CLI Commands

DIDKit offers its functionality in a command-line program, didkit.

Build#

$ cargo build

Install#

$ cargo install --path .

Commands#

Each command is called in the form: didkit help, didkit generate-ed25519-key, etc.

help#

Output help about didkit and its subcommands.

generate-ed25519-key#

Generate a Ed25519 keypair and output it in JWK format.

key-to-did-key#

Given a JWK, output the corresponding did:key.

Currently, this only supports Ed25519 keys.

key-to-verification-method#

Given a Ed25519 JWK, output the corresponding did:key verificationMethod.

Options#

  • -k, --key-path <file> (required, conflicts with jwk): Filename of JWK file
  • -j, --jwk <jwk> (required, conflicts with key-path): JWK.

vc-issue-credential#

Issue a verifiable credential. Reads credential on stdin, constructs a linked data proof to add to the credential, and outputs the resulting verifiable credential.

Corresponds to /issue/credentials in vc-http-api.

The proof type is set automatically based on the key file provided. JWK parameters besides the cryptographic components, such as kid (Key ID), are ignored currently. For an RSA key, the alg (Algorithm) parameter is ignored and RS256 is used for it, for RsaSignature2018.

Options#

Options besides --key-path correspond to linked data proof options as specified in ld-proofs and vc-http-api.

  • -C, --challenge <challenge> - challenge property of the proof
  • -c, --created <created> - created property of the proof. ISO8601 datetime. Defaults to the current time.
  • -d, --domain <domain> - domain property of the proof
  • -k, --key-path <key> (required, conflicts with jwk): Filename of JWK for signing.
  • -j, --jwk <jwk> (required, conflicts with key-path): JWK for signing.
  • -p, --proof-purpose <proof-purpose> proofPurpose property of the proof.
  • -v, --verification-method <verification-method>verificationMethod property of the proof. URI for proof verification information, e.g. a public key identifier.

Supported JWK key types#

  • RSA
  • OKP (curve: Ed25519)

vc-verify-credential#

Verify a verifiable credential. Reads verifiable credential on standard input, and outputs verification result. Returns exit status zero if credential successfully verified, or non-zero if errors were encountered.

Corresponds to /verify/credentials in vc-http-api.

Options#

Options are linked data proof options as specified in ld-proofs and vc-http-api. If there is more than one proof present, at least one must pass all the requirements passed in the options.

  • -C, --challenge <challenge> - The challenge property of the proof must equal this value.
  • -c, --created <created> - The created property of the proof must be on or after the given ISO8601 datetime. Defaults to the current time.
  • -d, --domain <domain> - The domain property of the proof must equal the given value.
  • -p, --proof-purpose <proof-purpose> - The proofPurpose property of the proof must equal this value.
  • -v, --verification-method <verification-method> - The verificationMethod property of the proof must equal this value.

Supported proof types#

Output#

The verification result output is a VerificationResult JSON object as specified in vc-http-api:

{
"checks": [],
"warnings": [],
"errors": []
}

Verification result properties:

  • checks - Array of strings indicating checks completed on the credential.
  • warnings - Array of warnings encountered during validation or verification.
  • errors - Array of strings indicating errors encountered during validation or verification. If errors is empty, the credential is verified.

vc-issue-presentation#

Issue a verifiable presentation. Reads presentation on stdin, generates proof to add to it, and outputs the resulting verifiable presentation.

Corresponds to /prove/presentations in vc-http-api.

Options are the same as for vc-issue-credential.

vc-verify-presentation#

Verify a verifiable presentation. Reads verifiable presentation on stdin, and outputs verification result. Returns exit status zero if presentation successfully verified, or non-zero if errors were encountered.

Corresponds to /verify/presentations in vc-http-api.

Options and output format are the same as for vc-verify-credential.

Examples#

See the included Script 1 in the Examples section.