1 of 4

Quick Start

The zkPass Software Development Kit (SDK) consists of the following components:

Client Libraries At the heart of the zkPass SDK is the client library calledzkpass-client. There are three versions of the client library for supporting different language/platform configurations, but basically, they all work the same way. These libraries are essential for participants in the zkPass ecosystem. They simplify and streamline various processes, including the digital signing and verification of data, the generation of proofs, and the validation of these proofs. By using these libraries, developers can efficiently integrate zkPass functionalities into their applications, ensuring secure and reliable data handling.
Developer Tool The SDK includes a convenient Command-Line Interface (CLI) tool known as 'zkpass-query-tool'. This tool is specifically designed to assist developers in learning how to craft zkPass queries effectively. It's an invaluable resource for testing and refining query scripts, making the learning curve smoother for those new to writing zkPass queries.
Sample Demo Applications To further aid in understanding and implementation, the zkPass SDK provides a range of sample demo applications. These applications serve as practical examples, showcasing the coding practices and steps involved in integrating apps with the zkPass Service. They are invaluable for developers looking to get a hands-on feel of how zkPass works in real-world scenarios.
Documentation The Developer’s Guide (this book) is an integral component of the SDK. It serves as a comprehensive source of information, covering everything from basic setup to advanced functionalities of zkPass. This guide is the go-to reference for developers seeking to deepen their understanding of the zkPass system and leverage its capabilities effectively.

Each of these components plays a critical role in making the zkPass SDK a robust and versatile toolkit for developers looking to harness the power of Zero-Knowledge Proofs in their applications.

Supported Platforms

The zkPass Software Development Kit (SDK) library, called the zkpass-client, is available in three bindings based on the language/platform/OS configuration. These bindings facilitate the integration of zkPass services by providing a client-side library tailored to streamline the implementation process.

Typescript/Node.js/Linux Suitable for server-side applications running on Node.js. The library is called zkpass-client-ts NPM package.
Typescript/React Native/Android Ideal for client-side applications, specifically in React Native mobile app development. The library is called zkpass-client-react-native.
Rust/Linux Provides a robust option for system-level and high-performance applications. The library is called zkpass-client crate.

All library versions are designed with parallel functionality, ensuring a consistent development experience. They empower developers to efficiently harness the capabilities of zkPass within their applications. Regardless of the language/platform binding, all zkpass-client libs behave the same way in terms of how they interact in the zkPass workflow, as depicted in the diagram.

TypeScript/Next.js/Linux

Quick start tutorial for the TypeScript/Next.js binding of the zkPass SDK

To install the zkpass-client-ts lib separately, please refer to this section

System Requirements

Ubuntu version 20 or higher, WSL (Windows Subsystem for Linux) is also supported.
or later.

Make sure the VPN is off

Installing WSL for Windows users

This command will enable the necessary features to run WSL and install the Ubuntu distribution of Linux.

If your underlying system, like Ubuntu, is already Linux-based, you can skip this step.

If your Windows version is below Windows 10 2004, please refer to instead.

Open PowerShell or Windows Command Prompt in administrator mode by right-clicking and selecting "Run as administrator"
Run the command below

Restart your machine
Once you have installed WSL, you will need to create a user account and password for your newly installed Linux distribution.

The above command only works if WSL is not installed at all, if you run wsl --install and see the WSL help text, please try running wsl --list --online to see a list of available distros and run wsl --install -d <DistroName> to install a distro. To uninstall WSL, see or .

If you have installed WSL before, you can login using the command wsl

Installing Node.js 18.17.0 via NVM

Installing NVM

nvm allows you to quickly install and use different versions of node via the command line.

Run the command below

Restart your terminal session

Installing Node 18.17.0 and NPM via NVM

To check whether Node has been installed properly, run the commands below:

Installing Git

To check whether Node has been installed properly, run the commands below:

Running "Employee Onboarding" Demo Application

The demo application is an implementation of the "Employee Onboarding" use case. In this scenario, MyNamaste is the application representing the Data Holder or User client.

Overview

Cloning Demo

To try our zkPass demo, you can follow these steps

Clone demo repository

Go to zkPass demo typescript directory (Let's assume this is our root directory for steps below)

Running Issuer-Verifier

The Issuer-Verifier runs only as a server and doesn't have any user interface.

From zkpass-sdk/typescript/node-js directory go to issuer-verifier directory

Install packages in issuer-verifier directory

Run issuer-verifier

Running "MyNamaste" Application

From zkpass-sdk/typescript/node-js directory go to client directory

Install packages

Run "MyNamaste" Application

Testing the Demo (Single User Data)

Ensure that "MyNamaste" application & Issuer-Verifier are running.

In this demo, "MyNamaste" will request Data Verification Request (DVR) and User Data from Issuer-Verifier based on logged-in user. After the user verifies DVR and User Data, "MyNamaste" sends a request zkPass service to generate the proof. "MyNamaste" will then send the generated proof to Issuer-Verifier to verify.

Click button Start Employee Onboarding (Single User Data). "MyNamaste" will fetch user data and Data Verification Request (DVR) from issuer-verifier. You can also use the multiple user data and available scenarios

Check the DVR data displayed on the page, click button Confirm and continue

Check the User data displayed on the page, after that click Confirm and generate proof to start generating the proof. "MyNamaste" will sending request to zkPass service to generate proof

"MyNamaste" encrypt User data and DVR data before sending a request to generate proof to zkPass service.
After "MyNamaste" receives the proof from the zkPass service, "MyNamaste" will send the proof to the Issuer-Verifier for verification.
If everything is working fine, John should get The blood test succeeded onboarding requirements. You can click the Back to Home button to go to step 3.

