool) – apply nonce used for privacy preserving ACDC
private_credential_nonce (Optional[str]) – nonce used for privacy vc
private_subject_nonce (Optional[str]) – nonce used for subject
- Returns:
Creder class for the issued credential
- Return type:
Creder
- escrowDo(tymth, tock=1.0, **kwa)[source]
Process escrows of credentials waiting to be completed.
- Steps involve:
Sending local event with sig to other participants
Waiting for signature threshold to be met.
If elected and delegated identifier, send complete event to delegator
If delegated, wait for delegator’s anchor
If elected, send event to witnesses and collect receipts.
Otherwise, wait for fully receipted event
- Parameters:
tymth (function) – injected function wrapper closure returned by .tymen() of Tymist instance. Calling tymth() returns associated Tymist .tyme.
tock (float) – injected initial tock value. Default to 1.0 to slow down processing
- issue(creder, serder)[source]
Issue the credential creder and handle witness propagation and communication
- Parameters:
creder (Creder) – Credential object to issue
serder (Serder) – KEL or TEL anchoring event need to contribute digest of next rotating key
- class keri.vdr.credentialing.Regery(hby, name='test', base='', reger=None, temp=False, cues=None)[source]
ACDC Registry and Tevery manager handling registry construction and loading and TEL event escrow processing.
- __init__(hby, name='test', base='', reger=None, temp=False, cues=None)[source]
Initialize Regery instance and construct a list of registries found in the Reger database.
- Parameters:
hby (Habery) – instance of local controller’s context
name (str) – name for the local Habery, used in Reger database name
base (str) – optional base path for Reger database
reger (Reger) – optional Reger database instance, if None then a new Reger is created
temp (bool) – True means regery is temporary and not persistent
cues (Decking) – optional Decking instance for event processing cues
- property tevers
tevers property
Returns .reger.tevers
- class keri.vdr.credentialing.Registrar(hby, rgy, counselor)[source]
Registrar is a DoDoer that manages registry inception, issuance and revocation of credentials, escrow handling for witnessing TEL events, multisig TEL event processing, and TEL event dissemination to witnesses as a fire and forget mechanism. Also supports determining if a registry event is complete.
- Doers:
witDoer (WitnessReceiptor): Doer for receiving witness receipts witPub (WitnessPublisher): Doer for publishing witness events escrowDo (doified function): Doer for processing TEL event escrows
- complete(pre, sn=0)[source]
Determine if registry event (inception, issuance, revocation, etc.) is finished validation. A TEL event is complete when its underlying KEL event has been signed by all participants.
- Parameters:
pre (str) – qb64 identifier of registry event
sn (int) – integer sequence number of regsitry event
- Returns:
True means event has completed and is commited to database
- Return type:
bool
- escrowDo(tymth, tock=1.0, **kwa)[source]
- Process escrows of TEL events and their underlying KEL events waiting to be fully signed
and witnessed.
- Steps involve:
Sending local event with sig to other participants
Waiting for signature threshold to be met.
If elected and delegated identifier, send complete event to delegator
If delegated, wait for delegator’s anchor
If elected, send event to witnesses and collect receipts.
Otherwise, wait for fully receipted event
- Parameters:
tymth (function) – injected function wrapper closure returned by .tymen() of Tymist instance. Calling tymth() returns associated Tymist .tyme.
tock (float) – injected initial tock value. Default to 1.0 to slow down processing
- incept(iserder, anc)[source]
Create a registry with a registry inception event. Supports both single sig and multisig groups.
- Parameters:
iserder (SerderKERI) – Serder object of TEL iss event
anc (SerderKERI) – Serder object of anchoring event
- issue(creder, iserder, anc)[source]
Create and process the credential issuance TEL events on the given registry
- Parameters:
creder (SerderACDC) – credential to issue
iserder (SerderKERI) – Serder object of TEL iss event
anc (SerderKERI) – Serder object of anchoring event
- static multisigIxn(hab, rseal)[source]
Create and process an interaction event containing the given registry seal as its data.
- processDisseminationEscrow()[source]
Process escrow of group multisig events that have been completed and are ready to be disseminated to witnesses. This is a fire and forget mechanism where the WitnessPublisher handles sending events to the witnesses and collecting receipts.
- processEscrows()[source]
Process TEL event escrows for multisig TEL events and their underlying KEL events.
- processMultisigEscrow()[source]
Process escrow of group multisig events that do not have a full complement of receipts from witnesses yet. When receipting is complete, remove from escrow and cue up a message that the event is complete.
- processWitnessEscrow()[source]
Process escrow of group multisig events that do not have a full complement of receipts from witnesses yet. When receipting is complete, remove from escrow and cue up a message that the event is complete.
- revoke(creder, rserder, anc)[source]
Create and process the credential revocation TEL events on the given registry
- Parameters:
creder (Creder) – credential to issue
rserder (Serder) – Serder object of TEL rev event
anc (Serder) – Serder object of anchoring event
- Returns:
(vcid, rseq.sn) of the registry identifier and TEL event sequence number
- Return type:
(str, str)
- class keri.vdr.credentialing.Registry(hab, reger, tvy, psr, name='test', regk=None, cues=None)[source]
TEL Registry subclass supporting registry delayed instantiation and rotation and credential issuance and revocation.
