SpruceKit
SpruceID
  • 🌲SpruceKit Introduction
    • Decentralized Identity Overview
    • Glossary
  • ⚡Quickstart
  • SpruceKit Mobile
    • SpruceKit Showcase App
      • Installation
      • Getting Started
      • Issue a Showcase Credential
      • Present a Showcase Credential
    • SpruceKit Mobile SDK
      • Introduction
      • Core Components
        • StorageManager
        • KeyManager
        • CredentialPack
        • Card
        • IsoMdlPresentation
        • mDocReader/IsomDLReader
        • Document Scanner
      • SpruceKit iOS SDK
        • Installation
        • Build a Wallet
          • Accept a W3C VC
          • Present a W3C VC
          • Present mDL in-person/offline
          • Present an mDL over the internet
        • Build a Verifier
          • Verify a W3C VC
          • Verify an mDL in-person/offline
          • Verify an mDL over the internet
      • SpruceKit Android SDK
        • Installation
        • Build a Wallet
          • Accept a W3C VC
          • Present a W3C VC
          • Present an mDL in-person/offline
          • Present an mDL over the internet
        • Build a Verifier
          • Verify a W3C VC
          • Verify an mDL in-person/offline
          • Verify an mDL over the internet
  • Verifiable Digital Credentials
    • ⚙️DIDKit
      • Installation
      • Core Concepts
      • DID Methods
      • Runtime Configuration
      • Specifications and Dependencies
      • Quickstart
      • DIDKit Packages
        • Command Line Interface
        • HTTP Server
        • Rust Crate
        • C Interface
        • Java and Android
        • Python
        • Javascript
      • DIDKit Examples
        • Core Functions (CLI)
        • Core Functions (HTTP)
        • did-web in minutes
        • Batch Generation & Verification
    • 🪪ISO mDL
      • Quickstart
      • Core Concepts
      • User Guide
  • Schema Definition Language
    • 🔗TreeLDR
      • TreeLDR Quickstart
        • First Schema
        • Compilation into JSON Schema
        • Compilation into JSON-LD Context
        • Writing a Layout
        • Simple Rust Integration
      • Types
        • Literal Types
      • Layouts
        • Primitive Layouts
        • Literal Layouts
        • Enumeration
        • Array Layout
        • References
      • Compiling
        • Schema Definition Formats
          • JSON Schema
          • JSON-LD Context
          • Resource Description Framework (RDF)
        • Programming Languages
          • Compiling to Rust
      • RDF Vocabulary
      • 💡TreeLDR Basics
        • Types and Layouts
        • Properties
        • Syntax
  • Witness for Credential Claims
    • 🔭Rebase
      • Core Library
      • Rust Client/Witness SDK
      • WASM Client SDK
      • Simple "Basic Post" Schema
      • DNS Witness Flow Schema
  • References
    • Contributing
    • Code of Conduct
Powered by GitBook
On this page
  • Step 0: Install DIDKit
  • Step 1: Issue and verify your first VC using a DID
  • Step 2: Verifying a did-web issued VC

Was this helpful?

  1. Verifiable Digital Credentials
  2. DIDKit

Quickstart

Getting started with DIDKit

PreviousSpecifications and DependenciesNextDIDKit Packages

Last updated 7 months ago

Was this helpful?

This guide describes how to perform credential issuance and verification with DIDKit's CLI program.

Step 0: Install DIDKit

To install the DIDKit command line program on GNU/Linux, MacOS, or Windows+WSL, first install . With or equivalent tools also installed, run:

cargo install didkit-cli

This will add the binary didkit to your Cargo installation (typically ~/.cargo/bin), which can be added to your system's PATH for ease of use.

You can also build DIDKit CLI or .

Step 1: Issue and verify your first VC using a DID

W3C Verifiable Credentials are a standard data format for claims expressed in JSON, also known as digital attestations. They contain the claim being made, data schema references, and a digital signature to be verified and consumed by unknown future parties.