If we want to simulate a failed onboarding case, we can use another user (e.g., Jane) in our demo.
1. In the top right corner, click LOGOUT: JOHN
2. Login using username : Jane and password : Jane
Repeat the process from number 3 to 5.
If everything is working fine, Jane should get The blood test failed onboarding requirements. You can click the Back to Home button to go to step 3.

Testing the Demo (Multiple User Data)

Click button Start Employee Onboarding (Multiple User Data). "MyNamaste" will fetch user data and Data Verification Request (DVR) from issuer-verifier.

Check the DVR data displayed on the page, click button Confirm and continue

Check the User data displayed on the page, you can view both user data (we prepared 2 user data: blood test and KYC data). After that click Confirm and generate proof to start generating the proof. "MyNamaste" will sending request to zkPass service to generate proof

"MyNamaste" encrypt User data and DVR data before sending a request to generate proof to zkPass service.
After "MyNamaste" receives the proof from the zkPass service, "MyNamaste" will send the proof to the Issuer-Verifier for verification.
If everything is working fine, John should get The blood test and kyc succeeded onboarding requirements.You can click the Back to Home button to go to step 3.

Onboarding Scenarios

Here are the onboarding scenarios:

Pass means the generate proof is succesful and verified
Not Pass means the proof is invalid or not verified because the person not met some criteria.

[Optional] Modifying the Demo

These steps are optional. You can proceed with them if you want to modify zkPass demo

Add new User

You can add new user in issuer-verifier/public/verifier/users.json, for example you can add maya

After creating a new user named Maya, you need to add Maya's blood test. Add them in issuer-verifier/public/issuer/blood-tests.json

Modify DVR query

We can also modify DVR query in issuer-verifier/src/app/verifier/dvrs/route.ts method _generateBloodTestQuery depends on which case we want to achieve.

Running Tests

Unit Test

Each of the client and issuer-verifier folders contains its own set of unit tests. The expected outcome is that all tests will pass successfully, achieving 100% code coverage across all components. This means that every function, line of code, and condition should be fully tested and verified.

Client Unit Test

Go to client folder
Install packages
Run the test

Issuer Verifier Unit Test

Go to issuer-verifier folder
Install packages
Run the test

End to End Test

Go to e2e-test directory on client folder
Install packages
Run the test

When running the test, Playwright will automatically run the UI (client) and Issuer Verifier (issuer-verifier) applications. Note that for each test case below, Playwright will test on Chrome, Firefox, and Microsoft Edge.

Authentication
1. Login with valid credentials
2. Login with invalid credentials
3. Logout
Login as John
1. Testing Single User Data
2. Testing Multiple User Data
Login as Jane
1. Testing Single User Data
2. Testing Multiple User Data

Code Snippets

TypeScript/Node.js/Linux

Quick start tutorial for the TypeScript/Node.js binding of the zkPass SDK

To install the zkpass-client-ts lib separately, please refer to this section

System Requirements

Ubuntu version 20 or higher, WSL (Windows Subsystem for Linux) is also supported.
or later.

Make sure the VPN is off

Installing WSL for Windows users

This command will enable the necessary features to run WSL and install the Ubuntu distribution of Linux.

If your underlying system, like Ubuntu, is already Linux-based, you can skip this step.

If your Windows version is below Windows 10 2004, please refer to instead.

Open PowerShell or Windows Command Prompt in administrator mode by right-clicking and selecting "Run as administrator"
Run the command below

Restart your machine
Once you have installed WSL, you will need to create a user account and password for your newly installed Linux distribution.

If you have installed WSL before, you can login using the command wsl

Installing Node.js 18.17.0 via NVM

Installing NVM

nvm allows you to quickly install and use different versions of node via the command line.

Run the command below

Restart your terminal session

Installing Node 18.17.0 and NPM via NVM

To check whether Node has been installed properly, run the commands below:

Installing Git

To check whether Node has been installed properly, run the commands below:

Installing the SDK

If you wish to explore our demo application, feel free to skip this installation step, as it has already been completed in the demo application.

If you want to use our zkpass-client-ts library on your own project / outside the demo application, you can follow this step

Set the npm registry configuration to gdp-labs registry.

Install the zkpass-client library for typescript

For NextJS projects with App Routing, several configurations have to be made in next.config.js file:

Running CLI Demo

Cloning Demo

To try our Typescript CLI demo, you can follow these steps

Clone demo repository

Go to Typescript CLI demo directory (Let's assume this is our root directory for steps below)

Running Demo

Install packages

Run Dewi demo

It will run the demo using predefined user data and DVR for Dewi. The expected query result is "false".

Expected result :

Run Ramana demo

It will run the demo using predefined user data and DVR for Ramana. The expected query result is "true".

Expected result :

Run Jane demo

It will run the demo using predefined user data and DVR for Jane. The expected query result is "true".

Expected result :

Run demo with custom data

You can run the demo using custom data. Examples for user data and DVR can be found in typescript/node-js/cli/test-data.

