did-ion-create and register did on ION network
Introduction
stack
https://gyazo.com/65d48d01138282b9f4449f1495ab9766
why ION?
document
good lesson, all development targets, backend system, terminologies
likely to be integrated with Azure blockchain service
Reference
Read this paper and understand basic concept of decentralized identity.
components
sidetree protocol: layer2 solution for DID
identity hub: secure personal datastore with DID
https://gyazo.com/2a14a1262e9d0d25a3531c76710eb250
Dev Document
Register DID
what we do today
through ion-test method (api), claim your DID and discover it. ion-test method uses sidetree protocol as layer2 solution on the top of blockchain. ion-test uses bitcoin testnet for beta version now.
DID methods
Currently our registration services support the following two DID methods:
ion-test: It uses a protocol known as SideTree to batch DID operations into individual Bitcoin transactions. Currently, the ion-test method registers DIDs on Bitcoin's testnet. It does not require any cryptocurrency or monetary value, and should only be used for test and development DIDs.
prerequirements
NPM and NodeJS 8 or later installed on your machine.
Generate a key pair
You can generate your keys as a JSON Web Key (JWK) file using the did-auth-jose library.
First install the package:
$ npm install @decentralized-identity/did-auth-jose@0.1.12
Next, in the same directory, touch generate-keys.js and write the following code,
code: generate-keys.js
var didAuth = require('@decentralized-identity/did-auth-jose');
var fs = require('fs');
(async () => {
const kid = '#key-1';
const privKey = await didAuth.EcPrivateKey.generatePrivateKey(kid);
const pubKey = privKey.getPublicKey();
pubKey.defaultSignAlgorithm = 'ES256K';
fs.writeFileSync('./private.jwk', JSON.stringify(privKey));
fs.writeFileSync('./public.jwk', JSON.stringify(pubKey));
})();
Run the script to generate a new Secp256k1 key pair.
$ node generate-keys.js
To register a DID using these keys, you must sign a registration request with your private key. A DID registration request must be formatted as a JSON Web Signature (JWS) in JSON serialization format. You can also use the did-auth-jose library to create a JWS. In the same directory, copy & paste the following into a new javascript file called make-jws.js
code: make-jws.js
var fs = require('fs');
var path = require('path');
var didAuth = require('@decentralized-identity/did-auth-jose');
// load JWKs from files
const jwkPriv = JSON.parse(fs.readFileSync(path.resolve(__dirname, './private.jwk'), 'ascii'));
const jwkPub = JSON.parse(fs.readFileSync(path.resolve(__dirname, './public.jwk'), 'ascii'));
// load JWK into an EcPrivateKey object
const privateKey = didAuth.EcPrivateKey.wrapJwk(jwkPriv.kid, jwkPriv);
async function makeJws() {
// construct the JWS payload
const body = {
publicKey: [
{
id: jwkPub.kid,
type: "Secp256k1VerificationKey2018",
publicKeyJwk: jwkPub
}
],
service: [
{
id: "IdentityHub",
type: "IdentityHub",
serviceEndpoint: {
"@context": "schema.identity.foundation/hub",
"@type": "UserServiceEndpoint",
instance: [
"did:test:hub.id",
]
}
}
],
};
// Construct the JWS header
const header = {
alg: jwkPub.defaultSignAlgorithm,
kid: jwkPub.kid,
operation:'create',
proofOfWork:'{}'
};
// Sign the JWS
const jwsToken = new didAuth.JwsToken(body, cryptoFactory);
const signedBody = await jwsToken.signAsFlattenedJson(privateKey, {header});
// Print out the resulting JWS to the console in JSON format
console.log(JSON.stringify(signedBody));
}
makeJws();
Run the above script, which will output a signed JWS in JSON format:
$ node make-jws.js
code: regist_pub_key.py
import requests
import simplejson as json
headers = {
'Content-Type':'application/json',
'Content-Length':'1061',
}
data = {
'header': {
'alg': 'ES256K',
'kid': '#key-1',
'operation': 'create',
'proofOfWork': '{}',
},
'payload': 'eyJAY29udGV4dCI6Imh0dHBzOi8vdzNp...',
'signature': 'MEUCIGgp0iW0qNd8I6bRKLiRkrsasd...',
}
print(response.json())
If your request succeeded, you should receive back the following response:
code: response
{'@context': 'https://w3id.org/did/v1', 'publicKey': {'id': '#key-1', 'type': 'Secp256k1VerificationKey2018', 'publicKeyJwk': {'kty': 'EC', 'kid': '#key-1', 'crv': 'P-256K', 'x': 'MhK0UXmPuRsuyZANFZM-_y6SwVGWcNu7fg4dgvt67vI', 'y': '4IiliZgokRcv893oU-74NdP7qYIB4vIJzf7OIcgIlrw', 'use': 'verify', 'defaultEncryptionAlgorithm': 'none', 'defaultSignAlgorithm': 'ES256K'}}, 'service': [{'id': 'IdentityHub', 'type': 'IdentityHub', 'serviceEndpoint': {'@context': 'schema.identity.foundation/hub', '@type': 'UserServiceEndpoint', 'instance': 'did:test:hub.id'}}], 'id': 'did:ion:test:EiCSDkirryTttmm2...'} id: The DID you have just registered via the ion-test method.
It takes about 10min to register DID, and then you can fetch the DID document associated with your DID.
Discover DID
you can use the discover API to fetch the DID document associated with a DID through HTTP request
code: fetch_your_did.py
import requests
print(response.json())
code: response
{'document': {'@context': 'https://w3id.org/did/v1', 'publicKey': {'id': '#key-1', 'type': 'Secp256k1VerificationKey2018', 'publicKeyJwk': {'kty': 'EC', 'kid': '#key-1', 'crv': 'P-256K', 'x': 'MhK0UXmPuRsuyZANFZM-_y6SwVGWcNu7fg4dgvt67vI', 'y': '4IiliZgokRcv893oU-74NdP7qYIB4vIJzf7OIcgIlrw', 'use': 'verify', 'defaultEncryptionAlgorithm': 'none', 'defaultSignAlgorithm': 'ES256K'}}, 'service': [{'id': 'IdentityHub', 'type': 'IdentityHub', 'serviceEndpoint': {'@context': 'schema.identity.foundation/hub', '@type': 'UserServiceEndpoint', 'instance': 'did:test:hub.id'}}], 'id': 'did:ion:test:EiCSDkirryTttmm2...'}, 'resolverMetadata': {'driverId': 'did:ion:test', 'driver': 'HttpDriver', 'retrieved': '2019-08-10T14:13:32.433Z', 'duration': '72.9976ms'}} This response format is compliant with DID specifications, which helps to ensure that the discovery API can be used by any software packages that implement DID standards. https://gyazo.com/efe1831dd9fc0e24ebdd7cb3ef772231