- issue(said, dt=None)[source]
Create and process an iss or bis message event
- Parameters:
said (str) – qb64 SAID of credential to issue
dt (str) – iso8601 formatted date time string of issuance
- Returns:
The SerderKERI of the credential issuance event
- Return type:
SerderKERI
- make(*, nonce=None, noBackers=True, baks=None, toad=None, estOnly=False, vcp=None)[source]
Delayed initialization of Issuer.
Actual initialization of Issuer from properties or loaded from .reger. Should only be called after .hab is inited.
- Parameters:
nonce (str)
noBackers (boolean) – True to allow specification of TEL specific backers
baks (list[str]) – initial list of backer prefixes qb64 for VCs in the Registry
toad (str) – hex of witness threshold
estOnly (boolean) – True for forcing rotation events for every TEL event.
vcp (SerderKERI) – optional vcp event serder if configured outside the Registry
- revoke(said, dt=None)[source]
Perform revocation of credential
Create and process rev or brv message event
- Parameters:
said (str) – qb64 SAID of the credential to revoke
dt (str) – iso8601 formatted date time string of revocation
- Returns:
The SerderKERI of the credential revocation event
- Return type:
SerderKERI
- rotate(toad=None, cuts=None, adds=None)[source]
Rotate backer list for registry
- Parameters:
toad (int) – or str hex of backer threshold after cuts and adds
cuts (list[str]) – of qb64 pre of backers to be removed from witness list
adds (list[str]) – of qb64 pre of backers to be added to witness list
- Returns:
The SerderKERI of the registry rotation event
- Return type:
SerderKERI
- class keri.vdr.credentialing.SignifyRegistry(hab, reger, tvy, psr, name='test', regk=None, cues=None)[source]
Subclass supporting registry construction and rotation and credential issuance and revocation for Signify controllers.
- issue(said, dt=None)[source]
Create and process an iss or bis message event
- Parameters:
said (str) – qb64 SAID of credential to issue
dt (str) – iso8601 formatted date time string of issuance
- Returns:
The SerderKERI of the credential issuance event
- Return type:
SerderKERI
- make(*, regser)[source]
Delayed initialization of Issuer.
Actual initialization of Issuer from properties or loaded from .reger. Should only be called after .hab is initied.
- Parameters:
regser (SerderKERI) – Regsitry inception event
- revoke(said, dt=None)[source]
Create and process credential revocation event
Create and process rev or brv message event
- Parameters:
said (str) – qb64 SAID of the credential to revoke
dt (str) – iso8601 formatted date time string of revocation
- Returns:
The SerderKERI of the credential revocation event
- Return type:
SerderKERI
- keri.vdr.credentialing.sendArtifacts(hby, reger, postman, creder, recp)[source]
Stream credential artifacts to recipient using postman
- Parameters:
hby (Habery) – instance of local controller’s context
reger (Reger) – the credential database to pull the artifacts from
postman (StreamPoster) – poster to stream credential artifacts with
creder (Creder) – the credential to pull artifacts for and send
recp (str) – qb64 prefix of the recipient to send the artifacts to
- keri.vdr.credentialing.sendCredential(hby, hab, reger, postman, creder, recp)[source]
Stream credential artifacts to recipient using postman
- Parameters:
hby (Habery) – instance of local controller’s context
hab (Habitat) – the local controller sending the credential artifacts
reger (Reger) – the credential database to pull the artifacts from
postman (StreamPoster) – poster to stream credential artifacts with
creder (Creder) – the credential to pull artifacts for and send
recp (str) – qb64 prefix of the recipient to send the artifacts to
- keri.vdr.credentialing.sendRegistry(hby, reger, postman, creder, sender, recp)[source]
Stream registry artifacts to recipient using postman
- Parameters:
hby (Habery) – instance of local controller’s context
reger (Reger) – the registry database to pull the artifacts from
postman (StreamPoster) – poster to stream registry artifacts with
creder (Creder) – the registry to pull artifacts for and send
sender (str) – qb64 prefix of the sender of the registry artifacts
recp (str) – qb64 prefix of the recipient to send the artifacts to
keri.vdr.eventing
KERI keri.vdr.eventing module
VC TEL support
- class keri.vdr.eventing.Reger(headDirPath=None, reopen=True, **kwa)[source]
Reger sets up named sub databases for TEL registry
- see superclass LMDBer for inherited attributes
- .tvts is named sub DB whose values are serialized TEL events
dgKey DB is keyed by identifier prefix plus digest of serialized event Only one value per DB key is allowed
- .tels is named sub DB of transaction event log tables that map sequence
numbers to serialized event digests. snKey Values are digests used to lookup event in .tvts sub DB DB is keyed by identifier prefix plus sequence number of tel event Only one value per DB key is allowed
- .tibs is named sub DB implemented as CesrDupSuber with klas=Siger
for indexed backer signatures of event. Backers always have nontransferable identifier prefixes. The index is the offset of the backer into the backer list of the anchored management event wrt the receipted event. dgKey DB is keyed by identifier prefix plus digest of serialized event. Multiple values per key in lexicographic order.