Example running demo using custom data :

Expected result :

Run demo with multiple user data

You can also run the demo using multiple user data. Examples for multiple user data and DVR can be found in typescript/node-js/cli/test-data/multiple.

Example running demo using multiple data:

Running Tests

Integration Test

The integration test will run all available demo in package.json script using CLI.

Go to Typescript CLI demo directory
Install packages
Run the tests

The test will run all demo tests one by one and expect every test result is passed. List of Tests:

demo.test.ts
demo-basic.test.ts
demo-basic-false.test.ts
demo-dewi.test.ts
demo-ramana.test.ts
demo-jane.test.ts
demo-multi.test.ts

Code Snippets

This section describes how we use the zkPass SDK in our demo code

Generate Proof

This code snippet generates a zkPass proof. It requires 3 parameters:

zkPassServiceURL : you can use https://playground-zkpass.ssi.id/proof , or use your own endpoint if you deploy zkPass on your own server.

Verify Proof

This code snippet verifies a zkPass proof token. It requires 2 parameters:

Generate User Data Token

This code snippet generate user data token. It requires 3 parameters:

PRIVATE_KEY : a private key used to sign user data.
userData : user data in JSON format.
PUBLIC_KEY_JWKS : a public key JWKS used by zkPass to verify that user data token is not tampered during transport.

Generate DVR Token

This code snippet generate DVR token. It has 2 steps, generate DVR and sign DVR.

Generate DVR requires 7 parameters:

zkvm : Your choice of zkvm (currently available zkvm = r0)
dvr_title : title of your DVR.
dvr_id : ID of your DVR. When the verifier issues a DVR, they will save it. When the verifier verifies the zkPassProofToken, they will check whether the zkPassProofToken was generated using the DVR issued by them.
query_engine_ver : query engine version of the SDK you currently use.
query_method_ver : query method version of the SDK you currently use.
user_data_url : this parameter is not used by zkPass when generating proof. However, it can be utilized by the holder in scenarios where they obtain the DVR but do not have user data yet. The holder can retrieve user data from this URL.
user_data_verifying_key : a public key JWKS used by zkPass to verify that user data token is not tampered during transport.
dvr_verifying_key : a public key JWKS used by zkPass to verify that data verification request is not tampered during transport.

Sign DVR requires 2 parameters:

PRIVATE_KEY : a private key used to sign user data.
PUBLIC_KEY_JWKS : a public key JWKS used by zkPass to verify that dvr token is not tampered during transport.

Rust/Linux

Quick start tutorial for installing the Rust/Linux binding of the zkpass-client library, and building and running the sample application.

System Requirements

Ubuntu version 20 or higher WSL (Windows Subsystem for Linux) is also supported. Other similar Linux distros should also work.

For WSL installation guide, read here.

Some APT package dependencies Run the following to install the required packages:

sudo apt install build-essential
sudo apt install pkg-config
sudo apt install libssl-dev

Rust compiler toolchain Follow this 2-step instruction to install the Rust toolchain.

# 1: install cargo toolchain
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y

# 2: source the cargo env for the first time
source "$HOME/.cargo/env"

Installing the SDK and Run zkpass-demo

Follow these steps to install the zkPass SDK and to run the demo application.

For the purposes of this guide, the zkpass-sdk repository is cloned under the home directory of the current user, retaining its default name. This places the root directory for the zkpass-sdk repository at ~/zkpass-sdk. As a result, the directory for the Rust/Linux binding of the SDK is set at ~/zkpass-sdk/rust.

Should you choose to clone the zkpass-sdk repository into a different location, ensure that you adjust any referenced paths in the instructions to match your chosen directory structure.

Clone the zkpass-sdk repo

git clone https://github.com/gl-zkPass/zkpass-sdk.git

Enter zkpass-sdk/rust Directory

cd zkpass-sdk/rust

From the zkpass-sdk/rust directory, execute test.sh script to build the SDK and run the demo application:

./test.sh

The correct output of zkpass-demo should look like the following:

<== Using Single User Data ==>
#### starting zkpass proof generation...
2024-09-03T07:23:42.591248Z  INFO run_data_holder{zkvm="r0" ... (omitted for clarity) ... >> generate_zkpass_proof
2024-09-03T07:23:42.626726Z  INFO run_data_holder{zkvm="r0" ... (omitted for clarity) ... Fetching public keys from https://playground-zkpass.ssi.id/.well-known/jwks.json
2024-09-03T07:23:48.169443Z  INFO run_data_holder{zkvm="r0" ... (omitted for clarity) ... << generate_zkpass_proof
#### generation completed [time=5.833258046s]

#### starting zkpass proof verification...
2024-09-03T07:23:48.424559Z  INFO run_data_holder{zkvm="r0" ... (omitted for clarity) ... >> verify_zkpass_proof_internal
2024-09-03T07:23:48.461295Z  INFO run_data_holder{zkvm="r0" ... (omitted for clarity) ... Fetching public keys from https://playground-zkpass.ssi.id/.well-known/jwks.json
2024-09-03T07:23:48.729210Z  INFO run_data_holder{zkvm="r0" ... (omitted for clarity) ... >> verify_zkproof
2024-09-03T07:23:48.729437Z  INFO run_data_holder{zkvm="r0" ... (omitted for clarity) ... << verify_zkproof
2024-09-03T07:23:48.732602Z  INFO run_data_holder{zkvm="r0" ... (omitted for clarity) ... << verify_zkpass_proof_internal
#### found dvr: id=868cbebb-9172-4807-846f-7f5bea6d20e3
#### verification completed [time=308.127227ms]
json-result={
  "name": "Dewi",
  "result": true
}
>> output list:
key=name, value=Str("Dewi")
key=result, value=Bool(true)
<< end of list
the query result is true

... (omitted for clarity) ...


