Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@rsksmart/ethr-did
Advanced tools
rif-identity.js
Ethr DID + RSK support
npm i @rsksmart/ethr-did
This package is a fork of ethr-did used to pre-release RSK-oriented features. The features on this package will be PRed into ethr-did
.
Versioning This package will use the next sem-version minor yet not released to npm, post-fixed with beta versioning. E.g.: v1.1.0-beta.1
Collaborate Point your PR to develop
. rsksmart-org
branch will be rebased on develop
once the PR is approved. Other PR pointing to rsksmart-org
will be responsible for updating readme + updating version after feature is rebased. develop
will be rebased onto upstream/develop
when ethr-did
package is updated.
PRs included
DID Specification | ERC-1056 | Getting Started
This library conforms to ERC-1056 and is intended to use Ethereum addresses as fully self-managed Decentralized Identifiers (DIDs), it allows you to easily create and manage keys for these identities. It also lets you sign standards compliant JSON Web Tokens (JWT) that can be consumed using the DID-JWT library.
This library can be used to create a new ethr-did identity. It allows ethr-did identities to be represented as an object that can perform actions such as updating its did-document, signing messages, and verifying messages from other dids.
Use this if you are looking for the easiest way to start using ethr-did identities, and want high-level abstractions to access its entire range of capabilities. It encapsulates all the functionality of ethr-did-resolver and ethr-did-registry.
A DID is an Identifier that allows you to lookup a DID document that can be used to authenticate you and messages created by you.
Ethr-DID provides a scalable identity method for Ethereum addresses that gives any Ethereum address the ability to collect on-chain and off-chain data. Because Ethr-DID allows any Ethereum key pair to become an identity, it is more scalable and privacy-preserving than smart contract based identity methods, like our previous Proxy Contract.
This particular DID method relies on the Ethr-Did-Registry. The Ethr-DID-Registry is a smart contract that facilitates public key resolution for off-chain (and on-chain) authentication. It also facilitates key rotation, delegate assignment and revocation to allow 3rd party signers on a key's behalf, as well as setting and revoking off-chain attribute data. These interactions and events are used in aggregate to form a DID's DID document using the Ethr-Did-Resolver.
An example of a DID document resolved using the Ethr-Did-Resolver:
{
'@context': 'https://w3id.org/did/v1',
id: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a',
publicKey: [{
id: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a#owner',
type: 'Secp256k1VerificationKey2018',
owner: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a',
ethereumAddress: '0xb9c5714089478a327f09197987f16f9e5d936e8a'}],
authentication: [{
type: 'Secp256k1SignatureAuthentication2018',
publicKey: 'did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a#owner'}]
}
On-chain refers to something that is resolved with a transaction on a blockchain, while off-chain can refer to anything from temporary payment channels to IPFS.
It supports the proposed Decentralized Identifiers spec from the W3C Credentials Community Group.
A "DID method" is a specific implementation of a DID scheme that is identified by a method name
. In this case, the method name is ethr
, and the method identifier is an Ethereum address.
To encode a DID for an Ethereum address, simply prepend did:ethr:
For example:
did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74
import EthrDID from 'ethr-did'
// Assume web3 object is configured either manually or injected using metamask
const ethrDid = new EthrDID({address: '0x...', privateKey: '...', provider})
key | description | required |
---|---|---|
address | Ethereum address representing Identity | yes |
registry | registry address (defaults to 0xdca7ef03e98e0dc2b855be647c39abe984fcf21b ) | no |
provider | web3 provider | no |
web3 | preconfigured web3 object | no |
rpcUrl | JSON-RPC endpoint url | no |
signer | Signing function | either signer or privateKey |
privateKey | Hex encoded private key | yes* |
Note An instance created using only an address can only be used to encapsulate an external ethr-did (one where there is no access to the private key). This instance will not have the ability to sign anything, but it can be used for a subset of actions:
ethrDid.address
)ethrDid.did
)await ethrDid.lookupOwner()
await ethrDid.verifyJwt(jwt)
FAQs
Create and manage DID documents for ethereum addresses
The npm package @rsksmart/ethr-did receives a total of 1 weekly downloads. As such, @rsksmart/ethr-did popularity was classified as not popular.
We found that @rsksmart/ethr-did demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.