@enbox/dids

import type { MulticodecCode, MulticodecDefinition, RequireOnly } from '@enbox/common'; import type { Jwk, CryptoApi, KeyCompressor, KeyIdentifier, KmsExportKeyParams, KmsImportKeyParams, KeyImporterExporter, AsymmetricKeyConverter, InferKeyGeneratorAlgorithm, } from '@enbox/crypto'; import { Multicodec, universalTypeOf } from '@enbox/common'; import { X25519, Ed25519, Secp256k1, Secp256r1, LocalKeyManager, } from '@enbox/crypto'; import type { PortableDid } from '../types/portable-did.js'; import type { DidCreateOptions, DidCreateVerificationMethod } from './did-method.js'; import type { DidDocument, DidResolutionOptions, DidResolutionResult, DidVerificationMethod, } from '../types/did-core.js'; import { Did } from '../did.js'; import { DidMethod } from './did-method.js'; import { BearerDid } from '../bearer-did.js'; import { DidError, DidErrorCode } from '../did-error.js'; import { KeyWithMulticodec } from '../types/multibase.js'; import { EMPTY_DID_RESOLUTION_RESULT } from '../types/did-resolution.js'; import { getVerificationMethodTypes, keyBytesToMultibaseId, multibaseIdToKeyBytes } from '../utils.js'; /** * Defines the set of options available when creating a new Decentralized Identifier (DID) with the * 'did:key' method. * * Either the `algorithm` or `verificationMethods` option can be specified, but not both. * - A new key will be generated using the algorithm identifier specified in either the `algorithm` * property or the `verificationMethods` object's `algorithm` property. * - If `verificationMethods` is given, it must contain exactly one entry since DID Key only * supports a single verification method. * - If neither is given, the default is to generate a new Ed25519 key. * * @example * ```ts * // By default, when no options are given, a new Ed25519 key will be generated. * const did = await DidKey.create(); * * // The algorithm to use for key generation can be specified as a top-level option. * const did = await DidKey.create({ * options: { algorithm = 'secp256k1' } * }); * * // Or, alternatively as a property of the verification method. * const did = await DidKey.create({ * options: { * verificationMethods: [{ algorithm = 'secp256k1' }] * } * }); * * // DID Creation with a KMS * const keyManager = new LocalKeyManager(); * const did = await DidKey.create({ keyManager }); * * // DID Resolution * const resolutionResult = await DidKey.resolve({ did: did.uri }); * * // Signature Operations * const signer = await did.getSigner(); * const signature = await signer.sign({ data: new TextEncoder().encode('Message') }); * const isValid = await signer.verify({ data: new TextEncoder().encode('Message'), signature }); * * // Import / Export * * // Export a BearerDid object to the PortableDid format. * const portableDid = await did.export(); * * // Reconstruct a BearerDid object from a PortableDid * const did = await DidKey.import(portableDid); * ``` */ export interface DidKeyCreateOptions<TKms> extends DidCreateOptions<TKms> { /** * Optionally specify the algorithm to be used for key generation. */ algorithm?: TKms extends CryptoApi ? InferKeyGeneratorAlgorithm<TKms> : InferKeyGeneratorAlgorithm<LocalKeyManager>; /** * Optionally specify an array of JSON-LD context links for the @context property of the DID * document. * * The @context property provides a JSON-LD processor with the information necessary to interpret * the DID document JSON. The default context URL is 'https://www.w3.org/ns/did/v1'. */ defaultContext?: string; /** * Optionally enable encryption key derivation during DID creation. * * By default, this option is set to `false`, which means encryption key derivation is not * performed unless explicitly enabled. * * When set to `true`, an `X25519` key will be derived from the `Ed25519` public key used to * create the DID. This feature enables the same DID to be used for encrypted communication, in * addition to signature verification. * * Notes: * - This option is ONLY applicable when the `algorithm` of the DID's public key is `Ed25519`. * - Enabling this introduces specific cryptographic considerations that should be understood * before using the same key pair for digital signatures and encrypted communication. See the following for more information: */ enableEncryptionKeyDerivation?: boolean; /** * Optionally enable experimental public key types during DID creation. * By default, this option is set to `false`, which means experimental public key