<== Using Multiple User Data ==>
#### starting zkpass proof generation...
... (omitted for clarity) ...
#### generation completed [time=5.33967994s]

#### starting zkpass proof verification...
... (omitted for clarity) ...
#### verification completed [time=221.231359ms]
json-result={
  "name": "Dewi",
  "result": true
}
>> output list:
key=name, value=Str("Dewi")
key=result, value=Bool(true)
<< end of list
the query result is true

... (omitted for clarity) ...


<== Using Example ==>
#### starting zkpass proof generation...
... (omitted for clarity) ...
#### generation completed [time=5.55306725s]

#### starting zkpass proof verification...
... (omitted for clarity) ...
#### verification completed [time=288.768931ms]
json-result={
  "title": "Loan Query Results",
  "result": true,
  "name": "Ramana",
  "email": "Ramana.Maharshi@karma.org"
}
>> output list:
key=title, value=Str("Loan Query Results")
key=result, value=Bool(true)
key=name, value=Str("Ramana")
key=email, value=Str("Ramana.Maharshi@karma.org")
<< end of list
the query result is true

Troubleshooting

Fetch Timeout

This error is indicated by the error message "reqwest::Error ... source: TimedOut".

This could happen when the demo runs and fails to fetch several keys needed. Here are several solutions:

Make sure you have a stable internet connection when running the script
Turn off any of your VPN and try again

Missing/Corrupt .so Files

This error is indicated by the error message "libr0_zkpass_query.so: cannot open shared object file: No such file or directory".

This may be caused by missing or corrupt .so files after executing cargo build -r command in the test.sh script. Several solutions:

Make sure you have a stable internet connection when running the script
Turn off any of your VPN and try again
Download .so file manually
1. Downloadlibsp1_zkpass_query.so and libr0_zkpass_query.so file from the website.
2. Move these files to zkpass-sdk/rust/lib folder
3. Run the test.sh script, error should be resolved

Rust/Linux

Quick start tutorial for installing the Rust/Linux binding of the zkpass-client library, and building and running the sample application.

System Requirements

Ubuntu version 20 or higher WSL (Windows Subsystem for Linux) is also supported. Other similar Linux distros should also work.

For WSL installation guide, read here.

Some APT package dependencies Run the following to install the required packages:

sudo apt install build-essential
sudo apt install pkg-config
sudo apt install libssl-dev

Rust compiler toolchain Follow this 2-step instruction to install the Rust toolchain.

# 1: install cargo toolchain
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y

# 2: source the cargo env for the first time
source "$HOME/.cargo/env"

Installing the SDK and Run zkpass-demo

Follow these steps to install the zkPass SDK and to run the demo application.

Should you choose to clone the zkpass-sdk repository into a different location, ensure that you adjust any referenced paths in the instructions to match your chosen directory structure.

Clone the zkpass-sdk repo

git clone https://github.com/gl-zkPass/zkpass-sdk.git

Enter zkpass-sdk/rust Directory

cd zkpass-sdk/rust

From the zkpass-sdk/rust directory, execute test.sh script to build the SDK and run the demo application:

./test.sh

The correct output of zkpass-demo should look like the following:

<== Using Single User Data ==>
#### starting zkpass proof generation...
2024-09-03T07:23:42.591248Z  INFO run_data_holder{zkvm="r0" ... (omitted for clarity) ... >> generate_zkpass_proof
2024-09-03T07:23:42.626726Z  INFO run_data_holder{zkvm="r0" ... (omitted for clarity) ... Fetching public keys from https://playground-zkpass.ssi.id/.well-known/jwks.json
2024-09-03T07:23:48.169443Z  INFO run_data_holder{zkvm="r0" ... (omitted for clarity) ... << generate_zkpass_proof
#### generation completed [time=5.833258046s]

#### starting zkpass proof verification...
2024-09-03T07:23:48.424559Z  INFO run_data_holder{zkvm="r0" ... (omitted for clarity) ... >> verify_zkpass_proof_internal
2024-09-03T07:23:48.461295Z  INFO run_data_holder{zkvm="r0" ... (omitted for clarity) ... Fetching public keys from https://playground-zkpass.ssi.id/.well-known/jwks.json
2024-09-03T07:23:48.729210Z  INFO run_data_holder{zkvm="r0" ... (omitted for clarity) ... >> verify_zkproof
2024-09-03T07:23:48.729437Z  INFO run_data_holder{zkvm="r0" ... (omitted for clarity) ... << verify_zkproof
2024-09-03T07:23:48.732602Z  INFO run_data_holder{zkvm="r0" ... (omitted for clarity) ... << verify_zkpass_proof_internal
#### found dvr: id=868cbebb-9172-4807-846f-7f5bea6d20e3
#### verification completed [time=308.127227ms]
json-result={
  "name": "Dewi",
  "result": true
}
>> output list:
key=name, value=Str("Dewi")
key=result, value=Bool(true)
<< end of list
the query result is true

... (omitted for clarity) ...


<== Using Multiple User Data ==>
#### starting zkpass proof generation...
... (omitted for clarity) ...
#### generation completed [time=5.33967994s]

#### starting zkpass proof verification...
... (omitted for clarity) ...
#### verification completed [time=221.231359ms]
json-result={
  "name": "Dewi",
  "result": true
}
>> output list:
key=name, value=Str("Dewi")
key=result, value=Bool(true)
<< end of list
the query result is true

... (omitted for clarity) ...


<== Using Example ==>
#### starting zkpass proof generation...
... (omitted for clarity) ...
#### generation completed [time=5.55306725s]

#### starting zkpass proof verification...
... (omitted for clarity) ...
#### verification completed [time=288.768931ms]
json-result={
  "title": "Loan Query Results",
  "result": true,
  "name": "Ramana",
  "email": "Ramana.Maharshi@karma.org"
}
>> output list:
key=title, value=Str("Loan Query Results")
key=result, value=Bool(true)
key=name, value=Str("Ramana")
key=email, value=Str("Ramana.Maharshi@karma.org")
<< end of list
the query result is true

Troubleshooting

Fetch Timeout

This error is indicated by the error message "reqwest::Error ... source: TimedOut".

This could happen when the demo runs and fails to fetch several keys needed. Here are several solutions:

Make sure you have a stable internet connection when running the script
Turn off any of your VPN and try again

Missing/Corrupt .so Files

This error is indicated by the error message "libr0_zkpass_query.so: cannot open shared object file: No such file or directory".

This may be caused by missing or corrupt .so files after executing cargo build -r command in the test.sh script. Several solutions:

Make sure you have a stable internet connection when running the script
Turn off any of your VPN and try again
Download .so file manually
1. Downloadlibsp1_zkpass_query.so and libr0_zkpass_query.so file from the website.
2. Move these files to zkpass-sdk/rust/lib folder
3. Run the test.sh script, error should be resolved

TypeScript/Next.js/Linux

Quick start tutorial for the TypeScript/Next.js binding of the zkPass SDK

To install the zkpass-client-ts lib separately, please refer to this section

System Requirements

Ubuntu version 20 or higher, WSL (Windows Subsystem for Linux) is also supported.
or later.

Make sure the VPN is off

Installing WSL for Windows users

This command will enable the necessary features to run WSL and install the Ubuntu distribution of Linux.

If your underlying system, like Ubuntu, is already Linux-based, you can skip this step.

If your Windows version is below Windows 10 2004, please refer to instead.

Open PowerShell or Windows Command Prompt in administrator mode by right-clicking and selecting "Run as administrator"
Run the command below

Restart your machine
Once you have installed WSL, you will need to create a user account and password for your newly installed Linux distribution.

If you have installed WSL before, you can login using the command wsl

For a complete WSL installation guide, refer to .

Installing Node.js 18.17.0 via NVM

Installing NVM

nvm allows you to quickly install and use different versions of node via the command line.

Run the command below

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.5/install.sh | bash

Restart your terminal session

Installing Node 18.17.0 and NPM via NVM

nvm install 18.17

To check whether Node has been installed properly, run the commands below:

node -v
npm -v

Complete NVM documentation can be found .

Installing Git

sudo apt update
sudo apt install git

To check whether Node has been installed properly, run the commands below:

git --version

Complete Git documentation can be found .

Running "Employee Onboarding" Demo Application

The demo application is an implementation of the "Employee Onboarding" use case. In this scenario, MyNamaste is the application representing the Data Holder or User client.

Overview

Please review to have better understanding of the use case.

Cloning Demo

To try our zkPass demo, you can follow these steps

Clone demo repository

git clone https://github.com/gl-zkPass/zkpass-sdk.git

Go to zkPass demo typescript directory (Let's assume this is our root directory for steps below)

cd zkpass-sdk/typescript/node-js

Running Issuer-Verifier

The Issuer-Verifier runs only as a server and doesn't have any user interface.

From zkpass-sdk/typescript/node-js directory go to issuer-verifier directory

cd issuer-verifier/

Install packages in issuer-verifier directory

npm install

Run issuer-verifier

npm run dev

Issuer-verifier is running on

Running "MyNamaste" Application

From zkpass-sdk/typescript/node-js directory go to client directory

cd client/

Install packages

npm install

Run "MyNamaste" Application

npm run dev

"MyNamaste" is running on

Testing the Demo (Single User Data)

Ensure that "MyNamaste" application & Issuer-Verifier are running.

Open "MyNamaste" Application
Login using username : John and password : John. Check if we want to try another user.

Click button Start Employee Onboarding (Single User Data). "MyNamaste" will fetch user data and Data Verification Request (DVR) from issuer-verifier. You can also use the multiple user data and available scenarios

Check the DVR data displayed on the page, click button Confirm and continue

Check the User data displayed on the page, after that click Confirm and generate proof to start generating the proof. "MyNamaste" will sending request to zkPass service to generate proof

"MyNamaste" encrypt User data and DVR data before sending a request to generate proof to zkPass service.
After "MyNamaste" receives the proof from the zkPass service, "MyNamaste" will send the proof to the Issuer-Verifier for verification.
If everything is working fine, John should get The blood test succeeded onboarding requirements. You can click the Back to Home button to go to step 3.

