Appearance
did:indy Create
This page explains states and a typical flow of client-managed secret mode with the did:indy method.
States
Possible states:
Requests and Responses
Request 1: Missing verificationMethod "#verkey"
Supported options:
network: The network on which to create the DID (possible values:sovrin,sovrin:builder,sovrin:staging,danube,idunion,idunion:test,indicio,indicio:test,indicio:demo)
bash
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X POST "https://api.godiddy.com/0.1.0/universal-registrar/create?method=indy" \
-H "Content-Type: application/json" \
-d '{
"options": {
"clientSecretMode": true,
"network": "danube"
},
"secret": { },
"didDocument": {
"@context": ["https//www.w3.org/ns/did/v1"],
"service": [{
"id": "#didcomm",
"type": "DIDComm",
"serviceEndpoint": "https://test.com/mydidcomm/endpoint"
}]
}
}'Response A: action=getVerificationMethod
json
{
"jobId": null,
"didState": {
"state": "action",
"action": "getVerificationMethod",
"verificationMethodTemplate": [{
"id": "#verkey",
"type": "Ed25519VerificationKey2018",
"purpose": [
"authentication",
"assertionMethod",
"capabilityInvocation",
"capabilityDelegation"
]
}]
},
"didRegistrationMetadata": { ... },
"didDocumentMetadata": { ... }
}Request 2: verificationMethod "#verkey"
bash
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X POST "https://api.godiddy.com/0.1.0/universal-registrar/create?method=indy" \
-H "Content-Type: application/json" \
-d '{
"options": {
"clientSecretMode": true,
"network": "danube"
},
"secret": { },
"didDocument": {
"@context": ["https//www.w3.org/ns/did/v1"],
"verificationMethod": [{
"id": "#verkey",
"type": "Ed25519VerificationKey2018",
"publicKeyBase58": "<-- base58 encoded -->"
}],
"service": [{
"id": "#didcomm",
"type": "DIDComm",
"serviceEndpoint": "https://test.com/mydidcomm/endpoint"
}]
}
}'Response B: action=signPayload with "signingRequestNym"
json
{
"jobId": "00000000-0000-0000-0000-000000000000",
"didState": {
"state": "action",
"action": "signPayload",
"signingRequest": {
"signingRequestNym": {
"kid": "#verkey",
"alg": "EdDSA",
"purpose": "authentication",
"payload": { ... },
"serializedPayload": "<-- base 64 encoded -->"
}
}
},
"didRegistrationMetadata": { ... },
"didDocumentMetadata": { ... }
}Request 3: signingResponse for "signingRequestNym"
bash
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X POST "https://api.godiddy.com/0.1.0/universal-registrar/create?method=indy" \
-H "Content-Type: application/json" \
-d '{
"jobId": "00000000-0000-0000-0000-000000000000",
"options": {
"clientSecretMode": true
},
"secret": {
"signingResponse": {
"signingRequestNym": {
"signature": "<-- base64 encoded -->"
}
}
},
"didDocument": { }
}'Response C: action=signPayload with "signingRequestAttrib"
json
{
"jobId": "00000000-0000-0000-0000-000000000000",
"didState": {
"state": "action",
"action": "signPayload",
"signingRequest": {
"signingRequestAttrib": {
"kid": "#verkey",
"alg": "EdDSA",
"purpose": "authentication",
"payload": { ... },
"serializedPayload": "<-- base 64 encoded -->"
}
}
},
"didRegistrationMetadata": { ... },
"didDocumentMetadata": { ... }
}Request 4: signingResponse for "signingRequestAttrib"
bash
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X POST "https://api.godiddy.com/0.1.0/universal-registrar/create?method=indy" \
-H "Content-Type: application/json" \
-d '{
"jobId": "00000000-0000-0000-0000-000000000000",
"options": {
"clientSecretMode": true
},
"secret": {
"signingResponse": {
"signingRequestAttrib": {
"signature": "<-- base64 encoded -->"
}
}
},
"didDocument": { }
}'Response D: state=finished
json
{
"jobId": "00000000-0000-0000-0000-000000000000",
"didState": {
"state": "finished",
"did": "did:indy:danube:1234567890123456789012",
"secret": {
"verificationMethod": [
[{
"id": "#verkey"
}, {
"id": "did:indy:danube:1234567890123456789012#verkey",
"controller": "did:indy:danube:1234567890123456789012"
}]
]
}
},
"didRegistrationMetadata": { ... },
"didDocumentMetadata": { ... }
}OpenSSL Commands
For Request 2
See Request 2.
Generate a new DID controller keypair (Ed25519):
bash
openssl genpkey -algorithm ed25519 -outform DER >privkey
openssl pkey -in privkey -pubout -out pubkey -inform DER -outform DERConvert DID controller public key to Base58:
bash
cat pubkey| tail -c +13| base58The result can then be used as value of publicKeyBase58 in Request 2.
For Response B or C
Extract the value of serializedPayload from Response B or Response C. Then Base64-decode the payload and write to a file:
bash
echo "<-- base64 encoded -->"| basenc -d --base64 >payloadFor Request 3
See Request 3.
Sign the payload with the Transaction Endorser private key:
bash
openssl pkeyutl -sign -rawin -in payload -inkey te_privkey -keyform DER| base64| tr -d '\n' >signatureThe result can then be used as value of signature in Request 3.
NOTE
This needs experimental Debian/Ubuntu packages libssl3 3.0.0 and openssl 3.0.0.
For Request 4
See Request 4.
Sign the payload with the DID controller private key:
bash
openssl pkeyutl -sign -rawin -in payload -inkey privkey -keyform DER| base64| tr -d '\n' >signatureThe result can then be used as value of signature in Request 4.
NOTE
This needs experimental Debian/Ubuntu packages libssl3 3.0.0 and openssl 3.0.0.