types are not * supported. * * Note: This implementation of the DID Key method does not support any experimental public key * types. */ enableExperimentalPublicKeyTypes?: boolean; /** * Optionally specify the format of the public key to be used for DID creation. */ publicKeyFormat?: keyof typeof DidKeyVerificationMethodType; /** * Alternatively, specify the algorithm to be used for key generation of the single verification * method in the DID Document. */ verificationMethods?: DidCreateVerificationMethod<TKms>[]; } /** * Enumerates the types of keys that can be used in a DID Key document. * * The DID Key method supports various cryptographic key types. These key types are essential for * the creation and management of DIDs and their associated cryptographic operations like signing * and encryption. */ export enum DidKeyRegisteredKeyType { /** * Ed25519: A public-key signature system using the EdDSA (Edwards-curve Digital Signature * Algorithm) and Curve25519. */ Ed25519 = 'Ed25519', /** * secp256k1: A cryptographic curve used for digital signatures in a range of decentralized * systems. */ secp256k1 = 'secp256k1', /** * secp256r1: Also known as P-256 or prime256v1, this curve is used for cryptographic operations * and is widely supported in various cryptographic libraries and standards. */ secp256r1 = 'secp256r1', /** * X25519: A Diffie-Hellman key exchange algorithm using Curve25519. */ X25519 = 'X25519' } /** * Enumerates the verification method types supported by the DID Key method. * * This enum defines the URIs associated with common verification methods used in DID Documents. * These URIs represent cryptographic suites or key types standardized for use across decentralized * identifiers (DIDs). */ export const DidKeyVerificationMethodType = { /** Represents an Ed25519 public key used for digital signatures. */ Ed25519VerificationKey2020: 'https://w3id.org/security/suites/ed25519-2020/v1', /** Represents a JSON Web Key (JWK) used for digital signatures and key agreement protocols. */ JsonWebKey2020: 'https://w3id.org/security/suites/jws-2020/v1', /** Represents an X25519 public key used for key agreement protocols. */ X25519KeyAgreementKey2020: 'https://w3id.org/security/suites/x25519-2020/v1', } as const; /** * Private helper that maps algorithm identifiers to their corresponding DID Key * {@link DidKeyRegisteredKeyType | registered key type}. */ const AlgorithmToKeyTypeMap = { Ed25519 : DidKeyRegisteredKeyType.Ed25519, ES256K : DidKeyRegisteredKeyType.secp256k1, ES256 : DidKeyRegisteredKeyType.secp256r1, 'P-256' : DidKeyRegisteredKeyType.secp256r1, secp256k1 : DidKeyRegisteredKeyType.secp256k1, secp256r1 : DidKeyRegisteredKeyType.secp256r1, X25519 : DidKeyRegisteredKeyType.X25519 } as const; /** * The `DidKey` class provides an implementation of the 'did:key' DID method. * * Features: * - DID Creation: Create new `did:key` DIDs. * - DID Key Management: Instantiate a DID object from an existing verification method key set or * or a key in a Key Management System (KMS). If supported by the KMS, a DID's * key can be exported to a portable DID format. * - DID Resolution: Resolve a `did:key` to its corresponding DID Document. * - Signature Operations: Sign and verify messages using keys associated with a DID. * * @remarks * The `did:key` DID method uses a single public key to generate a DID and does not rely * on any external system such as a blockchain or centralized database. This characteristic makes * it suitable for use cases where a assertions about a DID Subject can be self-verifiable by * third parties. * * The method-specific identifier is formed by * {@link https://datatracker.ietf.org/doc/html/draft-multiformats-multibase#name-base-58-bitcoin-encoding | Multibase base58-btc} * encoding the concatenation of the * {@link https://github.com/multiformats/multicodec/blob/master/README.md | Multicodec} identifier * for the public key type and the raw public key bytes. To form the DID URI, the method-specific * identifier is prefixed with the string 'did:key:'. * * This method can optionally derive an encryption key from the public key used to create the DID * if and only if the public key algorithm is `Ed25519`. This feature enables the same DID to be * used for encrypted communication, in addition to signature verification. To enable this * feature when calling {@link DidKey.create | `DidKey.create()`}, first specify an `algorithm` of * `Ed25519` or provide a `keySet` referencing an `Ed25519` key and then set the * `enableEncryptionKeyDerivation` option to `true`. * * Note: * - The authors of the DID Key specification have indicated that use of this method for long-lived * use cases is only recommended when accompanied with high confidence that private keys are * securely protected by software or hardware isolation. * * @see {@link https://w3c-ccg.github.io/did-method-key/ | DID Key Specification} * * @example * ```ts * // DID Creation * const did = await DidKey.create(); * * // DID Creation with a KMS * const keyManager = new LocalKeyManager(); * const did = await DidKey.create({ keyManager }); * * // DID Resolution * const resolutionResult = await DidKey.resolve({ did: did.uri }); * * // Signature Operations * const signer = await did.getSigner(); * const signature = await signer.sign({ data: new TextEncoder().encode('Message') }); * const isValid = await signer.verify({ data: new TextEncoder().encode('Message'), signature }); * * // Key Management * * // Instantiate a DID object from an existing key in a KMS * const did = await DidKey.fromKeyManager({ * didUri: 'did:key:z6MkpUzNmYVTGpqhStxK8yRKXWCRNm1bGYz8geAg2zmjYHKX', * keyManager * }); * * // Instantiate a DID object from an existing verification method key * const did = await DidKey.fromKeys({ * verificationMethods: [{ * publicKeyJwk: { * kty: 'OKP', * crv: 'Ed25519', * x: 'cHs7YMLQ3gCWjkacMURBsnEJBcEsvlsE5DfnsfTNDP4' * }, * privateKeyJwk: { * kty: 'OKP', * crv: 'Ed25519', * x: 'cHs7YMLQ3gCWjkacMURBsnEJBcEsvlsE5DfnsfTNDP4', * d: 'bdcGE4KzEaekOwoa-ee3gAm1a991WvNj_Eq3WKyqTnE' * } * }] * }); * * // Convert a DID object to a portable format * const portableDid = await DidKey.toKeys({ did }); * * // Reconstruct a DID object from a portable format * const did = await DidKey.fromKeys(portableDid); * ``` */ export class DidKey extends DidMethod { /** * Name of the DID method, as defined in the DID Key specification. */ public static methodName = 'key'; /** * Creates a new DID using the `did:key` method formed from a newly generated key. * * @remarks * The DID URI is formed by * {@link https://datatracker.ietf.org/doc/html/draft-multiformats-multibase#name-base-58-bitcoin-encoding | Multibase base58-btc} * encoding the * {@link https://github.com/multiformats/multicodec/blob/master/README.md | Multicodec}-encoded * public key and prefixing with `did:key:`. * * This method can optionally derive an encryption key from the public key used to create the DID * if and only if the public key algorithm is `Ed25519`. This feature enables the same DID to be * used for encrypted communication, in addition to signature verification. To enable this * feature, specify an `algorithm` of `Ed25519` as either a top-level option or in a * `verificationMethod` and set the `enableEncryptionKeyDerivation` option to `true`. * * Notes: * - If no `options` are given, by default a new Ed25519 key will be generated. * - The `algorithm` and `verificationMethods` options are mutually exclusive. If both are given, * an error will be thrown. * * @example * ```ts * // DID Creation * const did = await DidKey.create(); * * // DID Creation with a KMS * const keyManager = new LocalKeyManager(); * const did = await DidKey.create({ keyManager }); * ``` * * @param params - The parameters for the create operation. * @param params.keyManager - Key Management System (KMS) used to generate keys and sign data. * @param params.options - Optional parameters that can be specified when creating a new DID. * @returns A Promise resolving to a {@link BearerDid} object representing the new DID. */ public static async create<TKms extends CryptoApi | undefined = undefined>({ keyManager = new LocalKeyManager(), options = {} }: { keyManager?: TKms; options?: DidKeyCreateOptions<TKms>; } = {}): Promise<BearerDid> { // Before processing the create operation, validate DID-method-specific requirements to prevent // keys from being generated unnecessarily. // Check 1: Validate that `algorithm` or `verificationMethods` options are not both given. if (options.algorithm && options.verificationMethods) { throw new Error(`The 'algorithm' and 'verificationMethods' options are mutually exclusive`); } // Check 2: If `verificationMethods` is given, it must contain exactly one entry since DID Key // only supports a single verification method. if (options.verificationMethods && options.verificationMethods.length !