This page explains states and a typical flow of client-managed secret mode with the did:ion method. See https://identity.foundation/did-registration/#client-managed-secret-mode for more information about the protocol.
¶ States
Possible states:
¶ Requests and Responses
¶ Request 1: Missing verificationMethods with purpose "update" and "recovery"
Supported options:
- network: The network on which to create the DID (e.g.
testnet,mainnet, etc.)
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X POST "https://api.godiddy.com/0.1.0/universal-registrar/create?method=ion" \
-H "Content-Type: application/json" \
-d '{
"options": {
"clientSecretMode": true,
"network": "testnet"
},
"secret": { },
"didDocument": {
"@context": ["https//www.w3.org/ns/did/v1"],
"service": [{
"type": "DIDComm",
"serviceEndpoint": "https://test.com/mydidcomm/endpoint"
}]
}
}'
¶ Response A: action=getVerificationMethod
{
"jobId": null,
"didState": {
"state": "action",
"action": "getVerificationMethod",
"verificationMethodTemplate": [{
"type": "JsonWebKey2020",
"publicKeyJwk": {
"kty": "EC",
"crv": "secp256k1"
},
"purpose": [
"update"
]
}, {
"type": "JsonWebKey2020",
"publicKeyJwk": {
"kty": "EC",
"crv": "secp256k1"
},
"purpose": [
"recovery"
]
}],
},
"didRegistrationMetadata": { ... },
"didDocumentMetadata": { ... }
}
¶ Request 2: verificationMethods with purpose "update" and "recovery"
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X POST "https://api.godiddy.com/0.1.0/universal-registrar/create?method=ion" \
-H "Content-Type: application/json" \
-d '{
"options": {
"clientSecretMode": true,
"network": "testnet"
},
"secret": {
"verificationMethod": [{
"type": "JsonWebKey2020",
"publicKeyJwk": {
"kty": "EC",
"crv": "secp256k1",
"x": "<-- base64url encoded -->",
"y": "<-- base64url encoded -->"
},
"purpose": [
"update"
]
}, {
"type": "JsonWebKey2020",
"publicKeyJwk": {
"kty": "EC",
"crv": "secp256k1",
"x": "<-- base64url encoded -->",
"y": "<-- base64url encoded -->"
},
"purpose": [
"recovery"
]
}]
},
"didDocument": {
"@context": ["https//www.w3.org/ns/did/v1"],
"verificationMethod": [{
"id": "#key-1",
"type": "Ed25519VerificationKey2018",
"publicKeyBase58": "<-- base58 encoded -->"
}],
"service": [{
"id": "#didcomm",
"type": "DIDComm",
"serviceEndpoint": "https://test.com/mydidcomm/endpoint"
}]
}
}'
¶ Response B: action=wait
{
"jobId": "00000000-0000-0000-0000-000000000000",
"didState": {
"state": "wait",
"wait": "publish",
"didDocument": { ... }
},
"didRegistrationMetadata": { ... },
"didDocumentMetadata": { ... }
}
¶ Request 3: Wait
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X POST "https://api.godiddy.com/0.1.0/universal-registrar/create?method=ion" \
-H "Content-Type: application/json" \
-d '{
"jobId": "00000000-0000-0000-0000-000000000000",
"options": {
"clientSecretMode": true
},
"secret": { },
"didDocument": { }
}'
¶ Response C: state=finished
{
"jobId": "00000000-0000-0000-0000-000000000000",
"didState": {
"did": "did:ion:test:1234567890123456789012",
"state": "finished",
"secret": {
"verificationMethod": [
[{
"id": "#key-1"
}, {
"id": "did:ion:test:1234567890123456789012#key-1",
"controller": "did:ion:test:1234567890123456789012"
}]
]
}
},
"didRegistrationMetadata": { ... },
"didDocumentMetadata": { ... }
}
¶ OpenSSL Commands
¶ For Request 2:
Generate two new DID controller keypairs (secp256k1):
openssl ecparam -genkey -name secp256k1 -outform DER >privkey_update
openssl ec -conv_form uncompressed -in privkey_update -pubout -out pubkey_update -inform DER -outform DER
openssl ecparam -genkey -name secp256k1 -outform DER >privkey_recovery
openssl ec -conv_form uncompressed -in privkey_recovery -pubout -out pubkey_recovery -inform DER -outform DER
Convert DID controller public keys to JWKs:
cat pubkey_update| tail -c +25| head -c 32| basenc -w0 --base64url
cat pubkey_update| tail -c +57| basenc -w0 --base64url
cat pubkey_recovery| tail -c +25| head -c 32| basenc -w0 --base64url
cat pubkey_recovery| tail -c +57| basenc -w0 --base64url
The results can then be used as values of x and y in Request 2.