Digest
A VPR provides a Digest entity: a minimal, standalone registry of content hashes, served by the di module. It is used to anchor the existence and integrity of off-chain content at a point in time — proving that a document existed and has not changed — without storing the content itself on-chain.
The Digest is a content-hash primitive, not a discovery mechanism. It has nothing to do with listing DIDs or indexing services — that is covered by DID Indexing. It also does not replace the removed DID Directory: the DID-lifecycle feature (per-DID registration, deposits, expiry, renewal) is gone, not renamed.
The Digest entity
A Digest has just two fields:
| Field | Description |
|---|---|
digest | The content digest, in SRI format, and the entry's primary key — globally unique across all Digest entries. |
created | The block time at which the digest was first persisted. |
Its defining properties:
- String-keyed — unlike most VPR entities (which use a server-assigned numeric
id), aDigestis keyed by its own content. - Idempotent / create-once — storing a digest that already exists is a no-op: the transaction succeeds, no second entry is created, and the original
createdtimestamp stands. - Globally unique — a given content hash exists at most once in the registry.
SRI format
The digest value is a Subresource Integrity (SRI) string: an algorithm prefix followed by the base64-encoded hash — sha256-…, sha384-…, or sha512-…. The hash algorithm is inferred from the SRI prefix; there is no separate algorithm argument.
The same SRI format is used elsewhere in the VPR for content that must be verifiable but is stored off-chain, such as the digest_sri of governance framework documents and schema authorization policy documents.
What it is used for
Anchoring a digest gives a verifiable, tamper-resistant timestamp for off-chain content. The main use in Verifiable Trust is objective credential issuance time: an issuer canonicalizes a verifiable trust credential (JCS, RFC 8785), computes its digest with the digest_algorithm of the credential schema, and stores that digest in the VPR. During trust resolution, a verifier recomputes the digest from the presented credential, looks it up, and uses the created timestamp of the matching Digest entry as the credential's effective issuance time — a value the issuer cannot forge or backdate. Issuer authorization is then checked as of that time.
The same primitive can anchor any other off-chain artifact: a governance framework document, a terms-of-service page, a schema authorization policy, an audit report.
On-chain interface
The di module exposes exactly one transaction and two queries:
MOD-DI-MSG-1Store Digest —veranad tx di store-digest [authority] [digest], a delegable transaction executed on behalf of a Corporation (authorityis the corporation'spolicy_address; the signer is an authorized operator). Storing an existing digest is an idempotent no-op.MOD-DI-QRY-1Get Digest —veranad query di get-digest [digest], a read-only lookup returning thedigestand itscreatedtimestamp.- Params —
veranad query di params; the module currently has no configurable parameters.
For the exact commands, parameters, and responses, see the how-to guide Store and Query a Digest.