== 1) { throw new Error(`The 'verificationMethods' option must contain exactly one entry`); } // Default to Ed25519 key generation if an algorithm is not given. const algorithm = options.algorithm ?? options.verificationMethods?.[0]?.algorithm ?? 'Ed25519'; // Generate a new key using the specified `algorithm`. const keyUri = await keyManager.generateKey({ algorithm }); const publicKey = await keyManager.getPublicKey({ keyUri }); // Compute the DID identifier from the public key by converting the JWK to a multibase-encoded // multicodec value. const identifier = await DidKeyUtils.publicKeyToMultibaseId({ publicKey }); // Attach the prefix `did:key` to form the complete DID URI. const didUri = `did:${DidKey.methodName}:${identifier}`; // Expand the DID URI string to a DID document. const didResolutionResult = await DidKey.resolve(didUri, options); const document = didResolutionResult.didDocument as DidDocument; // Create the BearerDid object from the generated key material. const did = new BearerDid({ uri : didUri, document, metadata : {}, keyManager }); return did; } /** * Given the W3C DID Document of a `did:key` DID, return the verification method that will be used * for signing messages and credentials. With DID Key, the first verification method in the * authentication property in the DID Document is used. * * Note that for DID Key, only one verification method intended for signing can exist so * specifying `methodId` could be considered redundant or unnecessary. The option is provided for * consistency with other DID method implementations. * * @param params - The parameters for the `getSigningMethod` operation. * @param params.didDocument - DID Document to get the verification method from. * @param params.methodId - ID of the verification method to use for signing. * @returns Verification method to use for signing. */ public static async getSigningMethod({ didDocument }: { didDocument: DidDocument; methodId?: string; }): Promise<DidVerificationMethod> { // Verify the DID method is supported. const parsedDid = Did.parse(didDocument.id); if (parsedDid && parsedDid.method !== this.methodName) { throw new DidError(DidErrorCode.MethodNotSupported, `Method not supported: ${parsedDid.method}`); } // Attempt to ge the first verification method intended for signing claims. const [ methodId ] = didDocument.assertionMethod || []; const verificationMethod = didDocument.verificationMethod?.find(vm => vm.id === methodId); if (!(verificationMethod && verificationMethod.publicKeyJwk)) { throw new DidError(DidErrorCode.InternalError, 'A verification method intended for signing could not be determined from the DID Document'); } return verificationMethod; } /** * Instantiates a {@link BearerDid} object for the DID Key method from a given {@link PortableDid}. * * This method allows for the creation of a `BearerDid` object using a previously created DID's * key material, DID document, and metadata. * * @remarks * The `verificationMethod` array of the DID document must contain exactly one key since the * `did:key` method only supports a single verification method. * * @example * ```ts * // Export an existing BearerDid to PortableDid format. * const portableDid = await did.export(); * // Reconstruct a BearerDid object from the PortableDid. * const did = await DidKey.import({ portableDid }); * ``` * * @param params - The parameters for the import operation. * @param params.portableDid - The PortableDid object to import. * @param params.keyManager - Optionally specify an external Key Management System (KMS) used to * generate keys and sign data. If not given, a new * {@link LocalKeyManager} instance will be created and * used. * @returns A Promise resolving to a `BearerDid` object representing the DID formed from the provided keys. * @throws An error if the DID document does not contain exactly one verification method. */ public static async import({ portableDid, keyManager = new LocalKeyManager() }: { keyManager?: CryptoApi & KeyImporterExporter<KmsImportKeyParams, KeyIdentifier, KmsExportKeyParams>; portableDid: PortableDid; }): Promise<BearerDid> { // Verify the DID method is supported. const parsedDid = Did.parse(portableDid.uri); if (parsedDid?.method !== DidKey.methodName) { throw new DidError(DidErrorCode.MethodNotSupported, `Method not supported`); } // Use the given PortableDid to construct the BearerDid object. const did = await BearerDid.import({ portableDid, keyManager }); // Validate that the given DID document contains exactly one verification method. // Note: The non-undefined assertion is necessary because the type system cannot infer that // the `verificationMethod` property is defined -- which is checked by `BearerDid.import()`. if (did.document.verificationMethod!.length !