Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
ethr-did-resolver
Advanced tools
This library is intended to use ethereum addresses as fully self managed Decentralized Identifiers and wrap them in a DID Document
It supports the proposed Decentralized Identifiers spec from the W3C Credentials Community Group.
It requires the did-resolver
library, which is the primary interface for resolving DIDs.
The DID method relies on the ethr-did-registry.
To encode a DID for an Ethereum address, simply prepend did:ethr:
eg:
did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74
The did resolver takes the ethereum address, checks for the current owner, looks at contract events and builds a simple DID document.
The minimal DID document for a an ethereum address 0xf3beac30c498d9e26865f34fcaa57dbb935b0d74
with no transactions to the registry looks like this:
{
'@context': 'https://w3id.org/did/v1',
id:'did:eth:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74',
publicKey: [{
id: 'did:eth:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74#owner',
type: 'Secp256k1VerificationKey2018',
owner: 'did:eth:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74',
ethereumAddress: '0xf3beac30c498d9e26865f34fcaa57dbb935b0d74'
}],
authentication: [{
type: 'Secp256k1SignatureAuthentication2018',
publicKey: 'did:eth:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74#owner'
}]
}
Note this uses the Secp256k1VerificationKey2018
type and an ethereumAddress
instead of a publicKeyHex
.
The DID document is built by using read only functions and contract events on the ethr-did-registry Ethereum smart contract.
Any value from the registry that returns an ethereum address will be added to the publicKey
array of the DID document with type Secp256k1VerificationKey2018
and an ethereumAddress
attribute containing the address.
Each identity always has an owner address. By default it's the same as the identity address, but check the read only contract function identityOwner(address identity)
on the deployed version of the EthrDIDRegistry contract.
The Identity owner will always have a publicKey
with the id set as the DID with the fragment #owner
appended.
An entry is also added to the authentication
array of the DID document with type Secp256k1SignatureAuthentication2018
.
The EthereumDIDRegistry
contract publishes 3 types of events for each identity.
DIDOwnerChanged
DIDDelegateChanged
DIDAttributeChanged
If a change has ever been made for an identity the block number is stored in the changed
mapping.
The latest event can be efficiently looked up by checking for one of the 3 above events at that exact block.
Each event contains a previousChange
value which contains the block number of the previous change (if any)
To see all changes in history for an identity use the following pseudo code:
changed(address identity)
contractDelegate Keys are ethereum addresses that can either be general signing keys or optionally also perform authentication.
They are also verifiable from solidity (see ethr-did-registry for more info).
A DIDDelegateChanged
event is published that is used to build a DID.
event DIDDelegateChanged(
address indexed identity,
string delegateType,
address delegate,
uint validTo,
uint previousChange
);
The only 2 delegateTypes that are currently published in the DID Document are:
Secp256k1VerificationKey2018
which is added to the publicKey
section of documentSecp256k1SignatureAuthentication2018
which is also added to the publicKey
section of document. An entry is also added to the authentication
section of documentOnly events with a validTo
in seconds greater or equal to current time should be included in the DID document.
Non ethereum keys, service elements etc can be added using attributes. Attributes only exist on the blockchain as contract events of type DIDAttributeChanged
and can thus not be queried from within solidity code.
event DIDAttributeChanged(
address indexed identity,
string name,
bytes value,
uint validTo,
uint previousChange
);
While any attribute can be stored. For the DID document we currently support adding to each of these sections of the DID document:
The name of the attribute should follow this format:
did/[section]/[type]/[encoding]
with encoding being optional.
section | type | encoding |
---|---|---|
publicKey | Any valid Public Key type eg. Secp256k1VerificationKey2018 , Ed25519VerificationKey2018 , RsaVerificationKey2018 | publicKeyHex (default), publicKeyBase64 (please submit PRs for publicKeyPem , publicKeyJwk , publicKeyBase58 ) |
service | Any valid service type eg HubService , AgentService | n/a |
Values should be encoded in binary bytes for efficiency reasons. Encoding in the DID document will be converted according to method. Any unsupported attributes and unknown encodings will be ignored.
The resolver presents a simple resolver()
function that returns a ES6 Promise returning the DID document.
import resolve from 'did-resolver'
import registerResolver from 'ethr-did-resolver'
registerResolver()
resolve('did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74').then(doc => console.log)
// You can also use ES7 async/await syntax
const doc = await resolve('did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74')
FAQs
Resolve DID documents for ethereum addresses and public keys
We found that ethr-did-resolver demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.