		/*!
		* Copyright (c) 2021 Digital Bazaar, Inc. All rights reserved.
		* Copyright (c) 2021-2023 Digital Bazaar, Inc. All rights reserved.
		*/
		import * as didIo from '@digitalbazaar/did-io';
		import {
		getDid, getKey, getKeyAgreementKeyPair, setVerificationKeyPairId
		} from './helpers.js';
		import {
		Ed25519VerificationKey2020
		} from '@digitalbazaar/ed25519-verification-key-2020';
		import {
		X25519KeyAgreementKey2020
		} from '@digitalbazaar/x25519-key-agreement-key-2020';
		import {
		X25519KeyAgreementKey2019
		} from '@digitalbazaar/x25519-key-agreement-key-2019';

		import * as didIo from '@digitalbazaar/did-io';

		const DID_CONTEXT_URL = 'https://www.w3.org/ns/did/v1';
		// For backwards compat only, not actually importing this suite
		const ED25519_KEY_2018_CONTEXT_URL =
		'https://w3id.org/security/suites/ed25519-2018/v1';

		const contextsBySuite = new Map([
		[Ed25519VerificationKey2020.suite, Ed25519VerificationKey2020.SUITE_CONTEXT],
		['Ed25519VerificationKey2018', ED25519_KEY_2018_CONTEXT_URL],
		[X25519KeyAgreementKey2020.suite, X25519KeyAgreementKey2020.SUITE_CONTEXT],
		[X25519KeyAgreementKey2019.suite, X25519KeyAgreementKey2019.SUITE_CONTEXT]
		]);

		export class DidKeyDriver {
		@@ -53,5 +37,7 @@ /**
		*/
		async generate({seed} = {}) {
		async generate({seed, ...keyPairOptions} = {}) {
		// Public/private key pair of the main did:key signing/verification key
		const verificationKeyPair = await this.verificationSuite.generate({seed});
		const verificationKeyPair = await this.verificationSuite.generate({
		seed, ...keyPairOptions
		});

		@@ -139,6 +125,4 @@ // keyPairs is a map of keyId to key pair instance, that includes
		const [didAuthority, keyIdFragment] = did.split('#');

		const fingerprint = didAuthority.substr('did:key:'.length);
		const keyPair = this.verificationSuite.fromFingerprint({fingerprint});

		const fingerprint = didAuthority.substring('did:key:'.length);
		const keyPair = await this.verificationSuite.fromFingerprint({fingerprint});
		const {didDocument} = await this._keyPairToDidDocument({keyPair});
		@@ -148,3 +132,3 @@
		// resolve an individual key
		return _getKey({didDocument, keyIdFragment});
		return getKey({didDocument, keyIdFragment});
		}
		@@ -190,35 +174,20 @@
		async _keyPairToDidDocument({keyPair} = {}) {
		const verificationKeyPair = await this.verificationSuite.from({...keyPair});
		const did = `did:key:${verificationKeyPair.fingerprint()}`;
		const verificationKeyPair =
		await this.verificationSuite.from({...keyPair});
		const did = getDid({verificationKeyPair});
		verificationKeyPair.controller = did;

		const contexts = [DID_CONTEXT_URL];

		// The KAK pair will use the source key's controller, but will generate
		// its own .id
		let keyAgreementKeyPair;
		if(verificationKeyPair.type === 'Ed25519VerificationKey2020') {
		keyAgreementKeyPair = X25519KeyAgreementKey2020
		.fromEd25519VerificationKey2020({keyPair: verificationKeyPair});
		contexts.push(Ed25519VerificationKey2020.SUITE_CONTEXT,
		X25519KeyAgreementKey2020.SUITE_CONTEXT);
		} else if(verificationKeyPair.type === 'Ed25519VerificationKey2018') {
		keyAgreementKeyPair = X25519KeyAgreementKey2019
		.fromEd25519VerificationKey2018({keyPair: verificationKeyPair});
		contexts.push(ED25519_KEY_2018_CONTEXT_URL,
		X25519KeyAgreementKey2019.SUITE_CONTEXT);
		} else {
		throw new Error(
		'Cannot derive key agreement key from verification key type "' +
		verificationKeyPair.type + '".'
		);
		// Now set the source key's id
		setVerificationKeyPairId({verificationKeyPair, did});
		// get the keyAgreement keypair
		const {keyAgreementKeyPair, contexts} = await getKeyAgreementKeyPair({
		verificationKeyPair
		});
		let publicDhKey;
		// get the public components of keyAgreement keypair
		if(keyAgreementKeyPair) {
		publicDhKey = await keyAgreementKeyPair.export({publicKey: true});
		}
		// get the public components of keypairs
		const publicEdKey = await verificationKeyPair.export({publicKey: true});