- .oots is named subDB instance of OnIoDupSuber for of out of order escrowed event tables
that a composite key of the form <pre><sep><on> to serialized event digests. Values are digests used to lookup event in .tvts sub DB DB is keyed by identifier prefix plus sequence number of key event Only one value per DB key is allowed
- .baks is named subDB instance of IoDupSuber which represents an
ordered list of backers at given point in management TEL. dgKey DB is keyed by identifier prefix plus digest of serialized event More than one value per DB key is allowed
- .twes is named subDB instance of OnIoDupSuber for partially witnessed escrowed event tables
that map key composites of the form <pre><sep><on> to serialized event digests. Values are digests used to lookup event in .tvts sub DB DB is keyed by identifier prefix plus sequence number of tel event Only one value per DB key is allowed
- .taes is named subDB instance of OnIoDupSuber for anchorless escrowed event tables that map
a composite key of the form <pre><sep><on> to serialized event digest. Values are digests used to lookup event in .tvts sub DB DB is keyed by identifier prefix plus sequence number of tel event Only one value per DB key is allowed
- .ancs is a named sub DB of anchors to KEL events. Quadlet
Each quadruple is concatenation of four fully qualified items of validator. These are: transferable prefix, plus latest establishment event sequence number plus latest establishment event digest, plus indexed event signature. When latest establishment event is multisig then there will be multiple quadruples one per signing key, each a dup at same db key. dgKey DB is keyed by identifier prefix plus digest of serialized event Only one value per DB key is allowed
- .regs is named subDB instance of Komer that maps registry names to registry keys
key is habitat name str value is serialized RegistryRecord dataclass
- __init__(headDirPath=None, reopen=True, **kwa)[source]
Setup named sub databases.
- Inherited Parameters:
- name (str): directory path name differentiator for main database
When system employs more than one keri database, name allows differentiating each instance by name
- temp (boolean,): assign to .temp
True then open in temporary directory, clear on close Othewise then open persistent directory, do not clear on close
- headDirPath (Optional(str)): head directory pathname for main database
If not provided use default .HeadDirpath
mode (int): numeric os dir permissions for database directory reopen (boolean,): IF True then database will be reopened by this init
Notes:
dupsort=True for sub DB means allow unique (key,pair) duplicates at a key. Duplicate means that is more than one value at a key but not a redundant copies a (key,value) pair per key. In other words the pair (key,value) must be unique both key and value in combination. Attempting to put the same (key,value) pair a second time does not add another copy.
Duplicates are inserted in lexocographic order by value, insertion order.
- cloneCred(said)[source]
Load base credential and CESR proof signatures from database.
Base credential and all signatures are returned from the credential data store. If root is specified, all signatures are transposed to have that path as the root. This is used to embed the credential in another SAD at the location of the specified root.
- Parameters:
said (str or bytes) – qb64 SAID of credential
- cloneCreds(saids, db)[source]
Returns fully expanded credential with chained credentials attached.
- Parameters:
saids (list) – of Saider objects:
db (Baser) – baser object to load schema
- Returns:
fully hydrated credentials with full chains provided
- Return type:
list
- clonePreIter(pre, fn=0)[source]
Iterator of first seen event messages
Returns iterator of first seen event messages with attachments for the TEL prefix pre starting at fir`st seen order number, fn. Essentially a replay in first seen order with attachments
- Parameters:
pre (bytes) – qb64 identifier prefix of registry state TEL
fn (int) – first seen ordinal
- Returns:
bytearray per serializeed event msg
- Return type:
iterator
- logCred(creder, prefixer, number, diger)[source]
Save the base credential and seals (est evt+sigs quad) with no indices.
- reopen(**kwa)[source]
Open sub databases
- Parameters:
**kwa (dict) – keyword arguments passed to super.reopen
- sources(db, creder)[source]
Returns raw bytes of any source (‘e’) credential that is in our database
- Parameters:
db (LMDBer) – table to search
creder (Creder) – root credential
- Returns:
credential sources as resolved from e in creder.crd
- Return type:
list
- property tevers
Returns ._tevers tevers getter
- class keri.vdr.eventing.Tever(cues=None, rsr=None, serder=None, seqner=None, saider=None, bigers=None, db=None, reger=None, noBackers=None, estOnly=None, regk=None, local=False)[source]
Tever is KERI/ACDC transaction event log verifier class Only supports current version VERSION
Has the following public attributes and properties:
- Class Attributes:
- .NoRegistrarBackers is Boolean
True means do not allow backers (default to witnesses of controlling KEL) False means allow backers (ignore witnesses of controlling KEL)
- .db is reference to Baser instance that managers the LMDB database
- .reg is regerence to Registry instance that manages VC LMDB database
- .regk is fully qualified base64 identifier prefix of own Registry if any
- .local is Boolean
True means only process msgs for own events if .regk False means only process msgs for not own events if .regk
- .version is version of current event state
- .prefixer is prefixer instance fParemtersor current event state
- .sn is sequence number int
- .serder is Serder instance of current event with .serder.diger for digest
- .toad is int threshold of accountable duplicity
- .baks is list of qualified qb64 aids for backers
- .cuts is list of qualified qb64 aids for backers cut from prev wits list
- .adds is list of qualified qb64 aids for backers added to prev wits list
- .noBackers is boolean trait True means do not allow backers
- __init__(cues=None, rsr=None, serder=None, seqner=None, saider=None, bigers=None, db=None, reger=None, noBackers=None, estOnly=None, regk=None, local=False)[source]
Create incepting tever and state from registry inception serder
Create incepting tever and state from registry inception serder
- Parameters:
serder (Serder) – instance of registry inception event
rsr (RegStateRecord) – transaction state notice state message Serder
seqner (Seqner) – issuing event sequence number from controlling KEL.
saider (Saider) – issuing event said from controlling KEL.
bigers (list) – list of Siger instances of indexed backer signatures of event. Index is offset into baks list of latest est event
db (Baser) – instance of baser lmdb database
reger (Reger) – instance of VC lmdb database
noBackers (bool) – True means do not allow backer configuration
estOnly (bool) – True means do not allow interaction events
regk (str) – identifier prefix of own or local registry. May not be the prefix of this Tever’s event. Some restrictions if present
local (bool) – True means only process msgs for own controller’s events if .regk. False means only process msgs for not own events if .regk
- Returns:
instance representing credential Registry
- Return type:
- config(serder, noBackers=None, estOnly=None)[source]
Process cnfg field for configuration traits
Parse and validate the configuration options for registry inception from the c field of the provided inception event.
- Parameters:
serder (Serder) – credential registry inception event vcp
noBackers (bool) – override flag for specifying a registry with no additional backers beyond the controlling KEL’s witnesses
- escrowALEvent(serder, seqner, saider, bigers=None, baks=None)[source]
Update associated logs for escrow of anchorless event
- Parameters:
- Returns:
True if escrow is successful, False otherwith (eg. already escrowed)
- Return type:
bool
- escrowPWEvent(serder, seqner, saider, bigers=None)[source]
Update associated logs for escrow of partially witnessed event
- getBackerState(ked)[source]
Calculate and return the current list of backers for event dict
- Parameters:
ked (dict) – event dict
- Returns:
qb64 of current list of backers for state at ked
- Return type:
list
- incept(serder)[source]
Validate registry inception event and initialize local attributes
Parse and validate registry inception event for this Tever. Update all local attributes with initial values.
- Parameters:
serder (Serder) – registry inception event (vcp)
- issue(serder, seqner, saider, sn, bigers=None)[source]
Process VC TEL issuance events (iss, bis)
Validate and process credential issuance events. If valid, event is persisted in local datastore for TEL. Will escrow event if missing anchor or backer signatures
- Parameters:
serder (Serder) – instance of issuance or backer issuance event
seqner (Seqner) – issuing event sequence number from controlling KEL.
saider (Saider) – issuing event SAID from controlling KEL.
sn (int) – event sequence event
bigers (list) – of Siger instances of indexed witness signatures. Index is offset into wits list of associated witness nontrans pre from which public key may be derived.
- logEvent(pre, sn, serder, seqner, saider, bigers=None, baks=None)[source]
Update associated logs for verified event.
Update is idempotent. Logs will not write dup at key if already exists.
- Parameters:
pre (str) – is event prefix
sn (int) – is event sequence number
serder (Serder) – is Serder instance of current event
seqner (Seqner) – issuing event sequence number from controlling KEL.
saider (Saider) – issuing event SAID from controlling KEL.
bigers (list) – is optional list of Siger instance of indexed backer sigs
baks (list) – is optional list of qb64 non-trans identifiers of backers
- reload(rsr)[source]
Reload Tever attributes (aka its state) from state serder
Reload Tever attributes (aka its state) from state serder
- Parameters:
rsr (RegStateRecord) – instance of key stat notice ‘ksn’ message body
- revoke(serder, seqner, saider, sn, bigers=None)[source]
Process VC TEL revocation events (rev, brv)
Validate and process credential revocation events. If valid, event is persisted in local datastore for TEL. Will escrow event if missing anchor or backer signatures
- Parameters:
serder (Serder) – instance of issuance or backer issuance event
seqner (Seqner) – issuing event sequence number from controlling KEL.
saider (Saider) – issuing event digest from controlling KEL.
sn (int) – event sequence event
bigers (list) – of Siger instances of indexed witness signatures. Index is offset into wits list of associated witness nontrans pre from which public key may be derived.
- rotate(serder, sn)[source]
Process registry management TEL, non-inception events (vrt)
- Parameters:
serder (Serder) – registry rotation event
sn (int) – sequence number of event
- Returns:
calculated backer threshold list: new list of backers after applying cuts and adds to previous list list: list of backer adds processed from event list: list of backer cuts processed from event
- Return type:
int
- state()[source]
Returns RegStateRecord of state notice of given Registry Event Log (REL)
- Returns:
(RegStateRecord): instance for this Tever
- Return type:
rsr
- update(serder, seqner=None, saider=None, bigers=None)[source]
Process registry non-inception events.
Process non-inception registry and credential events and update local Tever state for registry or credential
- Parameters:
serder (Serder) – instance of issuance or backer issuance event
seqner (Seqner) – issuing event sequence number from controlling KEL.
saider (Saider) – issuing event SAID from controlling KEL.
bigers (list) – of Siger instances of indexed witness signatures. Index is offset into wits list of associated witness nontrans pre from which public key may be derived.
- valAnchorBigs(serder, seqner, saider, bigers, toad, baks)[source]
Validate anchor and backer signatures (bigers) when provided.
Validates sigers signatures by validating indexes, verifying signatures, and validating threshold sith.
Validate backer receipts by validating indexes, verifying backer signatures and validating toad.
Backer validation is a function of .regk and .local
- Parameters:
serder (Serder) – instance of event
seqner (Seqner) – issuing event sequence number from controlling KEL.
saider (Saider) – issuing event said from controlling KEL.
bigers (list) – Index is offset into wits list of associated witness nontrans pre from which public key may be derived.
toad (int) – str hex of witness threshold
baks (list) – qb64 non-transferable prefixes of backers used to derive werfers for bigers
- Returns:
unique validated signature verified members of inputed bigers
- Return type:
list
- vcSn(vci)[source]
Calculates the current seq no of VC from db.
Returns None if never issued from this Registry
- Parameters:
vci (str) – qb64 VC identifier
- Returns:
current TEL sequence number of credential or None if not found
- Return type:
int
- vcState(vci)[source]
Calculate state (issued/revoked) of VC from db.
Returns None if never issued from this Registry
- Parameters:
vci (str) – qb64 VC identifier
- Returns:
transaction event state notification message
- Return type:
status (Serder)
- class keri.vdr.eventing.Tevery(Transaction Event Message Processing Facility)[source]
Tevery processes an incoming message stream composed of KERI key event related messages and attachments. Tevery acts as a Tever (transaction event verifier) factory for managing transaction state of KERI credential registries and associated credentials.
- local
True means only process msgs for own events if .regk False means only process msgs for not own events if .regk
- Type:
bool
- cues
notices generated from processing events
- Type:
Deck
- __init__(reger=None, db=None, local=False, lax=False, cues=None, rvy=None)[source]
Initialize instance:
- escrowOOEvent(serder, seqner, saider)[source]
Escrow out-of-order TEL events.
Saves the serialized event, anchor and event digest in escrow for any event that is received out of order.
- Examples include registry rotation events, credential issuance event
received before the registry inception event or a credential revocation event received before the issuance event.
- property kevers
Returns .db.kevers read through cache of key event logs
- processEscrowAnchorless()[source]
Process escrow of TEL events received before the anchoring KEL event.
- Process anchorless events in the following way:
loop over event digests saved in taes
deserialize event out of tvts
load backer signatures out of tibs
read anchor information out of ancs
perform process event
Remove event digest from oots if processed successfully or a non-anchorless event occurs.
- processEscrowOutOfOrders()[source]
Loop through out of order escrow:
- Process out of order events in the following way:
loop over event digests saved in oots
deserialize event out of tvts
read anchor information out of .ancs
perform process event
Remove event digest from oots if processed successfully or a non-out-of-order event occurs.
- processEvent(serder, seqner=None, saider=None, wigers=None, **kwa)[source]
Process one event serder with attached indexed signatures sigers
Validates event against current state of registry or credential, creating registry on inception events and processing change in state to credential or registry for other events
- processQuery(serder, source=None, sigers=None, cigars=None, **kwa)[source]
Process TEL query event message (qry)
Process query mode replay message for collective or single element query. Will cue response message with kin of “replay”. Assume promiscuous mode for now.
- Parameters:
serder (Serder) – is query message serder
source (qb64) – identifier prefix of querier
sigers (list) – Siger instances of attached controller indexed sigs
cigars (list) – Siger instances of non-transferable signatures
ToDo: Need to verify sigers or cigars on query
- processReplyCredentialTxnState(*, serder, diger, route, cigars=None, tsgs=None, **kwargs)[source]
Process one reply message for key state = /tsn/registry
Process one reply message for key state = /tsn/registry with either attached nontrans receipt couples in cigars or attached trans indexed sig groups in tsgs. Assumes already validated saider, dater, and route from serder.ked
- Parameters:
serder (Serder) – instance of reply msg (SAD)
saider (Diger) – instance from said in serder (SAD)
route (str) – reply route
cigars (list) – of Cigar instances that contain nontrans signing couple signature in .raw and public key in .verfer