If we want to simulate a failed onboarding case, we can use another user (e.g., Jane) in our demo.
1. In the top right corner, click LOGOUT: JOHN
2. Login using username : Jane and password : Jane
Repeat the process from number 3 to 5.
If everything is working fine, Jane should get The blood test failed onboarding requirements. You can click the Back to Home button to go to step 3.

Testing the Demo (Multiple User Data)

Same as the scenario, perform the same step 1 and 2.

Click button Start Employee Onboarding (Multiple User Data). "MyNamaste" will fetch user data and Data Verification Request (DVR) from issuer-verifier.

Check the DVR data displayed on the page, click button Confirm and continue

Check the User data displayed on the page, you can view both user data (we prepared 2 user data: blood test and KYC data). After that click Confirm and generate proof to start generating the proof. "MyNamaste" will sending request to zkPass service to generate proof

"MyNamaste" encrypt User data and DVR data before sending a request to generate proof to zkPass service.
After "MyNamaste" receives the proof from the zkPass service, "MyNamaste" will send the proof to the Issuer-Verifier for verification.
If everything is working fine, John should get The blood test and kyc succeeded onboarding requirements.You can click the Back to Home button to go to step 3.

Onboarding Scenarios

Here are the onboarding scenarios:

Pass means the generate proof is succesful and verified
Not Pass means the proof is invalid or not verified because the person not met some criteria.

Name

Single User Data

Multiple User Data

[Optional] Modifying the Demo

These steps are optional. You can proceed with them if you want to modify zkPass demo

Add new User

You can add new user in issuer-verifier/public/verifier/users.json, for example you can add maya

{
...
    "maya": {
        "firstName": "Maya",
        "lastName": "Maya",
        "dateOfBirth": "1985-12-12"
    }
...
}

After creating a new user named Maya, you need to add Maya's blood test. Add them in issuer-verifier/public/issuer/blood-tests.json

{
...
  "maya": {
      "testID": "SCREEN-7083-12345",
      "testName": "QualityHealth Comprehensive Screen",
      "testDate": "2023-08-27T14:00:00Z",
      "lab": {
        "name": "QualityHealth Labs",
        "ID": "QH801874",
        "address": "1234 Elm St, Oakland, USA"
      },
      "subject": {
        "firstName": "Maya",
        "lastName": "Maya",
        "dateOfBirth": "1985-12-12",
        "bloodType": "A+",
        "DNAInfo": {
          "markers": {
            "APOE": ["E3", "E3"],
            "BRCA1": "Normal",
            "MTHFR": ["C677T", "A1298C"]
          },
          "haplogroups": {
            "paternal": "R1b1",
            "maternal": "H1a1"
          }
        },
        "contact": {
          "email": "maya.test@gmail.com",
          "phone": "650-555-1234"
        },
        "address": {
          "street": "789 Oak Street",
          "city": "San Jose",
          "state": "CA",
          "zip": "95134"
        }
      },
      "measuredPanelsNgML": {
        "amphetamines": 0,
        "cocaine": 7,
        "opiates": 102,
        "benzodiazepines": 0
      }
  }
...
}

Modify DVR query

We can also modify DVR query in issuer-verifier/src/app/verifier/dvrs/route.ts method _generateBloodTestQuery depends on which case we want to achieve.
We can see the supported operators that we can use .

Running Tests

Unit Test

Client Unit Test

Go to client folder
```
cd zkpass-sdk/typescript/node-js/client
```
Install packages
```
npm install
```
Run the test
```
npm run test
```

Issuer Verifier Unit Test

Go to issuer-verifier folder

cd zkpass-sdk/typescript/node-js/issuer-verifier

Install packages
```
npm install
```
Run the test
```
npm run test
```

End to End Test

The end-to-end test will cover multiple scenarios for the "Employee Onboarding" use case, using to execute the tests. Make sure you have already run the npm install command in both the client and issuer-verifier projects before executing the tests.

Go to e2e-test directory on client folder

cd zkpass-sdk/typescript/node-js/client/e2e-test

Install packages
```
npm install
```
Run the test
```
npm run test
```

Authentication
1. Login with valid credentials
2. Login with invalid credentials
3. Logout
Login as John
1. Testing Single User Data
2. Testing Multiple User Data
Login as Jane
1. Testing Single User Data
2. Testing Multiple User Data

Code Snippets

Please refer to section.

TypeScript/Node.js/Linux

Quick start tutorial for the TypeScript/Node.js binding of the zkPass SDK

To install the zkpass-client-ts lib separately, please refer to this section

System Requirements

Ubuntu version 20 or higher, WSL (Windows Subsystem for Linux) is also supported.
or later.

Make sure the VPN is off

Installing WSL for Windows users

This command will enable the necessary features to run WSL and install the Ubuntu distribution of Linux.

If your underlying system, like Ubuntu, is already Linux-based, you can skip this step.

If your Windows version is below Windows 10 2004, please refer to instead.

Open PowerShell or Windows Command Prompt in administrator mode by right-clicking and selecting "Run as administrator"
Run the command below

Restart your machine
Once you have installed WSL, you will need to create a user account and password for your newly installed Linux distribution.

If you have installed WSL before, you can login using the command wsl

For a complete WSL installation guide, refer to .

