HederaAnoncredsRegistry Guide

The @hiero-did-sdk/anoncreds package provides the HederaAnoncredsRegistry — a service to manage AnonCreds schemas, credential definitions, revocation registries, and revocation status lists on the Hedera Consensus Service (HCS) ledger, enabling decentralized issuance and verification of zero-knowledge proof based credentials.

Overview

HederaAnoncredsRegistry enables developers to:

  • Register and retrieve credential schemas defining sets of attributes.

  • Register and resolve credential definitions linking schemas to issuers with cryptographic material.

  • Register and resolve revocation registries and their definitions to manage credential revocation state.

  • Register and fetch revocation status lists reflecting issued and revoked credentials over time.

  • Use Hedera HCS topics as a scalable Verifiable Data Registry following AnonCreds specifications.

Package Architecture

The service integrates with the underlying HederaHcsService for interacting with the ledger, leveraging submission and retrieval of files and messages encoded as AnonCreds objects.

Initialization

constructor(config: HederaAnoncredsRegistryConfiguration)

Create a new instance of the HederaAnoncredsRegistry.

Parameters

  • config (required): Configuration object for the registry, including network and client settings.

Basic Usage

Registering a Schema

const registry = new HederaAnoncredsRegistry(config);

const schema = {
  name: "EmployeeCredential",
  issuerId: issuerDid,
  attrNames: ["name", "employeeId", "department"],
  version: "1.0"
};

const registerSchemaResult = await registry.registerSchema({
  networkName: "testnet",
  issuerKeyDer: PrivateKey.generate().toStringDer(),
  schema,
});

console.log("Schema registration result:", registerSchemaResult);

Parameters:

  • networkName (optional): The Hedera network name to use.

  • issuerKeyDer (required, string): The issuer private key in the DER format.

  • schema (required): An object describing the credential schema including name, issuer DID, attribute names, and version.

Returns a result object describing registration state and metadata.

Getting a Schema

const resolvedSchema = await registry.getSchema(schemaId);

console.log("Resolved schema:", resolvedSchema);

Parameters:

  • schemaId (required): The schema identifier to resolve on ledger.

Returns the schema object and associated metadata.

Registering a Credential Definition

const credDef = {
  schemaId: schemaId,
  issuerId: issuerDid,
  value: cryptographicPublicKeys,
  tag: "tag1"
};

const registerCredDefResult = await registry.registerCredentialDefinition({
  networkName: "testnet",
  issuerKeyDer: PrivateKey.generate().toStringDer(),
  credentialDefinition: credDef,
  options: { supportRevocation: true }
});

console.log("Credential Definition registration result:", registerCredDefResult);

Parameters:

  • networkName (optional): Hedera network name.

  • issuerKeyDer (required, string): The issuer private key in the DER format.

  • credentialDefinition (required): An object defining the credential definition, linking schema and issuer with cryptographic parameters.

  • options (optional): Metadata options such as revocation support flag.

Returns a result object with registration state and metadata.

Getting a Credential Definition

const resolvedCredDef = await registry.getCredentialDefinition(credentialDefinitionId);

console.log("Resolved Credential Definition:", resolvedCredDef);

Parameters:

  • credentialDefinitionId (required): The credential definition ID to retrieve.

Returns the credential definition and metadata.

Registering a Revocation Registry Definition

const revRegDef = {
  issuerId: issuerDid,
  maxCredNum: 1000,
  tailsLocation: "https://example.com/tails",
  // other revocation registry fields
};

const registerRevRegResult = await registry.registerRevocationRegistryDefinition({
  networkName: "testnet",
  issuerKeyDer: PrivateKey.generate().toStringDer(),
  revocationRegistryDefinition: revRegDef,
});

console.log("Revocation Registry registration result:", registerRevRegResult);

Parameters:

  • networkName (optional): Hedera network name.

  • issuerKeyDer (required, string): The issuer private key in the DER format.

  • revocationRegistryDefinition (required): Object defining revocation registry parameters.

Returns registration state and metadata.

Getting a Revocation Registry Definition

const resolvedRevRegDef = await registry.getRevocationRegistryDefinition(revocationRegistryDefinitionId);

console.log("Resolved Revocation Registry Definition:", resolvedRevRegDef);

Parameters:

  • revocationRegistryDefinitionId (required): The ID of the revocation registry definition.

Returns the definition and resolution metadata.

Registering a Revocation Status List

const revStatusList = {
  revRegDefId: revocationRegistryDefinitionId,
  revocationList: [0, 1, 0, 0, 1],  // status array: 0-active, 1-revoked
  currentAccumulator: "...",
  timestamp: Date.now(),
};

const registerStatusListResult = await registry.registerRevocationStatusList({
  networkName: "testnet",
  issuerKeyDer: PrivateKey.generate().toStringDer(),
  revocationStatusList: revStatusList,
});

console.log("Revocation Status List registration result:", registerStatusListResult);

Parameters:

  • networkName (optional): Hedera network name.

  • issuerKeyDer (required, string): The issuer private key in the DER format.

  • revocationStatusList (required): Revocation status list object without timestamp.

Returns the registration state and metadata.

Getting a Revocation Status List

const resolvedStatusList = await registry.getRevocationStatusList(revocationRegistryId, timestamp);

console.log("Resolved Revocation Status List:", resolvedStatusList);

Parameters:

  • revocationRegistryId (required): ID of the revocation registry.

  • timestamp (required): UNIX timestamp to resolve the status list at.

Returns the revocation status list and resolution metadata.

See Also

HederaAnoncredsRegistry API Reference