tsgs (list) – tuples (quadruples) of form (prefixer, seqner, diger, [sigers]) where: prefixer is pre of trans endorser seqner is sequence number of trans endorser’s est evt for keys for sigs diger is digest of trans endorser’s est evt for keys for sigs [sigers] is list of indexed sigs from trans endorser’s keys from est evt
Reply Message:
{ "v" : "KERI10JSON00011c_", "t" : "rpy", "d": "EZ-i0d8JZAoTNZH3ULaU6JR2nmwyvYAfSVPzhzS6b5CM", "dt": "2020-08-22T17:50:12.988921+00:00", "r" : "/tsn/EgHOJJ9mgNosU2hgt7bsM8AViwgz--ey3ZXWgfIcxdpI", "a" : { "v": "KERI10JSON00012d_", "i": "EDGhJ8V1tuwH55Bk0fBFe9L0za2BUNOt2FX4GUeOLNHQ", "s": "0", "d": "ENNTabgWbaNqOKLqEZdQCjxbafwwSoXNzAsE1Enq-kdk", "ri": "EoN_Ln_JpgqsIys-jDOH8oWdxgWqs7hzkDGeLWHb9vSY", "a": { "s": 3, "d": "Ex7i6wv4YzDRTO9_iHkTQSXrvLYldSd_UEjNfqia3Pqc" }, "dt": "2021-01-01T00:00:00.000000+00:00", "et": "bis" } }
- processReplyRegistryTxnState(*, serder, diger, route, cigars=None, tsgs=None, **kwargs)[source]
Process one reply message for key state = /tsn/registry
Process one reply message for key state = /tsn/registry with either attached nontrans receipt couples in cigars or attached trans indexed sig groups in tsgs. Assumes already validated saider, dater, and route from serder.ked
- Parameters:
serder (Serder) – instance of reply msg (SAD)
saider (Diger) – instance from said in serder (SAD)
route (str) – reply route
cigars (list) – of Cigar instances that contain nontrans signing couple signature in .raw and public key in .verfer
tsgs (list) – tuples (quadruples) of form (prefixer, seqner, diger, [sigers]) where: prefixer is pre of trans endorser seqner is sequence number of trans endorser’s est evt for keys for sigs diger is digest of trans endorser’s est evt for keys for sigs [sigers] is list of indexed sigs from trans endorser’s keys from est evt
Reply Message:
{ "v" : "KERI10JSON00011c_", "t" : "rpy", "d": "EZ-i0d8JZAoTNZH3ULaU6JR2nmwyvYAfSVPzhzS6b5CM", "dt": "2020-08-22T17:50:12.988921+00:00", "r" : "/tsn/EgHOJJ9mgNosU2hgt7bsM8AViwgz--ey3ZXWgfIcxdpI", "a" : { "v": "KERI10JSON0001b0_", "i": "EoN_Ln_JpgqsIys-jDOH8oWdxgWqs7hzkDGeLWHb9vSY", "s": "1", "d": "EpltHxeKueSR1a7e0_oSAhgO6U7VDnX7x4KqNCwBqbI0", "ii": "EaKJ0FoLxO1TYmyuprguKO7kJ7Hbn0m0Wuk5aMtSrMtY", "dt": "2021-01-01T00:00:00.000000+00:00", "et": "vrt", "a": { "s": 2, "d": "Ef12IRHtb_gVo5ClaHHNV90b43adA0f8vRs3jeU-AstY" }, "bt": "1", "br": [], "ba": [ "BwFbQvUaS4EirvZVPUav7R_KDHB8AKmSfXNpWnZU_YEU" ], "b": [ "BwFbQvUaS4EirvZVPUav7R_KDHB8AKmSfXNpWnZU_YEU" ], "c": [] } }
- registerReplyRoutes(router)[source]
Register the routes for processing messages embedded in rpy event messages
- Parameters:
router (Router) – reply message router
- property registries
Returns .reger.registries
- static registryKey(serder)[source]
Utility method to extract registry key from any type of TEL serder
- Parameters:
serder (Serder) – event messate
- Returns:
qb64 registry identifier
- Return type:
str
- property tevers
Returns .reger.tevers read through cache of credential registries
- keri.vdr.eventing.backerIssue(vcdig, regk, regsn, regd, version=(1, 0), kind='JSON', dt=None)[source]
Returns serder of backer issuance (bis) message event
Returns serder of bis message event Utility function to create a VC issuance event
- Parameters:
vcdig (str) – qb64 SAID of credential
regk (str) – qb64 AID of credential registry
regsn (int) – sequence number of anchoring registry TEL event
regd (str) – digest qb64 of anchoring registry TEL event
version (Versionage) – the API version
kind (str) – the event type
dt (str) – ISO 8601 formatted date string of issuance date
- Returns:
event message Serder
- Return type:
Serder
- keri.vdr.eventing.backerRevoke(vcdig, regk, regsn, regd, dig, version=(1, 0), kind='JSON', dt=None)[source]
Returns serder of backer credential revocation (brv) message event
Returns serder of brv message event Utility function to create a VC revocation event
- Parameters:
vcdig (str) – qb64 SAID of credential
regk (str) – qb64 AID of credential registry
regsn (int) – sequence number of anchoring registry TEL event
regd (str) – digest qb64 of anchoring registry TEL event
dig (str)
version (Versionage) – the API version
kind (str) – the event type
dt (str) – ISO 8601 formatted date string of issuance date
- Returns:
event message Serder
- Return type:
Serder
- keri.vdr.eventing.buildProof(prefixer, seqner, diger, sigers)[source]
Create CESR proof attachment from the quadlet of seal plus signatures on the credential
- keri.vdr.eventing.incept(pre, toad=None, baks=None, nonce=None, cnfg=None, version=(1, 0), kind='JSON', code='E')[source]
Returns serder of credential registry inception (vcp) message event
Returns serder of vcp message event Utility function to create a Registry inception event
- Parameters:
pre (str) – issuer identifier prefix qb64
toad (Union(int,str)) – int or str hex of backer threshold
baks (list) – the initial list of backers prefixes for VCs in the Registry
nonce (str) – qb64 encoded ed25519 random seed of credential registry
cnfg (list) – is list of strings TraitDex of configuration traits
version (Versionage) – the API version
kind (str) – the event type
code (str) – default code for Prefixer
- Returns:
Event message Serder
- Return type:
