Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@interop/did-web-resolver
Advanced tools
A did:web method Decentralized Identifier (DID) resolver for the did-io library.
did:web
Resolver (@interop/did-web-resolver)A did:web method Decentralized Identifier (DID) resolver for the did-io library.
TBD
A did:web
method driver for use with in-browser and server-side on Node.js
with the did-io
resolver library.
Draft spec (W3C CCG Work Item):
did:web
Decentralized Identifier Method Specification
Other implementations:
import { Ed25519VerificationKey2020 }
from '@digitalcredentials/ed25519-verification-key-2020'
import { X25519KeyAgreementKey2020 }
from '@digitalcredentials/x25519-key-agreement-key-2020'
import { CryptoLD } from 'crypto-ld'
import * as didWeb from '@interop/did-web-resolver'
const cryptoLd = new CryptoLD()
cryptoLd.use(Ed25519VerificationKey2020)
cryptoLd.use(X25519KeyAgreementKey2020)
const didWebDriver = didWeb.driver({ cryptoLd })
// Optionally use it with the CachedResolver from did-io
import {CachedResolver} from '@digitalcredentials/did-io';
const resolver = new CachedResolver()
resolver.use(didWebDriver)
If you have a deterministic secret seed (created with did-cli
,
for example) and would like to generate a did:web
document from it:
const url = 'https://example.com'
const seed = 'z1AhV1bADy7RepJ64mvH7Kk7htFNGc7EA1WA5nGzLSTWc6o'
const { didDocument, keyPairs, methodFor } = await didWebDriver.generate({ url, seed })
// didDocument
{
'@context': [
'https://www.w3.org/ns/did/v1',
'https://w3id.org/security/suites/ed25519-2020/v1',
'https://w3id.org/security/suites/x25519-2020/v1'
],
id: 'did:web:example.com',
assertionMethod: [{
id: 'did:web:example.com#z6MkmDMjfkjs9XPCN1LfoQQRHz1mJ8PEdiVYC66XKhj3wGyB',
type: 'Ed25519VerificationKey2020',
controller: 'did:web:example.com',
publicKeyMultibase: 'z6MkmDMjfkjs9XPCN1LfoQQRHz1mJ8PEdiVYC66XKhj3wGyB'
}]
}
Invoking generate()
by itself will create new keypairs for each proof purpose.
const { didDocument, keyPairs, methodFor } = await didWebDriver.generate()
// didDocument
{
'@context': [
'https://www.w3.org/ns/did/v1',
'https://w3id.org/security/suites/ed25519-2020/v1',
'https://w3id.org/security/suites/x25519-2020/v1'
],
id: 'did:web:example.com',
capabilityInvocation: [{
id: 'did:web:example.com#z6MkqUiWi2o5V5oDEVzqszpkDhzeJ2o9Z4zVyTWeASqgrgti',
type: 'Ed25519VerificationKey2020',
controller: 'did:web:example.com',
publicKeyMultibase: 'zC2TU7nYe9YJk81A9CRruNcSeUTXJ9Bk9HSbiLAsfwU7L'
}],
authentication: [{
id: 'did:web:example.com#z6MksjNYAxjiTrhPFx9Ljk3SVowEtFXhFqLdsMKJHV4KrcDT',
type: 'Ed25519VerificationKey2020',
controller: 'did:web:example.com',
publicKeyMultibase: 'zEH7VaiVH8KCv9TJe4B5beiPF4gFqqx6HBLQNTD6JwPS5'
}],
assertionMethod: [{
id: 'did:web:example.com#z6MkiyYa5mG4moiHrmXQea8bNvdEWRWi3KuouHqoiknGf7xV',
type: 'Ed25519VerificationKey2020',
controller: 'did:web:example.com',
publicKeyMultibase: 'z5XHXVX1dSGDpkGghy1AkXq5EgrErdSfTDGvstUpFjuB7'
}],
capabilityDelegation: [{
id: 'did:web:example.com#z6MknmeMZEXLhS6g2p6YPHkQG4PkNsJev652CqnsArPm3dZa',
type: 'Ed25519VerificationKey2020',
controller: 'did:web:example.com',
publicKeyMultibase: 'z9KPJxzGuMtcCvKFqhinZQxqkZJ2oWCpfWpswLaRk8QnC'
}],
keyAgreement: [{
id: 'did:web:example.com#z6LSg3dWQzpQgRpaVzNXkcosnheyhXJUQkNQQgXyDapFSCFZ',
type: 'X25519KeyAgreementKey2020',
controller: 'did:web:example.com',
publicKeyMultibase: 'z5NTLth1Yay6qQbzmDyHvU7SVrNmMi9CFXhpHj8AiipUo'
}]
}
git clone https://github.com/interop-alliance/did-web-resolver.git
cd did-web-resolver
npm install
PRs accepted.
The MIT License ©2020-2021 Interop Alliance and Dmitri Zagidulin
FAQs
A did:web method Decentralized Identifier (DID) resolver for the did-io library.
We found that @interop/did-web-resolver demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.