Skip to main content

Verify a Credential or a Presentation

Whether a presentation involves selective disclosure or a whole credential is not technically relevant to Verifiers. This is because in KILT a presentation is a credential. This means that the logic for Verifiers does not change depending on the case, thus verifying a presentation is as easy as calling one SDK function, like the following code snippet:

import * as Kilt from '@kiltprotocol/sdk-js'

export async function verifyPresentation(
presentation: Kilt.ICredentialPresentation,
trustedAttesterUris = []
}: {
challenge?: string
trustedAttesterUris?: Kilt.DidUri[]
} = {}
): Promise<void> {
// Verify the presentation with the provided challenge.
const { revoked, attester } = await Kilt.Credential.verifyPresentation(
{ challenge }

if (revoked) {
throw new Error("Credential has been revoked and hence it's not valid.")
if (!trustedAttesterUris.includes(attester)) {
throw `Credential was issued by ${attester} which is not in the provided list of trusted attesters: ${trustedAttesterUris}.`
Check if the presenter is the credential subject

Verifying a presentation provides proof that all the information is correct and authentic, and that the credential has not been revoked. Verifiers still need to match the subject of the credential to the entity that is presenting it. One way of achieving this is by asking the Claimer to include a challenge in the presentation signature, as shown in the snippet above. Without a challenge, Verifiers must implement other measures to be certain about the identity of the presenter.

Evaluation of the attester's trust is up to the Verifiers

Verifiers must also have a registry of attesters they trust, and verify that the issuer of the credential they are verifying belongs to such list and, where necessary, whether it is still in operation or not, i.e., whether its DID still exists or has been deleted.