Serder
- keri.vdr.eventing.issue(vcdig, regk, version=(1, 0), kind='JSON', dt=None)[source]
Returns serder of issuance (iss) message event
Returns serder of iss message event Utility function to create a VC issuance event
- Parameters:
vcdig (str) – qb64 SAID of credential
regk (str) – qb64 AID of credential registry
version (Versionage) – the API version
kind (str) – the event type
dt (str) – ISO 8601 formatted date string of issuance date
- Returns:
event message Serder
- Return type:
Serder
- keri.vdr.eventing.messagize(creder, proof)[source]
Create a CESR message format with proof attachment for credential
- Parameters
creder (Creder): instance of credential proof (str): CESR proof attachment
- Returns:
serialized credential with attached proof
- Return type:
bytearray
- keri.vdr.eventing.openReger(name='test', **kwa)[source]
Returns contextmanager generated by openLMDB but with Baser instance
- Parameters:
name (str) – registry database name
**kwa (dict)
- keri.vdr.eventing.query(regk, vcid, route='', replyRoute='', dt=None, dta=None, dtb=None, stamp=None, version=(1, 0), kind='JSON')[source]
Returns serder of credentialquery (qry) event message.
Returns serder of query event message. Utility function to automate creation of interaction events.
- Parameters:
regk (str) – qb64 AID of credential registry
vcid (str) – qb64 SAID of credential
route (str) – namesapaced path, ‘/’ delimited, that indicates data flow handler (behavior) to processs the query
replyRoute (str) – namesapaced path, ‘/’ delimited, that indicates data flow handler (behavior) to processs reply message to query if any.
dt (str) – ISO 8601 formatted datetime query
dta (str) – ISO 8601 formatted datetime after query
dtb (str) – ISO 8601 formatted datetime before query
stamp (str) – ISO 8601 formatted current datetime of query message
version (Versionage) – the API version
kind (str) – the event type
- Returns:
query event message Serder
- Return type:
Serder
- class keri.vdr.eventing.rbdict(*pa, **kwa)[source]
Reger backed read through cache for registry state
Subclass of dict that has db and reger as attributes and employs read through cache from db Reger.stts of registry states to reload tever from state in database when not found in memory as dict item.
- keri.vdr.eventing.revoke(vcdig, regk, dig, version=(1, 0), kind='JSON', dt=None)[source]
Returns serder of backerless credential revocation (rev) message event
Returns serder of rev message event Utility function to create a VC revocation vent
- Parameters:
vcdig (str) – qb64 SAID of credential
regk (str) – qb64 AID of credential registry
dig (str) – digest of previous event qb64
version (Versionage) – the API version
kind (str) – the event type
dt (str) – ISO 8601 formatted date string of revocation date
- Returns:
event message Serder
- Return type:
Serder
- keri.vdr.eventing.rotate(regk, dig, sn=1, toad=None, baks=None, cuts=None, adds=None, version=(1, 0), kind='JSON')[source]
Returns serder of registry rotation (brt) message event
Returns serder of vrt message event Utility function to create a Registry rotation event
- Parameters:
regk (str) – identifier prefix qb64
dig (str) – qb64 digest or prior event
sn (int) – sequence number
toad (int) – int or str hex of witness threshold
baks (list) – prior backers prefixes qb64
cuts (list) – witness prefixes to cut qb64
adds (list) – witness prefixes to add qb64
version (Versionage) – the API version
kind (str) – the event type
- Returns:
event message Serder
- Return type:
Serder
- keri.vdr.eventing.state(pre, said, sn, ri, eilk, dts=None, toad=None, wits=None, cnfg=None, version=(1, 0))[source]
- Utility function to create a RegStateRecord of state notice of a given
Registry Event Log (REL)
- Returns:
rsr: (RegStateRecord): instance
- Parameters:
pre (str) – identifier prefix qb64
sn (int) – int sequence number of latest event
said (str) – digest of latest event
ri (str) – qb64 AID of credential registry
eilk (str) – message type (ilk) oflatest event
a (dict) – key event anchored seal data
dts (str)
toad (int) – int of witness threshold
wits (list) – list of witness prefixes qb64
cnfg (list) – list of strings TraitDex of configuration traits
version (str) – Version instance
kind (str) – serialization kind
- Returns:
Event message Serder
- Return type:
Serder
Key State Dict:
{ "v": "KERI10JSON00011c_", "i": "EaU6JR2nmwyZ-i0d8JZAoTNZH3ULvYAfSVPzhzS6b5CM", "s": "2":, "p": "EYAfSVPzhzZ-i0d8JZS6b5CMAoTNZH3ULvaU6JR2nmwy", "d": "EAoTNZH3ULvaU6JR2nmwyYAfSVPzhzZ-i0d8JZS6b5CM", "ri": "EYAfSVPzhzZ-i0d8JZS6b5CMAoTNZH3ULvaU6JR2nmwy", "dt": "2020-08-22T20:35:06.687702+00:00", "et": "vrt", "a": {i=12, d="EYAfSVPzhzS6b5CMaU6JR2nmwyZ-i0d8JZAoTNZH3ULv"}, "k": ["DaU6JR2nmwyZ-i0d8JZAoTNZH3ULvYAfSVPzhzS6b5CM"], "n": "EZ-i0d8JZAoTNZH3ULvaU6JR2nmwyYAfSVPzhzS6b5CM", "bt": "1", "b": ["DnmwyYAfSVPzhzS6b5CMZ-i0d8JZAoTNZH3ULvaU6JR2"], "di": "EYAfSVPzhzS6b5CMaU6JR2nmwyZ-i0d8JZAoTNZH3ULv", "c": ["EO"], }
- keri.vdr.eventing.vcstate(vcpre, said, sn, ri, eilk, a, ra=None, dts=None, version=(1, 0), kind='JSON')[source]
Returns the credential transaction state notification
Returns serder of credential transaction state notification message. Utility function to automate creation of tsn events.
