owned this note
owned this note
Published
Linked with GitHub
# did:keri (self-addressing)
## Introduction
`did:peer:2` alternative to be used mainly for DIDComm v2 communications. Able to encode at least a signing key, an encryption key, and a service endpoint
## Characteristics
- self-addressing inception
- no key rotation = ``'n': []``, but `transfereable=true` (no Ed25519N keys)
- no witnesses
- No keri agent required
- No keystore and data store required
- KERI Version type: JSON
- DID Document properties:
- verificatioMethod: keys in `k`
- additional keys should be encoded using CESR and placed in the data field `a` as follows:
- authentication: keys in data(`a` property) as `{'a': ...}`
- assertionMethod: keys in data(`a` property) as `{'am': ...}`
- keyAgreement: keys in data(`a` property) as `{'e': ...}`
- capabilityInvocation: keys in data(`a` property) as `{'ci': ...}`
- capabilityDelegation: keys in data(`a` property) as `{'cd': ...}`
- Encoding of services: info in data(`a` property) as `{'s': ...}`. The value of `s` should be in json encoding format
- ordering of the array in data `a` is important. The following rule should be applied:
- if any, start with authentication keys 'a'
- then follow with available assertionMethod keys 'am'
- then follow with available keyAgreement keys 'e'
- then follow with avaliable capabilityInvocation keys 'ci'
- then follow with available capabilityDelegation keys 'cd'
- finish with available service data objects
- DID Document resolution rules:
- use [W3C JSON Web Signature 2020 Suite](https://www.w3.org/community/reports/credentials/CG-FINAL-lds-jws2020-20220721/)
- `id` properties should be constructed as follows:
- use base DID `did:keri:{AID}`
- add `#{type}-{index}`
- where `{keytype}` is:
- `k` for verificatioMethod keys
- `a` for authentication keys
- `am` for assertionMethod keys
- `e` for keyAgreement keys
- `ci` for capabilityInvocation keys
- `cd` for capabilityDelegation keys
- `s` for service keys
- and where `index` is the order of appearence of the key in the inception event for that `{keytype}`
- `type` should be:
- "JsonWebKey2020" for keys
- "DIDCommMessaging" for service
- `controller` should always be `did:keri:{AID}`
## DID Method:
`did:keri:{AID}`
## DID URL with inception event (unique key event)
The first interaction with a Peer requires to pass the inception event in order to extract the keys and service information.
`did:keri:{AID}?icp={urlsafe_base64(icp)}`
Where:
- ``{icp}`` is the stringified inception event JSON
- `urlsafe_base64` is the safe variant of Base 64 encoding (with `_` and `-` characters)
Peers receiving a DID URL should validate thar the inception event:
- is valid and correspond to the AID
- is in accordance to this document
## Example
Inception event:
```
{'v': 'KERI10JSON000162_',
't': 'icp',
'd': 'EBDCrJM9thBcC3hYZSzKGo-Iv53zQY9KIYEDhN0g5DnV',
'i': 'EBDCrJM9thBcC3hYZSzKGo-Iv53zQY9KIYEDhN0g5DnV',
's': '0',
'kt': '1',
'k': ['DKwpHGppMPpty1BEzXFRKWuP3tZJ-w74y1p_q4O4iG_G'],
'nt': '0',
'n': [],
'bt': '0',
'b': [],
'c': [],
'a': [{'e': 'CEBYEoztS7aqa-Ipon0rsYjRU4qfEdCl21G-AheHIYte'},
{'s': {'serviceEndpoint': 'https://example.com/'}}]}
```
DID: 'did:keri:EBDCrJM9thBcC3hYZSzKGo-Iv53zQY9KIYEDhN0g5DnV'
DID URL: 'did:keri:EBDCrJM9thBcC3hYZSzKGo-Iv53zQY9KIYEDhN0g5DnV?icp=eyJ2IjogIktFUkkxMEpTT04wMDAxNjJfIiwgInQiOiAiaWNwIiwgImQiOiAiRUJEQ3JKTTl0aEJjQzNoWVpTektHby1JdjUzelFZOUtJWUVEaE4wZzVEblYiLCAiaSI6ICJFQkRDckpNOXRoQmNDM2hZWlN6S0dvLUl2NTN6UVk5S0lZRURoTjBnNURuViIsICJzIjogIjAiLCAia3QiOiAiMSIsICJrIjogWyJES3dwSEdwcE1QcHR5MUJFelhGUktXdVAzdFpKLXc3NHkxcF9xNE80aUdfRyJdLCAibnQiOiAiMCIsICJuIjogW10sICJidCI6ICIwIiwgImIiOiBbXSwgImMiOiBbXSwgImEiOiBbeyJlIjogIkNFQllFb3p0UzdhcWEtSXBvbjByc1lqUlU0cWZFZENsMjFHLUFoZUhJWXRlIn0sIHsicyI6IHsic2VydmljZUVuZHBvaW50IjogImh0dHBzOi8vZXhhbXBsZS5jb20vIn19XX0='
Resolved DID Document:
```
{
"@context": "https://w3id.org/did/v1",
"id": "did:keri:EBDCrJM9thBcC3hYZSzKGo-Iv53zQY9KIYEDhN0g5DnV",
"verificationMethod": [{
"id": "did:keri:EBDCrJM9thBcC3hYZSzKGo-Iv53zQY9KIYEDhN0g5DnV#k-1",
"type": "JsonWebKey2020",
"controller": did:keri:EBDCrJM9thBcC3hYZSzKGo-Iv53zQY9KIYEDhN0g5DnV",
"publicKeyJwk": {
"kty": "OKP",
"crv": "Ed25519",
"x": "rCkcamkw-m3LUETNcVEpa4_e1kn7DvjLWn-rg7iIb8Y"
}
}],
"keyAgreement": [{
"id": "did:keri:EBDCrJM9thBcC3hYZSzKGo-Iv53zQY9KIYEDhN0g5DnV#e-1",
"type": "JsonWebKey2020",
"controller": did:keri:EBDCrJM9thBcC3hYZSzKGo-Iv53zQY9KIYEDhN0g5DnV",
"publicKeyJwk": {
"kty": "OKP",
"crv": "X25519",
"x": "QFgSjO1Ltqpr4imifSuxiNFTip8R0KXbUb4CF4chi14"
}
}],
"service": [{
"id": "did:keri:EBDCrJM9thBcC3hYZSzKGo-Iv53zQY9KIYEDhN0g5DnV#s-1"
"type": "DIDCommMessaging",
"serviceEndpoint": "https://example.com/"
}]
}
```
## did:keri for transferable AID
- use DID URL with query parameter `oobi`
- use of a well known super watcher
Google Drive
Gist
Clipboard
Sign in with Wallet