Installing Node.js 18.17.0 via NVM

Installing NVM

nvm allows you to quickly install and use different versions of node via the command line.

Run the command below

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.5/install.sh | bash

Restart your terminal session

Installing Node 18.17.0 and NPM via NVM

nvm install 18.17.0

To check whether Node has been installed properly, run the commands below:

node -v
npm -v

Complete NVM documentation can be found .

Installing Git

sudo apt update
sudo apt install git

To check whether Node has been installed properly, run the commands below:

git --version

Complete Git documentation can be found .

Installing the SDK

If you wish to explore our demo application, feel free to skip this installation step, as it has already been completed in the demo application.

If you want to use our zkpass-client-ts library on your own project / outside the demo application, you can follow this step

Set the npm registry configuration to gdp-labs registry.

npm config set @didpass:registry=https://us-west1-npm.pkg.dev/gdp-labs/gdplabs-npm-public/

Install the zkpass-client library for typescript

npm install @didpass/zkpass-client-ts

For NextJS projects with App Routing, several configurations have to be made in next.config.js file:

next.config.js

const nextConfig = {
  ...,
  experimental: {
    ...,
    esmExternals: "loose", // Enable ESM imports
    serverComponentsExternalPackages: ["@didpass/zkpass-client-ts"], // Exclude SDK from bundling, to enable reading binary file
  },
};

module.exports = nextConfig;

The serverComponentsExternalPackages configuration ensures that the package @didpass/zkpass-client-ts is excluded from NextJS' bundling and compilation process, allowing it to be imported directly from node_modules. As a result, remember to include the node_modules directory in your production build. See .

Running CLI Demo

The demo application will run in a CLI and requires 2 parameters: DVR and user data. Please review to have better understanding of the use case.

Cloning Demo

To try our Typescript CLI demo, you can follow these steps

Clone demo repository

git clone https://github.com/gl-zkPass/zkpass-sdk.git

Go to Typescript CLI demo directory (Let's assume this is our root directory for steps below)

cd zkpass-sdk/typescript/node-js/cli

Running Demo

Install packages

npm install

Run Dewi demo

It will run the demo using predefined user data and DVR for Dewi. The expected query result is "false".

npm run demo-dewi

Expected result :

...
...
#### starting zkpass proof verification...
#### verification completed [time=118ms]
the query result is false

Run Ramana demo

It will run the demo using predefined user data and DVR for Ramana. The expected query result is "true".

npm run demo-ramana

Expected result :

...
...
#### starting zkpass proof verification...
#### verification completed [time=60ms]
the query result is true

Run Jane demo

It will run the demo using predefined user data and DVR for Jane. The expected query result is "true".

npm run demo-jane

Expected result :

...
...
#### starting zkpass proof verification...
#### verification completed [time=46ms]
the query result is true

Run demo with custom data

You can run the demo using custom data. Examples for user data and DVR can be found in typescript/node-js/cli/test-data.

Example running demo using custom data :

npm run demo ./test-data/ramana-profile.json ./test-data/bca-finance-ramana-dvr.json

Expected result :

...
...
#### starting zkpass proof verification...
#### verification completed [time=51ms]
the query result is true

Run demo with multiple user data

You can also run the demo using multiple user data. Examples for multiple user data and DVR can be found in typescript/node-js/cli/test-data/multiple.

Example running demo using multiple data:

npm run demo-multi

Running Tests

Integration Test

The integration test will run all available demo in package.json script using CLI.

Go to Typescript CLI demo directory
```
cd zkpass-sdk/typescript/node-js/cli
```
Install packages
```
npm install
```
Run the tests
```
npm run test
```

The test will run all demo tests one by one and expect every test result is passed. List of Tests:

demo.test.ts
demo-basic.test.ts
demo-basic-false.test.ts
demo-dewi.test.ts
demo-ramana.test.ts
demo-jane.test.ts
demo-multi.test.ts

Code Snippets

This section describes how we use the zkPass SDK in our demo code

Generate Proof

import {
  ZkPassApiKey,
  ZkPassClient,
} from "@didpass/zkpass-client-ts";

async function generateProof(): string {
  ...
  
  /**
    * Step 1: Instantiate the ZkPassApiKey and ZkPassClient object.
   */
  const zkPassApiKey = new ZkPassApiKey(
    YOUR_API_KEY,
    YOUR_API_SECRET
  );
  const zkPassZkvm = "r0"; 
  const zkPassClient = new ZkPassClient({
      zkPassServiceUrl: ZKPASS_SERVICE_URL,
      zkPassApiKey: zkPassApiKey,
      zkVm: zkPassZkvm 
  })
  /**
   * Step 2: Call the zkpassClient.generateZkpassProof
   *         to get the zkpassProofToken.
   */
  const zkpassProofToken = await zkPassClient.generateZkpassProof(
     userDataToken,
     dvrToken
   ); 
  
  ...
}

This code snippet generates a zkPass proof. It requires 3 parameters:

zkPassServiceURL : you can use https://playground-zkpass.ssi.id/proof , or use your own endpoint if you deploy zkPass on your own server.
userDataToken : check section for more details.
dvrToken : check section for more details.

Name

Reference

Verify Proof

import {
  ZkPassApiKey,
  ZkPassClient
} from "@didpass/zkpass-client-ts";

function verifyZkpassProof(zkpassProofToken: string) {
  ...
  