== 1) { throw new DidError(DidErrorCode.InvalidDidDocument, `DID document must contain exactly one verification method`); } return did; } /** * Resolves a `did:key` identifier to a DID Document. * * @param didUri - The DID to be resolved. * @param options - Optional parameters for resolving the DID. * @returns A Promise resolving to a {@link DidResolutionResult} object representing the result of the resolution. */ public static async resolve(didUri: string, options?: DidResolutionOptions): Promise<DidResolutionResult> { try { // Attempt to expand the DID URI string to a DID document. const didDocument = await DidKey.createDocument({ didUri, options }); // If the DID document was created successfully, return it. return { ...EMPTY_DID_RESOLUTION_RESULT, didDocument, }; } catch (error: any) { // Rethrow any unexpected errors that are not a `DidError`. if (!(error instanceof DidError)) throw new Error(error); // Return a DID Resolution Result with the appropriate error code. return { ...EMPTY_DID_RESOLUTION_RESULT, didResolutionMetadata: { error: error.code, ...error.message && { errorMessage: error.message } } }; } } /** * Expands a did:key identifier to a DID Document. * * Reference: https://w3c-ccg.github.io/did-method-key/#document-creation-algorithm * * @param options * @returns - A DID dodcument. */ private static async createDocument({ didUri, options = {}}: { didUri: string; options?: Exclude<DidKeyCreateOptions<CryptoApi>, 'algorithm' | 'verificationMethods'> | DidResolutionOptions; }): Promise<DidDocument> { const { defaultContext = 'https://www.w3.org/ns/did/v1', enableEncryptionKeyDerivation = false, enableExperimentalPublicKeyTypes = false, publicKeyFormat = 'JsonWebKey2020' } = options; /** * 1. Initialize document to an empty object. */ const didDocument: DidDocument = { id: '' }; /** * 2. Using a colon (:) as the delimiter, split the identifier into its * components: a scheme, a method, a version, and a multibaseValue. * If there are only three components set the version to the string * value 1 and use the last value as the multibaseValue. */ const parsedDid = Did.parse(didUri); if (!parsedDid) { throw new DidError(DidErrorCode.InvalidDid, `Invalid DID URI: ${didUri}`); } const multibaseValue = parsedDid.id; /** * 3. Check the validity of the input identifier. * The scheme MUST be the value did. The method MUST be the value key. * The version MUST be convertible to a positive integer value. The * multibaseValue MUST be a string and begin with the letter z. If any * of these requirements fail, an invalidDid error MUST be raised. */ if (parsedDid.method !== DidKey.methodName) { throw new DidError(DidErrorCode.MethodNotSupported, `Method not supported: ${parsedDid.method}`); } if (!DidKey.validateIdentifier(parsedDid)) { throw new DidError(DidErrorCode.InvalidDid, `Invalid DID URI: ${didUri}`); } /** * 4. Initialize the signatureVerificationMethod to the result of passing * identifier, multibaseValue, and options to a * {@link https://w3c-ccg.github.io/did-method-key/#signature-method-creation-algorithm | Signature Method Creation Algorithm}. */ const signatureVerificationMethod = await DidKey.createSignatureMethod({ didUri, multibaseValue, options: { enableExperimentalPublicKeyTypes, publicKeyFormat } }); /** * 5. Set document.id to identifier. If document.id is not a valid DID, * an invalidDid error MUST be raised. * * Note: Identifier was already confirmed to be valid in Step 3, so * skipping the redundant validation. */ didDocument.id = parsedDid.uri; /** * 6. Initialize the verificationMethod property in document to an array * where the first value is the signatureVerificationMethod. */ didDocument.verificationMethod = [signatureVerificationMethod]; /** * 7. Initialize the authentication, assertionMethod, capabilityInvocation, * and the capabilityDelegation properties in document to an array where * the first item is the value of the id property in * signatureVerificationMethod. */ didDocument.authentication = [signatureVerificationMethod.id]; didDocument.assertionMethod = [signatureVerificationMethod.id]; didDocument.capabilityInvocation = [signatureVerificationMethod.id]; didDocument.capabilityDelegation = [signatureVerificationMethod.id]; /** * 8. If options.enableEncryptionKeyDerivation is set to true: * Add the encryptionVerificationMethod value to the verificationMethod * array. Initialize the keyAgreement property in document to an array * where the first item is the value of the id property in * encryptionVerificationMethod. */ if (enableEncryptionKeyDerivation === true) { /** * Although not covered by the did:key method specification, a sensible * default will be taken to use the 'X25519KeyAgreementKey2020' * verification method type if the given publicKeyFormat is * 'Ed25519VerificationKey2020' and 'JsonWebKey2020' otherwise. */ const encryptionPublicKeyFormat = (publicKeyFormat === 'Ed25519VerificationKey2020') ? 'X25519KeyAgreementKey2020' : 'JsonWebKey2020'; /** * 8.1 Initialize the encryptionVerificationMethod to the result of * passing identifier, multibaseValue, and options to an * {@link https://w3c-ccg.github.io/did-method-key/#encryption-method-creation-algorithm | Encryption Method Creation Algorithm}. */ const encryptionVerificationMethod = await this.createEncryptionMethod({ didUri, multibaseValue, options: { enableExperimentalPublicKeyTypes, publicKeyFormat: encryptionPublicKeyFormat } }); /** * 8.2 Add the encryptionVerificationMethod value to the * verificationMethod array. */ didDocument.verificationMethod.push(encryptionVerificationMethod); /** * 8.3. Initialize the keyAgreement property in document to an array * where the first item is the value of the id property in * encryptionVerificationMethod. */ didDocument.keyAgreement = [encryptionVerificationMethod.id]; } /** * 9. Initialize the @context property in document to the result of passing document and options to the Context * Creation algorithm. */ // Set contextArray to an array that is initialized to options.defaultContext. const contextArray = [ defaultContext ]; // For every object in every verification relationship listed in document, // add a string value to the contextArray based on the object type value, // if it doesn't already exist, according to the following table: // {@link https://w3c-ccg.github.io/did-method-key/#context-creation-algorithm | Context Type URL} const verificationMethodTypes = getVerificationMethodTypes({ didDocument }); verificationMethodTypes.forEach((typeName: string) => { const typeUrl = DidKeyVerificationMethodType[typeName as keyof typeof DidKeyVerificationMethodType]; contextArray.push(typeUrl); }); didDocument['@context'] = contextArray; /** * 10. Return document. */ return didDocument; } /** * Decoding a multibase-encoded multicodec value into a verification method * that is suitable for verifying that encrypted information will be * received by the intended recipient. */ private static async createEncryptionMethod({ didUri, multibaseValue, options }: { didUri: string; multibaseValue: string; options: Required<Pick<DidKeyCreateOptions<CryptoApi>, 'enableExperimentalPublicKeyTypes' | 'publicKeyFormat'>>; }): Promise<DidVerificationMethod> { const { enableExperimentalPublicKeyTypes, publicKeyFormat } = options; /** * 1. Initialize verificationMethod to an empty object. */ const verificationMethod: DidVerificationMethod = { id: '', type: '', controller: '' }; /** * 2. Set multicodecValue and raw publicKeyBytes to the result of passing multibaseValue and * options to a Derive Encryption Key algorithm. */ const { keyBytes: publicKeyBytes, multicodecCode: multicodecValue, } = await DidKey.deriveEncryptionKey({ multibaseValue }); /** * 3. Ensure the proper key length of raw publicKeyBytes based on the multicodecValue table * provided below: * * Multicodec hexadecimal value: 0xec * * If the byte length of raw publicKeyBytes does not match the expected public key length for * the associated multicodecValue, an invalidPublicKeyLength error MUST be raised. */ const actualLength = publicKeyBytes.byteLength; const expectedLength = DidKeyUtils.MULTICODEC_PUBLIC_KEY_LENGTH[multicodecValue]; if (actualLength !