Generating a did-key DID

To issue your first credential, you will need a signing key. We will use this key to generate a DID using the DID method. DIDKit can generate a signing key with the generate-ed25519-key subcommand to create an private key in the format. Existing JWKs can also be loaded via filepath.

didkit generate-ed25519-key > issuer_key.jwk
issuer_did=$(didkit key-to-did key -k issuer_key.jwk)
echo $issuer_did

With the signing key prepared and its representation as a did-key known, specify the JSON of the Verifiable Credential to be signed. For this tutorial, you can use the following example.

cat > unsigned-vc.json <<EOF
{
    "@context": "https://www.w3.org/2018/credentials/v1",
    "id": "urn:uuid:`uuidgen`",
    "type": ["VerifiableCredential"],
    "issuer": "${issuer_did}",
    "issuanceDate": "$(date -u +%FT%TZ)",
    "credentialSubject": {
        "id": "did:example:my-data-subject-identifier"
    }
}
EOF

To sign the VC using DIDKit CLI with Decentralized Identifiers, input the path to the signing key, a verification method (-v), a proof purpose (-p), and the unsigned credential (stdin). Verification methods describe how to interpret the signature and check for validity.

vm=$(didkit key-to-verification-method key --key-path issuer_key.jwk)
didkit vc-issue-credential --key-path issuer_key.jwk \
                           -v "${vm}" -p assertionMethod \
                           <unsigned-vc.json > signed-vc.json
cat signed-vc.json

This produces a signed VC, which we will now verify.

didkit vc-verify-credential < signed-vc.json

You shouldn't see any failed checks, warnings, or errors. For good measure, try modifying the contents of signed-vc.json and ensuring that it no longer verifies successfully.

Step 2: Verifying a did-web issued VC

In this example, we will verify a VC generated from Spruce's demo server.

curl https://demo.spruceid.com/get-example-vc > example-vc.json

example-vc.json should resemble the following content:

{
  "@context":["https://www.w3.org/2018/credentials/v1"],
  "type":"VerifiableCredential",
  "credentialSubject":{},
  "issuer":"did:web:demo.spruceid.com",
  "issuanceDate":"2021-09-13T18:23:56Z",
  "proof":{
    "type":"Ed25519Signature2018",
    "proofPurpose":"assertionMethod",
    "verificationMethod":"did:web:demo.spruceid.com#_t-v-Ep7AtkELhhvAzCCDzy1O5Bn_z1CVFv9yiRXdHY",
    "created":"2021-09-13T18:23:56.483Z",
    "jws":"eyJhbGciOiJFZERTQSIsImNyaXQiOlsiYjY0Il0sImI2NCI6ZmFsc2V9..X5J2jI5j3TPqFO_g6XOlB730WlXJ8mDsfoyLQ4u60MelVosi1Et6V_pB7-zELDggdqZTsKQjSqDodv0m7ui1Bg"
  },
  "expirationDate":"2021-10-13T18:23:56Z"
}

To verify the VC, run:

didkit vc-verify-credential -p assertionMethod < example-vc.json

You can resolve a did-web DID directly by running the following:

didkit did-resolve did:web:demo.spruceid.com

Congratulations, you have issued a VC using a did-key DID, verified it, and also verified a VC issued by a did-web DID!

The @context property flags this JSON object as a W3C Verifiable Credential, and can be optionally interpreted as , which is out of scope for this tutorial. The id property is the identifier for the VC, which may be unique and ultimately depends on the system design. The type property identifies this VC as a base data model, with no additions. The issuer property contains a URI referring to the issuer of the VC (the did-key generated previously), with issuanceDate denoting when the VC was issued (now, in UTC).

Finally, the credentialSubject contains the claim itself, which for this dummy example, contains no information other than the data subject in credentialSubject.id, which happens to be an example Decentralized Identifier. A full listing of the required or suggested properties for a VC can be found in the specification.

Proof purposes add the scope and intent of the signing, and in this example, we will use the proof purpose value of assertionMethod, which asserts the authenticity of the credential. For more information verification methods and proof purposes, refer to the ).

You shouldn't see any failed checks, warnings, or errors. For good measure, try modifying the contents of example-vc.json and ensuring that it no longer verifies successfully. Under the hood, DIDKit will resolve the DID into a DID Document containing public keys and supported verification methods.

⚙️
cargo
build-essential
from source
install via Docker
did-key
Ed25519
JWK
JSON-LD
VC Data Model
DID Core specification
did-web