Interface DidKeyCreateOptions<TKms>

Defines the set of options available when creating a new Decentralized Identifier (DID) with the 'did:key' method.

Either the algorithm or verificationMethods option can be specified, but not both.

  • A new key will be generated using the algorithm identifier specified in either the algorithm property or the verificationMethods object's algorithm property.
  • If verificationMethods is given, it must contain exactly one entry since DID Key only supports a single verification method.
  • If neither is given, the default is to generate a new Ed25519 key.

Example

 * // By default, when no options are given, a new Ed25519 key will be generated.
const did = await DidKey.create();

// The algorithm to use for key generation can be specified as a top-level option.
const did = await DidKey.create({
  options: { algorithm = 'secp256k1' }
});

// Or, alternatively as a property of the verification method.
const did = await DidKey.create({
  options: {
    verificationMethods: [{ algorithm = 'secp256k1' }]
  }
});

// DID Creation with a KMS
const keyManager = new LocalKeyManager();
const did = await DidKey.create({ keyManager });

// DID Resolution
const resolutionResult = await DidKey.resolve({ did: did.uri });

// Signature Operations
const signer = await did.getSigner();
const signature = await signer.sign({ data: new TextEncoder().encode('Message') });
const isValid = await signer.verify({ data: new TextEncoder().encode('Message'), signature });

// Import / Export

// Export a BearerDid object to the PortableDid format.
const portableDid = await did.export();

// Reconstruct a BearerDid object from a PortableDid
const did = await DidKey.import(portableDid);
interface DidKeyCreateOptions<TKms> {
    algorithm?: TKms extends CryptoApi<KmsGenerateKeyParams, string, KmsGetPublicKeyParams, KmsDigestParams, KmsSignParams, KmsVerifyParams>
        ? InferKeyGeneratorAlgorithm<TKms<TKms>>
        : "Ed25519" | "secp256k1" | "secp256r1";
    defaultContext?: string;
    enableEncryptionKeyDerivation?: boolean;
    enableExperimentalPublicKeyTypes?: boolean;
    publicKeyFormat?: "Ed25519VerificationKey2020" | "JsonWebKey2020" | "X25519KeyAgreementKey2020";
    verificationMethods?: DidCreateVerificationMethod<TKms>[];
}

Type Parameters

  • TKms

Hierarchy (view full)

Properties

algorithm? defaultContext? enableEncryptionKeyDerivation? enableExperimentalPublicKeyTypes? publicKeyFormat? verificationMethods?

Properties

Optional algorithm

algorithm?: TKms extends CryptoApi<KmsGenerateKeyParams, string, KmsGetPublicKeyParams, KmsDigestParams, KmsSignParams, KmsVerifyParams>
    ? InferKeyGeneratorAlgorithm<TKms<TKms>>
    : "Ed25519" | "secp256k1" | "secp256r1"

Optionally specify the algorithm to be used for key generation.

Optional defaultContext

defaultContext?: string

Optionally specify an array of JSON-LD context links for the

Context

property of the DID document.

The

Context

property provides a JSON-LD processor with the information necessary to interpret the DID document JSON. The default context URL is 'https://www.w3.org/ns/did/v1'.

Optional enableEncryptionKeyDerivation

enableEncryptionKeyDerivation?: boolean

Optionally enable encryption key derivation during DID creation.

By default, this option is set to false, which means encryption key derivation is not performed unless explicitly enabled.

When set to true, an X25519 key will be derived from the Ed25519 public key used to create the DID. This feature enables the same DID to be used for encrypted communication, in addition to signature verification.

Notes:

  • This option is ONLY applicable when the algorithm of the DID's public key is Ed25519.
  • Enabling this introduces specific cryptographic considerations that should be understood before using the same key pair for digital signatures and encrypted communication. See the following for more information:

Optional enableExperimentalPublicKeyTypes

enableExperimentalPublicKeyTypes?: boolean

Optionally enable experimental public key types during DID creation. By default, this option is set to false, which means experimental public key types are not supported.

Note: This implementation of the DID Key method does not support any experimental public key types.

Optional publicKeyFormat

publicKeyFormat?: "Ed25519VerificationKey2020" | "JsonWebKey2020" | "X25519KeyAgreementKey2020"

Optionally specify the format of the public key to be used for DID creation.

Optional verificationMethods

verificationMethods?: DidCreateVerificationMethod<TKms>[]

Alternatively, specify the algorithm to be used for key generation of the single verification method in the DID Document.

Settings

Member Visibility

Theme

On This Page

algorithmdefaultContextenableEncryptionKeyDerivationenableExperimentalPublicKeyTypespublicKeyFormatverificationMethods