		// Now set the source key's id
		verificationKeyPair.id = `${did}#${verificationKeyPair.fingerprint()}`;

		// get the public components of each keypair
		const publicEdKey = verificationKeyPair.export({publicKey: true});
		const publicDhKey = keyAgreementKeyPair.export({publicKey: true});

		// Compose the DID Document
		@@ -235,9 +204,12 @@ const didDocument = {
		capabilityInvocation: [publicEdKey.id],
		keyAgreement: [publicDhKey]
		};

		if(publicDhKey) {
		didDocument.keyAgreement = [publicDhKey];
		}
		// create the key pairs map
		const keyPairs = new Map();
		keyPairs.set(verificationKeyPair.id, verificationKeyPair);
		keyPairs.set(keyAgreementKeyPair.id, keyAgreementKeyPair);
		if(verificationKeyPair.type !== 'Multikey') {
		keyPairs.set(keyAgreementKeyPair.id, keyAgreementKeyPair);
		}

		@@ -260,31 +232,1 @@ return {didDocument, keyPairs};
		}

		/**
		* Returns the public key object for a given key id fragment.
		*
		* @param {object} options - Options hashmap.
		* @param {object} options.didDocument - The DID Document to use when generating
		* the id.
		* @param {string} options.keyIdFragment - The key identifier fragment.
		*
		* @returns {object} Returns the public key node, with `@context`.
		*/
		export function _getKey({didDocument, keyIdFragment}) {
		// Determine if the key id fragment belongs to the "main" public key,
		// or the keyAgreement key
		const keyId = didDocument.id + '#' + keyIdFragment;
		let publicKey;

		if(didDocument.verificationMethod[0].id === keyId) {
		// Return the public key node for the main public key
		publicKey = didDocument.verificationMethod[0];
		} else {
		// Return the public key node for the X25519 key-agreement key
		publicKey = didDocument.keyAgreement[0];
		}

		return {
		'@context': contextsBySuite.get(publicKey.type),
		...publicKey
		};
		}

lib/index.js

		/*!
		* Copyright (c) 2021 Digital Bazaar, Inc. All rights reserved.
		* Copyright (c) 2021-2023 Digital Bazaar, Inc. All rights reserved.
		*/

		import {createVerificationSuite} from './util.js';
		import {DidKeyDriver} from './DidKeyDriver.js';
		@@ -20,2 +20,2 @@

		export {driver, DidKeyDriver};
		export {createVerificationSuite, driver, DidKeyDriver};

package.json

		{
		"name": "@digitalbazaar/did-method-key",
		"version": "3.0.0",
		"version": "4.0.0",
		"description": "A did:key method resolver.",
		@@ -27,2 +27,3 @@ "homepage": "https://github.com/digitalbazaar/did-method-key",
		"@digitalbazaar/did-io": "^2.0.0",
		"@digitalbazaar/ecdsa-multikey": "^1.1.1",
		"@digitalbazaar/ed25519-verification-key-2020": "^4.0.0",
		@@ -37,6 +38,6 @@ "@digitalbazaar/x25519-key-agreement-key-2019": "^6.0.0",
		"cross-env": "^7.0.3",
		"eslint": "^8.16.0",
		"eslint-config-digitalbazaar": "^3.0.0",
		"eslint-plugin-jsdoc": "^39.3.2",
		"eslint-plugin-unicorn": "^42.0.0",
		"eslint": "^8.37.0",
		"eslint-config-digitalbazaar": "^4.2.0",
		"eslint-plugin-jsdoc": "^40.1.1",
		"eslint-plugin-unicorn": "^46.0.0",
		"karma": "^6.3.20",
		@@ -62,3 +63,3 @@ "karma-babel-preprocessor": "^8.0.2",
		"engines": {
		"node": ">=14"
		"node": ">=16"
		},
		@@ -65,0 +66,0 @@ "keywords": [

README.md

		@@ -90,5 +90,4 @@ # did:key method driver _(@digitalbazaar/did-method-key)_

		Note that this derived key is optional -- there's currently
		[no proof](https://crypto.stackexchange.com/questions/3260/using-same-keypair-for-diffie-hellman-and-signing/3311#3311)
		that this is safe to do.
		Note that this derived key is optional -- there's at least
		[one proof](https://eprint.iacr.org/2021/509) that this is safe to do.

		@@ -95,0 +94,0 @@ ## Install

LICENSE

Sorry, the diff of this file is not supported yet

@digitalbazaar/did-method-key - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes