keyring-bifold

Core framework, shared packages, and witness server for Keyring.

⚠️ NOTE! This is a functional alpha release, but is not meant for production uses at this time. See issues for more information.

This is a fork of the Bifold Wallet from the OpenWallet Foundation, extended with support for Verifiable Relationship Credentials (VRCs), witnessed credential exchange, and biometric hardware attestation.

What's Added

Beyond the upstream Bifold capabilities (AnonCreds, W3C VCs, DIDComm, mediation), this fork introduces:

• VRC Module — Peer-to-peer Verifiable Relationship Credential exchange using the Relationship Credential Exchange (RCE) protocol, including parallel issuance, relationship DIDs, and R-Card/jCard profile data
• Witness Server — A standalone Node.js service implementing the DTG Witnessed Exchange protocol, issuing Verifiable Witness Credentials (VWCs) over DIDComm
• Biometric Hardware Attestation — Device-backed cryptographic evidence using iOS Secure Enclave (App Attest) and Android StrongBox/KeyStore, embedded as VRC evidence
• VRC Reference Implementations - Standalone VRC and witnessed VRC exchange flows with automated tests, for reference and conformance.
• VRC Contexts — React contexts for VRC state management across the wallet UI
• VRC Shared Utilities - A package of server-side VRC utilities

Packages

packages/
├── core/                       # Main UI, navigation, screens, VRC module, agent config
├── witness-server/             # Node.js witness service (DIDComm + web UI + REST API)
├── react-native-attestation/   # Native biometric hardware attestation (iOS + Android)
├── vrc-reference/              # VRC reference implementation with conformance tests
├── vrc-contexts/               # React contexts for VRC state
├── vrc-shared/                 # Shared VRC utilities for server side packages
├── oca/                        # Overlay Capture Architecture
├── verifier/                   # Verification utilities
└── remote-logs/                # Remote logging

Core (@bifold/core)

The main package containing:

• VRC Module — Credential exchange, witness integration, VRC manager, hardware evidence
• Screens — Onboarding, settings, contacts, credential details, about
• Navigation — Tab stack, setting stack, onboarding flow
• Hooks — Biometry, notifications, unread messages, agent lifecycle
• Agent Configuration — Credo-TS setup with AnonCreds, Indy VDR, mediation, OpenID

Witness Server

A full-featured witness service. See the dedicated Witness Server README for complete documentation including:

• DIDComm protocol and message types
• Session-based challenge verification
• Mediator configuration for mobile compatibility
• Docker deployment
• REST API and web interface
• Locality verification (BLE — coming soon)

React Native Attestation (@bifold/react-native-attestation)

Native module providing biometric hardware attestation:

• iOS: App Attest API with Secure Enclave key generation and assertion signing
• Android: KeyStore/StrongBox with key attestation certificate chains
• Attestation evidence is embedded in VRCs for recipient-side verification

Getting Started

Prerequisites

Tool	Version
Node.js	>=20.19.2 <21
Yarn	4.9.2 (via corepack enable && corepack prepare yarn@4.9.2 --activate)
Java	17 (for Android)

Install Dependencies

git clone https://github.com/berkmancenter/keyring-bifold.git
cd keyring-bifold
yarn install

Build All Packages

yarn build

Run Tests

yarn test

Run Individual Package Tests

cd packages/core
yarn test

cd packages/witness-server
yarn test

Development

Working With Keyring

This repository is used as a Git submodule in Keyring. The app resolves @bifold/* packages via Yarn portals, so changes here are reflected in the app without a build step during development.

For hot reload setup, see the Hot Reload Dev Setup guide in the main repo.

Building for Production

yarn build

This transpiles all packages via their individual build scripts in topological order.

Linting and Type Checking

yarn lint
yarn typecheck

Protocols and Standards

Protocol	Usage
DIDComm	All agent-to-agent communication
W3C Verifiable Credentials	VRCs, VWCs, standard credentials
AnonCreds	Privacy-preserving credentials
Decentralized Trust Graph	Witnessed exchange credential spec

Attribution

This project builds on:

• Bifold Wallet — The open-source wallet framework from the OpenWallet Foundation
• BC Wallet Mobile — Production wallet from the Government of British Columbia
• Credo-TS — The agent framework for DIDComm, credential exchange, and DID management

Developed at the Applied Social Media Lab at Harvard's Berkman Klein Center for Internet & Society.

Contributing

We welcome contributions. Please open an issue or pull request. All contributions are subject to the Apache 2.0 license.

For upstream Bifold community discussion, join the OpenWallet Foundation Discord #bifold channel.

License

Apache 2.0 — see LICENSE for details.