DID KEY Plugin for Veramo, extended with support for EBSI
We are excited to release our extended version of the DID KEY plugin for Veramo, compliant with the EBSI Natural Person identifiers. The extended plugin enables you to create Decentralized Identifiers (DID) compatible with European Blockchain Services Infrastructure (EBSI). This article continues the EBSI story started in the DID EBSI Plugin for Veramo.
Here is the link to the NPM package.
And one more thing: you can already create new DID KEY identifiers with Masca. You should definitely try that here.
What is the difference between DID KEY and EBSI’s DID KEY?
The DID KEY method for EBSI Natural Persons is an extended version of the DID KEY method. It uses the public key format jwk_jcs-pub. JCS (JSON Canonicalization Scheme) is a standard algorithm for putting arbitrary JSON data in a deterministic format. It ensures that the calculated JWK thumbprint used to create the DID identifier is always the same.
New DID KEY plugin
You can create DID identifiers, as well as resolve, using different key types, in the same way as with the previous plugin developed by Veramo. The only new thing is that this plugin supports additional public key type for DID KEY identifiers, which is necessary to be compatible with the EBSI ecosystem.
How to use the plugin?
The source code of the new DID KEY plugin is available here.
import { KeyDidProvider, keyDidResolver } from '@blockchain-lab-um/did-provider-key'Plugin implements Veramo’s abstract class AbstractIdentifierProvider and function type DIDResolver, which means you can use it in the same way as other DID providers.
const agent = createAgent<IDIDManager & IResolver>({
plugins: [
// other plugins above ...
new DIDManager({
store: new SnapDIDStore(snap, ethereum),
defaultProvider: 'metamask',
providers: [
"did:key": new KeyDidProvider({ kms: "local" }),
// ...
],
}),
new DIDResolverPlugin({
resolver: new Resolver({
...keyDidResolver(),
// ...
}),
}),
],
});Once the agent is created, you can create DID identifiers using the optional type parameter set to ebsi.
// Normal DID KEY identifier
const identifier = await agent.didManagerCreate({
provider: 'did:key',
options: {
keyType: 'Secp256k1',
},
});
// EBSI DID KEY identifier
const ebsiIdentifier = await agent.didManagerCreate({
provider: 'did:key',
options: {
keyType: 'Secp256r1',
type: 'ebsi',
},
});We can then resolve the created DID using a resolve function.
const result = await agent.resolveDid({ didUrl: "did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbsKNqUnvoryh7dFXDwVZsHcWQGBQvrsvYwzMN65n3NnPPQSdSsjTaPVAKUknKJS1F7xMX78Lm5d3jb4ykkvJMAkzdEJJu6rFp5STb7iapcwnGvC8kbpmyhzPwqshvd3YAGU" });
const didDoc = result.didDocument;Resolved DID Document:
{
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/suites/jws-2020/v1"
],
"id": "did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbsKNqUnvoryh7dFXDwVZsHcWQGBQvrsvYwzMN65n3NnPPQSdSsjTaPVAKUknKJS1F7xMX78Lm5d3jb4ykkvJMAkzdEJJu6rFp5STb7iapcwnGvC8kbpmyhzPwqshvd3YAGU",
"verificationMethod": [
{
"id": "did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbsKNqUnvoryh7dFXDwVZsHcWQGBQvrsvYwzMN65n3NnPPQSdSsjTaPVAKUknKJS1F7xMX78Lm5d3jb4ykkvJMAkzdEJJu6rFp5STb7iapcwnGvC8kbpmyhzPwqshvd3YAGU#z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbsKNqUnvoryh7dFXDwVZsHcWQGBQvrsvYwzMN65n3NnPPQSdSsjTaPVAKUknKJS1F7xMX78Lm5d3jb4ykkvJMAkzdEJJu6rFp5STb7iapcwnGvC8kbpmyhzPwqshvd3YAGU",
"type": "JsonWebKey2020",
"controller": "did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbsKNqUnvoryh7dFXDwVZsHcWQGBQvrsvYwzMN65n3NnPPQSdSsjTaPVAKUknKJS1F7xMX78Lm5d3jb4ykkvJMAkzdEJJu6rFp5STb7iapcwnGvC8kbpmyhzPwqshvd3YAGU",
"publicKeyJwk": {
"crv": "P-256",
"kty": "EC",
"x": "oxhsWkx9HBW4Q0M0u2d4PbBfgAH5Nc4KaRRJJnZNJj4",
"y": "OK7njfDC-lshJfDpgRcAmLl0OvTHe83bJO99Wjl_wnI"
}
}
],
"authentication": [
"did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbsKNqUnvoryh7dFXDwVZsHcWQGBQvrsvYwzMN65n3NnPPQSdSsjTaPVAKUknKJS1F7xMX78Lm5d3jb4ykkvJMAkzdEJJu6rFp5STb7iapcwnGvC8kbpmyhzPwqshvd3YAGU#z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbsKNqUnvoryh7dFXDwVZsHcWQGBQvrsvYwzMN65n3NnPPQSdSsjTaPVAKUknKJS1F7xMX78Lm5d3jb4ykkvJMAkzdEJJu6rFp5STb7iapcwnGvC8kbpmyhzPwqshvd3YAGU"
],
"assertionMethod": [
"did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbsKNqUnvoryh7dFXDwVZsHcWQGBQvrsvYwzMN65n3NnPPQSdSsjTaPVAKUknKJS1F7xMX78Lm5d3jb4ykkvJMAkzdEJJu6rFp5STb7iapcwnGvC8kbpmyhzPwqshvd3YAGU#z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbsKNqUnvoryh7dFXDwVZsHcWQGBQvrsvYwzMN65n3NnPPQSdSsjTaPVAKUknKJS1F7xMX78Lm5d3jb4ykkvJMAkzdEJJu6rFp5STb7iapcwnGvC8kbpmyhzPwqshvd3YAGU"
],
"capabilityInvocation": [
"did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbsKNqUnvoryh7dFXDwVZsHcWQGBQvrsvYwzMN65n3NnPPQSdSsjTaPVAKUknKJS1F7xMX78Lm5d3jb4ykkvJMAkzdEJJu6rFp5STb7iapcwnGvC8kbpmyhzPwqshvd3YAGU#z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbsKNqUnvoryh7dFXDwVZsHcWQGBQvrsvYwzMN65n3NnPPQSdSsjTaPVAKUknKJS1F7xMX78Lm5d3jb4ykkvJMAkzdEJJu6rFp5STb7iapcwnGvC8kbpmyhzPwqshvd3YAGU"
],
"capabilityDelegation": [
"did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbsKNqUnvoryh7dFXDwVZsHcWQGBQvrsvYwzMN65n3NnPPQSdSsjTaPVAKUknKJS1F7xMX78Lm5d3jb4ykkvJMAkzdEJJu6rFp5STb7iapcwnGvC8kbpmyhzPwqshvd3YAGU#z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbsKNqUnvoryh7dFXDwVZsHcWQGBQvrsvYwzMN65n3NnPPQSdSsjTaPVAKUknKJS1F7xMX78Lm5d3jb4ykkvJMAkzdEJJu6rFp5STb7iapcwnGvC8kbpmyhzPwqshvd3YAGU"
]
}Supported key types
The current version of the plugin supports creating DIDs using the following key types: Secp256k1, Secp256r1, Ed25519, and X25519.
What’s next?
The EBSI story is progressing well, with all necessary DID methods now finished. The next step is to add OIDC (OpenID Connect) support to Masca, complete the issuer and verifier servers/services, and test the whole workflow of VC issuance and VP presentation.
Stay tuned for new updates!
