Skip to main content

DIDKit header

What is DIDKit?#

DIDKit provides Verifiable Credential and Decentralized Identifier functionality across different platforms. DIDKit's core libraries are written in Rust due to Rust's expressive type system, memory safety, simple dependency web, and suitability across different platforms including embedded systems, but the comprehensive DIDKit SDK includes many libraries and interfaces for using it almost everywhere.

Key Features#

DIDKit supports the following key capabilities:

  • It can sign and verify W3C Verifiable Credentials almost anywhere you can install it.
    • Where is anywhere, you ask? See the "DIDKit Interfaces" section to the left for a growing list of language-specific libraries, many available via package manager, and foreign function interfaces.
    • Credible is also anywhere-- DIDKit powers our SDK for web-wallets and mobile app development, which spans a whole additional range of anywheres you might need to handle DIDs and VCs.
    • If you need a server, not a library, DIDKit also powers a dockerized, ready-to-go HTTP/HTTPS server that can be called using the VC-HTTP-API standard or customized to use any other API interface.
  • It can juggle and translate between the two major signing systems and proof formats used in Verifiable Credentials today: Linked Data Proofs and the JOSE family of tokens and envelopes, abstracting out all the complexity of both.
  • It can handle, authenticate, validate, register, and even determininstically generate many kinds of W3C Decentralized Identifiers, aka the titular "DIDs": full-featured "on-chain" DIDs, implicit or "off-chain" DIDs, disposable, short-lived DIDs, pseudo-DIDs generated by key material borrowed from other systems
    • This includes "GitHub keys", HSM keys, any blockchain addresses representable as CAIP codes... the list keeps growing!
  • It can also issue and consume authorization tokens based on the Object Capabilities model, also known as "ZCaps", which drive the security model of our powerful Kepler storage system, as well as many other next-generation resource management systems.


You can build DIDKit's command-line interface and HTTP server in just a few minutes from your command line.


  • Any major GNU/Linux distribution, including MacOS or Microsoft's WSL2
  • Stable Rust

Building didkit :

git clone --recurse-submodules
git clone
cd didkit/
cargo build

That's it-- you're now ready to use didkit's CLI. For comprehensive documentation of CLI commands, see Github, and for a more skimmable overview, see the CLI page) here. For example, these basic commands should confirm the installation was succesful:

./target/debug/didkit -h
./target/debug/didkit generate-ed25519-key > key.jwk

You're also ready to spin up a didkit-powered HTTP server for internal or external use, depending on your context. For comprehensive documentation of the HTTP commands, see Github , and for a more skimmable overview, see the HTTP page here. The HTTP server can be spun up with a single command if passed a key and some flags, and will respond with the port on which it will listen for valid calls:

$ ./target/debug/didkit-http -k key.jwk
Listening on

More detailed installation instructions and variants, including Docker instructions, can be found on our installation page.


The following tools and features are high priority for subsequent releases:

  1. Exposing interfaces for JWT-based Verifiable Credential workflows
  2. JSON-LD context editor and hosting/publication tool
  3. Registration of several new LD signature suites and support for new cryptography
  4. DIDComm support
  5. Aries interoperability profile support