This page explains states and a typical flow of client-managed secret mode with the did:pkh method. See https://identity.foundation/did-registration/#client-managed-secret-mode for more information about the protocol.
¶ States
Possible states:
¶ Requests and Responses
¶ Request 1: Missing verificationMethod "#blockchainAccountIdKey"
Supported options:
- namespace: The namespace according to CAIP-2 (possible values:
eip155) - chainId or network: The reference part of the chain ID according to CAIP-2 (example values:
1,5, also see https://chainid.network/)
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X POST "https://api.godiddy.com/0.1.0/universal-registrar/create?method=pkh" \
-H "Content-Type: application/json" \
-d '{
"options": {
"clientSecretMode": true,
"namespace": "eip155",
"chainId": "5"
},
"secret": { },
"didDocument": { }
}'
¶ Response A: action=getVerificationMethod
{
"jobId": null,
"didState": {
"state": "action",
"action": "getVerificationMethod",
"verificationMethodTemplate": [{
"id": "#blockchainAccountIdKey",
"type": "EcdsaSecp256k1VerificationKey2019"
}
}]
},
"didRegistrationMetadata": { ... },
"didDocumentMetadata": { ... }
}
¶ Request 2: verificationMethod "#blockchainAccountIdKey"
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X POST "https://api.godiddy.com/0.1.0/universal-registrar/create?method=pkh" \
-H "Content-Type: application/json" \
-d '{
"options": {
"clientSecretMode": true,
"namespace": "eip155",
"chainId": "5"
},
"secret": { },
"didDocument": {
"@context": ["https//www.w3.org/ns/did/v1"],
"verificationMethod": [{
"id": "#blockchainAccountIdKey",
"type": "EcdsaSecp256k1VerificationKey2019",
"publicKeyHex": "049eca28b4fb4073b9a14a2ae89297a94a589ac82bb64220b09db0cf0aef79632790bdb71bf09c7e752d4d24c724aeb36624999967d15390eefeccf5e65a305f00"
}]
}
}'
¶ Response B: state=finished
{
"jobId": null,
"didState": {
"did": "did:pkh:eip155:5:0xA4b2746Fcd4757d7e5b3C4aBD7753ebf644eb406",
"state": "finished",
"secret": {
"verificationMethod": [
[{
"id": "#blockchainAccountIdKey",
"type": "EcdsaSecp256k1VerificationKey2019"
},
{
"id": "did:pkh:eip155:5:0xA4b2746Fcd4757d7e5b3C4aBD7753ebf644eb406#blockchainAccountIdKey",
"controller": "did:pkh:eip155:5:0xA4b2746Fcd4757d7e5b3C4aBD7753ebf644eb406",
"purpose": [
"authentication",
"assertionMethod"
]
}
]
]
}
}
}
¶ OpenSSL Commands
¶ For Request 2:
Generate a new DID controller keypair (secp256k1):
openssl ecparam -genkey -name secp256k1 -outform DER >privkey
openssl ec -conv_form uncompressed -in privkey -pubout -out pubkey -inform DER -outform DER
Convert DID controller public key to hexadecimal:
cat pubkey| tail -c +24| basenc -w0 --base16
The result can then used as value of publicKeyHex in Request 2.