- Parameters:
vcpre (str) – is qb64 SAID of the credential
said (str) – is qb64 digest of latest event
sn (int) – sequence number of latest event
ri (str) – registry identifier
ra (dict) – optional registry seal for registries with backers
eilk (str) – is message type (ilk) of latest event
a (dict) – is seal for anchor in KEL
dts (str) – iso8601 formatted date string of state
version (Version) – is KERI version instance
kind (str) – is serialization kind
Credential Transaction State Dict:
{ "v": "KERI10JSON00012d_", "i": "EDGhJ8V1tuwH55Bk0fBFe9L0za2BUNOt2FX4GUeOLNHQ", "s": "0", "d": "ENNTabgWbaNqOKLqEZdQCjxbafwwSoXNzAsE1Enq-kdk", "ri": "EoN_Ln_JpgqsIys-jDOH8oWdxgWqs7hzkDGeLWHb9vSY", "a": { "s": 3, "d": "Ex7i6wv4YzDRTO9_iHkTQSXrvLYldSd_UEjNfqia3Pqc" }, "dt": "2021-01-01T00:00:00.000000+00:00", "et": "bis" }
keri.vdr.verifying
KERI keri.vdr.verifying module
VC verifier support
- class keri.vdr.verifying.Verifier(hby, reger=None, creds=None, cues=None, expiry=36000000000)[source]
Verifier class accepts and validates TEL events.
- __init__(hby, reger=None, creds=None, cues=None, expiry=36000000000)[source]
Initialize Verifier instance
- processCredential(creder, prefixer, seqner, saider, **kwa)[source]
Credential data and signature(s) verification
Verify the data of the credential against the schema, the SAID of the credential and the CESR Proof on the credential and if valid, store the credential
- processMessages(creds=None)[source]
Process message dicts in msgs or if msgs is None in .msgs
- Parameters:
creds (decking.Deck) – each entry is dict that matches call signature of .processCredential
- query(pre, regk, vcid, *, dt=None, dta=None, dtb=None, **kwa)[source]
Returns query message for querying registry
- saveCredential(creder, prefixer, seqner, saider)[source]
Write the credential and associated indicies to the database
- setup()[source]
Delayed initialization of instance by createing .tvy and .psr.
Should not be called until .hab is initialized
- property tevers
Returns .db.tevers
keri.vdr.viring
keri.db.vdring module
Utility and support constants, functions, and classes
VIR Verifiable Issuance(Revocation) Registry VDR Verifiable Data Registry
- class keri.vdr.vdring.RegStateRecord(vn: list[int] = <factory>, i: str = '', s: str = '0', d: str = '', ii: str = '', dt: str = '', et: str = '', bt: str = '0', b: list = <factory>, c: list[str] = <factory>)[source]
Registry Event Log (REL) State information
(see reger.state at ‘stts’ for database that holds these records keyed by Registry SAID, i field)
- vn
version number [major, minor]
- Type:
list[int]
- i
registry SAID qb64 (registry inception event SAID)
- Type:
str
- s
sequence number of latest event in KEL as hex str
- Type:
str
- d
latest registry event digest qb64
- Type:
str
- ii
registry issuer identifier aid qb64
- Type:
str
- dt
datetime iso-8601 of registry state record update, usually now
- Type:
str
- et
event packet type (ilk)
- Type:
str
- bt
backer threshold hex num
- Type:
str
- b
backer aids qb64
- Type:
list[str]
- c
config traits
- Type:
list[str]
Note: the seal anchor dict ‘a’ field is not included in the state notice because it may be verbose and would impede the main purpose of a notice which is to trigger the download of the latest events, which would include the anchored seals.
- rsr = RegStateRecord(
vn=list(version), # version number as list [major, minor] i=ri, # qb64 registry SAID s=”{:x}”.format(sn), # lowercase hex string no leading zeros d=said, ii=pre, dt=dts, et=eilk, bt=”{:x}”.format(toad), # hex string no leading zeros lowercase b=wits, # list of qb64 may be empty c=cnfg if cnfg is not None else [], )