Skip to content

Issuer Node Overview

The Issuer Node is a self-hosted Node that any implementer can quickly set up and integrate into their application. Once the setup is completed, the Issuer Node exposes all the functionalities necessary to run an issuer such as:

  • Create, manage, and revoke an identity
  • Issue credentials to an identity
  • Share credentials with the user's wallet using QR Code
  • Publish Identity States on-chain
  • Revoke credentials

The Issuer Node can generate multiple identities for multiple Issuers and manages the states of these identities by updating the state stored on-chain.

The Issuer Node provides API endpoints for the integrator's applications.

Issuer Node Components

The Issuer Node comprises the following components and each one of these components can be either dockerized or each one of these can be launched as separate service.

  • Issuer Application to issue Verifiable Credentials and communicate with users' wallets.

  • Vault: Based on HashiCorp, the Vault is used in the Issuer Node for providing key management services. It helps to secure sensitive data, such as the private key of the issuer, thus protecting them in a secure way. The Vault has been provided with a plugin called vault-plugin-secrets-iden3; this plugin is used to sign the data with Baby Jubjub Keys that are stored in the Vault.

  • Redis: Redis is used for caching the schemas that we use in the Issuer Node. The schemas are downloaded from IPFS and stored on Redis. This way, every time, the Issuer Node issues a Credential, it doesn't need to fetch the schemas from an external source; it can fetch it directly from Redis. This boosts the performance of the application.

  • DB: This container is used as the data source for the Issuer Node. In our implementation of the Issuer Node, we have used Postgres as the database. It is where all the data related to issued credentials are stored.

    Note: In a testing environment, you can run the Vault, Redis, and Postgres services inside a docker. But for production, you are advised to secure these services first before using them.

Core Library

Support Libraries

  • go Iden3 Core: Go implementation of iden3 core functionality
  • go Iden3 Crypto: Go implementation of important cryptographic elements including baby jubjub key, Keccak256, and poseidon
  • go Merkle Tree SQL: Go implementation of Merkle tree based on the library of circuit templates