  /**
    * Step 1: Instantiate the ZkPassApiKey and ZkPassClient object.
   */
  const zkPassApiKey = new ZkPassApiKey(
    YOUR_API_KEY,
    YOUR_API_SECRET
  );
  const zkPassZkvm = "r0"; 
  const zkPassClient = new ZkPassClient({
      zkPassServiceUrl: ZKPASS_SERVICE_URL,
      zkPassApiKey: zkPassApiKey,
      zkVm: zkPassZkvm 
  })
  
  /**
    * Step 2: Call zkpassClient.verifyZkpassProof to verify the proof.
   */
  const proofResult = await zkPassClient.verifyZkpassProof(
    zkPassProofToken,
    proofMetadataValidator
  );
  
  ...
}

This code snippet verifies a zkPass proof token. It requires 2 parameters:

zkPassProofToken : check section for more details.
proofMetadataValidator : this is a Class that implements , it's up to verifier to verify metadata of zkpassProofToken.

Name

Reference

Generate User Data Token

import {
  ZkPassApiKey,
  ZkPassClient
} from "@didpass/zkpass-client-ts";

async function getUserDataToken() {
  ...
  
  /**
    * Step 1: Instantiate the ZkPassApiKey and ZkPassClient object.
   */
  const zkPassApiKey = new ZkPassApiKey(
    YOUR_API_KEY,
    YOUR_API_SECRET
  );
  const zkPassZkvm = "r0"; 
  const zkPassClient = new ZkPassClient({
      zkPassServiceUrl: ZKPASS_SERVICE_URL,
      zkPassApiKey: zkPassApiKey,
      zkVm: zkPassZkvm 
  })

  /**
   * Step 2: Call the zkPassClient.signDataToJwsToken.
   *         This is to digitally-sign the user data.
   */
  const userDataToken = await zkPassClient.signDataToJwsToken(
    PRIVATE_KEY,
    userData,
    PUBLIC_KEY_JWKS
  );
  
  ...
}

This code snippet generate user data token. It requires 3 parameters:

PRIVATE_KEY : a private key used to sign user data.
userData : user data in JSON format.
PUBLIC_KEY_JWKS : a public key JWKS used by zkPass to verify that user data token is not tampered during transport.

Name

Reference

Generate DVR Token

import {
  ZkPassApiKey,
  ZkPassClient,
  DataVerificationRequest,
} from "@didpass/zkpass-client-ts";

async function getDvrToken() {
  ...
  
  /**
    * Step 1: Instantiate the ZkPassApiKey and ZkPassClient object.
   */
  const zkPassApiKey = new ZkPassApiKey(
    YOUR_API_KEY,
    YOUR_API_SECRET
  );
  const zkPassZkvm = "r0"; 
  const zkPassClient = new ZkPassClient({
      zkPassServiceUrl: ZKPASS_SERVICE_URL,
      zkPassApiKey: zkPassApiKey,
      zkVm: zkPassZkvm 
  })
  
  /**
   * Step 2: Call zkPassClient.getQueryEngineVersionInfo.
   *         The version info is needed for DVR object creation.
   */
   const { queryEngineVersion, queryMethodVersion } =
      await zkPassClient.getQueryEngineVersionInfo();

  /**
   * Step 4: Create the DVR object.
   */
  const dvr = DataVerificationRequest.fromJSON({
    dvr_title: "My DVR",
    dvr_id: uuidv4(),
    query_engine_ver: queryEngineVersion,
    query_method_ver: queryMethodVersion,
    query: JSON.stringify(queryObj),
    user_data_requests: {
      "": {
        user_data_url: "https://hostname/api/user_data/",
        user_data_verifying_key: {
          KeysetEndpoint: issuerPubkey,
        },
      },
    },
    dvr_verifying_key: {
      KeysetEndpoint: verifierPubkey
    },
    zkvm: zkPassZkvm
  });

  /**
   * Step 5: Call zkPassClient.signToJwsToken.
   *         This is to digitally-sign the dvr data.
   */
  const dvrToken = await dvr.signToJwsToken(
    PRIVATE_KEY,
    publicKey
  );
  
  ...
}

This code snippet generate DVR token. It has 2 steps, generate DVR and sign DVR.

Generate DVR requires 7 parameters:

zkvm : Your choice of zkvm (currently available zkvm = r0)
dvr_title : title of your DVR.
dvr_id : ID of your DVR. When the verifier issues a DVR, they will save it. When the verifier verifies the zkPassProofToken, they will check whether the zkPassProofToken was generated using the DVR issued by them.
query_engine_ver : query engine version of the SDK you currently use.
query_method_ver : query method version of the SDK you currently use.
query : queryObject is a , you need to make them into a string
user_data_url : this parameter is not used by zkPass when generating proof. However, it can be utilized by the holder in scenarios where they obtain the DVR but do not have user data yet. The holder can retrieve user data from this URL.
user_data_verifying_key : a public key JWKS used by zkPass to verify that user data token is not tampered during transport.
dvr_verifying_key : a public key JWKS used by zkPass to verify that data verification request is not tampered during transport.

Sign DVR requires 2 parameters:

PRIVATE_KEY : a private key used to sign user data.
PUBLIC_KEY_JWKS : a public key JWKS used by zkPass to verify that dvr token is not tampered during transport.

Name

Reference