== expectedLength) { throw new DidError(DidErrorCode.InvalidPublicKeyLength, `Expected ${actualLength} bytes. Actual: ${expectedLength}`); } /** * 4. Create the multibaseValue by concatenating the letter 'z' and the * base58-btc encoding of the concatenation of the multicodecValue and * the raw publicKeyBytes. */ const kemMultibaseValue = keyBytesToMultibaseId({ keyBytes : publicKeyBytes, multicodecCode : multicodecValue }); /** * 5. Set the verificationMethod.id value by concatenating identifier, * a hash character (#), and the multibaseValue. If verificationMethod.id * is not a valid DID URL, an invalidDidUrl error MUST be raised. */ verificationMethod.id = `${didUri}#${kemMultibaseValue}`; try { new URL(verificationMethod.id); } catch (error: any) { throw new DidError(DidErrorCode.InvalidDidUrl, 'Verification Method ID is not a valid DID URL.'); } /** * 6. Set the publicKeyFormat value to the options.publicKeyFormat value. * 7. If publicKeyFormat is not known to the implementation, an * unsupportedPublicKeyType error MUST be raised. */ if (!(publicKeyFormat in DidKeyVerificationMethodType)) { throw new DidError(DidErrorCode.UnsupportedPublicKeyType, `Unsupported format: ${publicKeyFormat}`); } /** * 8. If options.enableExperimentalPublicKeyTypes is set to false and publicKeyFormat is not * Multikey, JsonWebKey2020, or X25519KeyAgreementKey2020, an invalidPublicKeyType error MUST be * raised. */ const StandardPublicKeyTypes = ['Multikey', 'JsonWebKey2020', 'X25519KeyAgreementKey2020']; if (enableExperimentalPublicKeyTypes === false && !(StandardPublicKeyTypes.includes(publicKeyFormat))) { throw new DidError(DidErrorCode.InvalidPublicKeyType, `Specified '${publicKeyFormat}' without setting enableExperimentalPublicKeyTypes to true.`); } /** * 9. Set verificationMethod.type to the publicKeyFormat value. */ verificationMethod.type = publicKeyFormat; /** * 10. Set verificationMethod.controller to the identifier value. */ verificationMethod.controller = didUri; /** * 11. If publicKeyFormat is Multikey or X25519KeyAgreementKey2020, set the verificationMethod.publicKeyMultibase * value to multibaseValue. * * Note: This implementation does not currently support the Multikey * format. */ if (publicKeyFormat === 'X25519KeyAgreementKey2020') { verificationMethod.publicKeyMultibase = kemMultibaseValue; } /** * 12. If publicKeyFormat is JsonWebKey2020, set the verificationMethod.publicKeyJwk value to * the result of passing multicodecValue and rawPublicKeyBytes to a JWK encoding algorithm. */ if (publicKeyFormat === 'JsonWebKey2020') { const { crv } = await DidKeyUtils.multicodecToJwk({ code: multicodecValue }); verificationMethod.publicKeyJwk = await DidKeyUtils.keyConverter(crv!).bytesToPublicKey({ publicKeyBytes }); } /** * 13. Return verificationMethod. */ return verificationMethod; } /** * Decodes a multibase-encoded multicodec value into a verification method * that is suitable for verifying digital signatures. * @param options - Signature method creation algorithm inputs. * @returns - A verification method. */ private static async createSignatureMethod({ didUri, multibaseValue, options }: { didUri: string; multibaseValue: string; options: Required<Pick<DidKeyCreateOptions<CryptoApi>, 'enableExperimentalPublicKeyTypes' | 'publicKeyFormat'>> }): Promise<DidVerificationMethod> { const { enableExperimentalPublicKeyTypes, publicKeyFormat } = options; /** * 1. Initialize verificationMethod to an empty object. */ const verificationMethod: DidVerificationMethod = { id: '', type: '', controller: '' }; /** * 2. Set multicodecValue and publicKeyBytes to the result of passing * multibaseValue and options to a Decode Public Key algorithm. */ const { keyBytes: publicKeyBytes, multicodecCode: multicodecValue, multicodecName } = multibaseIdToKeyBytes({ multibaseKeyId: multibaseValue }); /** * 3. Ensure the proper key length of publicKeyBytes based on the multicodecValue * {@link https://w3c-ccg.github.io/did-method-key/#signature-method-creation-algorithm | table provided}. * If the byte length of rawPublicKeyBytes does not match the expected public key length for the * associated multicodecValue, an invalidPublicKeyLength error MUST be raised. */ const actualLength = publicKeyBytes.byteLength; const expectedLength = DidKeyUtils.MULTICODEC_PUBLIC_KEY_LENGTH[multicodecValue]; if (actualLength !