About

What This Platform Does

We help projects prove who they are using Atala PRISM DIDs and Verifiable Credentials (VCs), and we produce on‑chain friendly token metadata ("725") that points to those proofs.

End‑to‑End Flow

1. Create DID: You enter company info; we generate a DID Document and an encrypted private key for you to download.
2. Save Key: Download and store your one‑time key (we never keep your plaintext key).
3. KYC & Review: Upload documents; an admin reviews and approves.
4. Platform Attestation (VC): On approval, the platform issues a signed VC attesting to your DID.
5. Create Credentials: For each asset/project, you create a VC signed by your DID.
6. Token Metadata (725): Generate signed metadata per credential for on‑chain use.

What Gets Signed

• DID Document: Self‑signed by your DID key (includes your public JWK).
• Platform Attestation (VC): Signed by the platform’s verifier key, referencing your DID.
• Credential (VC): Per asset/project, signed by your DID key.
• Token Metadata (725): Signed by your DID key; references your DID (and optionally the VC URL).

VC ↔ 725 Metadata (How They Relate)

• Same signer: Your DID key signs both the VC and the 725 metadata.
• Cross‑reference: 725 metadata includes your DID (and a link to the VC); the VC’s issuer is your DID.
• Verification path: A verifier checks the DID Document signature, then the VC signature, then the 725 signature — all against the same DID public key.
• Policy consistency: Include the policy ID in the VC (credentialSubject.policyID) and mirror it in 725 to scope the claim to one policy.

How Others Verify

1. Start at the VC: Read issuer (your DID).
2. Get DID + Attestations: Use our public DID endpoint or the bundle you share.
3. Check Signatures:
   • DID Document → verify signature with public JWK inside the DID.
   • VC → verify signature with the DID public key.
   • Platform Attestation VC → verify signature with the platform’s public key.
   • Token Metadata (optional) → verify signature with the DID public key.
4. Check Status: Call the credential’s status URL to confirm active/revoked.

Tip: On the credential page, “Verify” reproduces these exact steps and shows pass/fail per step.

Public Endpoints

• GET https://identity.nmkr.io/api/credentials/<id> — Public VC JSON
• GET https://identity.nmkr.io/api/credentials/<id>/status — SimpleStatus (active/revoked)
• GET https://identity.nmkr.io/api/dids/<id>/public — DID Document + platform attestations

How the App Is Organized

• DIDs page: Each DID is a parent; credentials live under it. Use “+” to add a credential.
• DID Overview: Shows the DID, pretty‑printed DID Document JSON, and platform attestations.
• Credential Detail: Shows the VC, “Verify” (full third‑party verification), and “Download VC”.

Standards & Choices

• issuer is a DID: We keep issuer as a DID for VCs; keys come from the DID Document.
• Attestations as VCs: Platform endorsements are standard VCs signed by the platform’s DID.
• Crypto: secp256k1 + deterministic ECDSA; canonical JSON (sorted keys) for signature stability.
• 725 Metadata: Includes the DID and can include a VC URL via files.

No blockchain writes happen here; you decide when/where to publish metadata.