Command Line Interface
Last updated
Was this helpful?
Last updated
Was this helpful?
For setting up an HTTP server, whether for internal use, over the open internet, or both, we recommend using our dockerized HTTP server. Instructions .
Instructions for building manually can be found on the main .
See the section below for automation and testing building blocks.
The HTTP server is containerised and available under ghcr.io/spruceid/didkit-cli
.
You can use the Docker image as a CLI:
Note: You can pass JWKs either by sharing a volume with:
docker run --volume
or by passing the JWK directly with:
docker run -e JWK=$MY_JWK
ordocker run didkit-http --jwk $MY_JWK
.
See the repo's Dockerfile for further details.
Each command is called in the form: didkit help
, didkit generate-ed25519-key
, etc.
help
Output help about didkit
and its subcommands.
generate-ed25519-key
key-to-did
key-to-verification-method
-k, --key-path <file>
(required, conflicts with jwk): Filename of JWK file
-j, --jwk <jwk>
(required, conflicts with key-path): JWK.
vc-issue-credential
-k, --key-path <key>
(required, conflicts with jwk): Filename of JWK for signing.
-j, --jwk <jwk>
(required, conflicts with key-path): JWK for signing.
RSA
OKP
(curve
: Ed25519
)
vc-verify-credential
Verify a verifiable credential. Reads verifiable credentials on standard input, and outputs verification result. Returns exit status zero if credential successfully verified, or non-zero if errors were encountered.
{"checks": [],"warnings": [],"errors": []}
Verification result properties:
checks
- Array of strings indicating checks completed on the credential.
warnings
- Array of warnings encountered during validation or verification.
errors
- Array of strings indicating errors encountered during validation or verification. If errors
is empty, the credential is verified.
vc-issue-presentation
Issue a verifiable presentation. Reads presentation on stdin, generates proof to add to it, and outputs the resulting verifiable presentation.
vc-verify-presentation
Verify a verifiable presentation. Reads verifiable presentation on stdin, and outputs verification result. Returns exit status zero if presentation successfully verified, or non-zero if errors were encountered.
You can set the environment variable HTTP_PROXY
to have DIDKit use a proxy. Both HTTP and SOCKS protocols are supported. See the "proxies" section of the DIDKit docs for more details.
Core CLI syntax
Batching, Automation
Generate a Ed25519 keypair and output it in .
Given a , output the corresponding . Currently, this only supports keys.
Given a Ed25519 , output the corresponding .
Issue a verifiable credential. Reads credential on stdin, constructs a to add to the credential, and outputs the resulting verifiable credential.
Corresponds to /issue/credentials in .
The proof type is set automatically based on the key file provided. JWK parameters besides the cryptographic components, such as (Key ID), are ignored currently. For an RSA key, the (Algorithm) parameter is ignored and RS256
is used for it, for .
Options besides --key-path
correspond to linked data as specified in and .
-C, --challenge <challenge>
- property of the proof
-c, --created <created>
- property of the proof. ISO8601 datetime. Defaults to the current time.
-d, --domain <domain>
- property of the proof
-p, --proof-purpose <proof-purpose>
property of the proof.
-v, --verification-method <verification-method>
property of the proof. URI for proof verification information, e.g. a public key identifier.
Corresponds to /verify/credentials in .
Options are linked data as specified in and . If there is more than one proof present, at least one must pass all the requirements passed in the options.
-C, --challenge <challenge>
- The property of the proof must equal this value.
-c, --created <created>
- The property of the proof must be on or after the given ISO8601 datetime. Defaults to the current time.
-d, --domain <domain>
- The property of the proof must equal the given value.
-p, --proof-purpose <proof-purpose>
- The property of the proof must equal this value.
-v, --verification-method <verification-method>
- The property of the proof must equal this value.
The verification result output is a VerificationResult
JSON object as specified in :
Corresponds to /prove/presentations in .
Options are the same as for .
Corresponds to /verify/presentations in .
Options and output format are the same as for .