== expectedLength) { throw new DidError(DidErrorCode.InvalidPublicKeyLength, `Expected ${actualLength} bytes. Actual: ${expectedLength}`); } /** * 4. Ensure the publicKeyBytes are a proper encoding of the public key type as specified by * the multicodecValue. If an invalid public key value is detected, an invalidPublicKey error * MUST be raised. */ let isValid = false; switch (multicodecName) { case 'secp256k1-pub': isValid = await Secp256k1.validatePublicKey({ publicKeyBytes }); break; case 'ed25519-pub': isValid = await Ed25519.validatePublicKey({ publicKeyBytes }); break; case 'x25519-pub': // TODO: Validate key once/if X25519.validatePublicKey() is implemented. // isValid = X25519.validatePublicKey({ key: rawPublicKeyBytes}) isValid = true; break; } if (!isValid) { throw new DidError(DidErrorCode.InvalidPublicKey, 'Invalid public key detected.'); } /** * 5. Set the verificationMethod.id value by concatenating identifier, a hash character (#), and * the multibaseValue. If verificationMethod.id is not a valid DID URL, an invalidDidUrl error * MUST be raised. */ verificationMethod.id = `${didUri}#${multibaseValue}`; try { new URL(verificationMethod.id); } catch (error: any) { throw new DidError(DidErrorCode.InvalidDidUrl, 'Verification Method ID is not a valid DID URL.'); } /** * 6. Set the publicKeyFormat value to the options.publicKeyFormat value. * 7. If publicKeyFormat is not known to the implementation, an unsupportedPublicKeyType error * MUST be raised. */ if (!(publicKeyFormat in DidKeyVerificationMethodType)) { throw new DidError(DidErrorCode.UnsupportedPublicKeyType, `Unsupported format: ${publicKeyFormat}`); } /** * 8. If options.enableExperimentalPublicKeyTypes is set to false and publicKeyFormat is not * Multikey, JsonWebKey2020, or Ed25519VerificationKey2020, an invalidPublicKeyType error MUST * be raised. */ const StandardPublicKeyTypes = ['Multikey', 'JsonWebKey2020', 'Ed25519VerificationKey2020']; if (enableExperimentalPublicKeyTypes === false && !(StandardPublicKeyTypes.includes(publicKeyFormat))) { throw new DidError(DidErrorCode.InvalidPublicKeyType, `Specified '${publicKeyFormat}' without setting enableExperimentalPublicKeyTypes to true.`); } /** * 9. Set verificationMethod.type to the publicKeyFormat value. */ verificationMethod.type = publicKeyFormat; /** * 10. Set verificationMethod.controller to the identifier value. */ verificationMethod.controller = didUri; /** * 11. If publicKeyFormat is Multikey or Ed25519VerificationKey2020, * set the verificationMethod.publicKeyMultibase value to multibaseValue. * * Note: This implementation does not currently support the Multikey * format. */ if (publicKeyFormat === 'Ed25519VerificationKey2020') { verificationMethod.publicKeyMultibase = multibaseValue; } /** * 12. If publicKeyFormat is JsonWebKey2020, set the verificationMethod.publicKeyJwk value to * the result of passing multicodecValue and rawPublicKeyBytes to a JWK encoding algorithm. */ if (publicKeyFormat === 'JsonWebKey2020') { const { crv } = await DidKeyUtils.multicodecToJwk({ code: multicodecValue }); verificationMethod.publicKeyJwk = await DidKeyUtils.keyConverter(crv!).bytesToPublicKey({ publicKeyBytes}); } /** * 13. Return verificationMethod. */ return verificationMethod; } /** * Transform a multibase-encoded multicodec value to public encryption key * components that are suitable for encrypting messages to a receiver. A * mathematical proof elaborating on the safety of performing this operation * is available in: * {@link https://eprint.iacr.org/2021/509.pdf | On using the same key pair for Ed25519 and an X25519 based KEM} */ private static async deriveEncryptionKey({ multibaseValue }: { multibaseValue: string }): Promise<RequireOnly<KeyWithMulticodec, 'keyBytes' | 'multicodecCode'>> { /** * 1. Set publicEncryptionKey to an empty object. */ let publicEncryptionKey: RequireOnly<KeyWithMulticodec, 'keyBytes' | 'multicodecCode'> = { keyBytes : new Uint8Array(), multicodecCode : 0 }; /** * 2. Decode multibaseValue using the base58-btc multibase alphabet and * set multicodecValue to the multicodec header for the decoded value. * Implementers are cautioned to ensure that the multicodecValue is set * to the result after performing varint decoding. * * 3. Set the rawPublicKeyBytes to the bytes remaining after the multicodec * header. */ const { keyBytes: publicKeyBytes, multicodecCode: multicodecValue } = multibaseIdToKeyBytes({ multibaseKeyId: multibaseValue }); /** * 4. If the multicodecValue is 0xed (Ed25519 public key), derive a public X25519 encryption key * by using the raw publicKeyBytes and the algorithm defined in * {@link https://datatracker.ietf.org/doc/html/draft-ietf-core-oscore-groupcomm | Group OSCORE - Secure Group Communication for CoAP} * for Curve25519 in Section 2.4.2: ECDH with Montgomery Coordinates and set * generatedPublicEncryptionKeyBytes to the result. */ if (multicodecValue === 0xed) { const ed25519PublicKey = await DidKeyUtils.keyConverter('Ed25519').bytesToPublicKey({ publicKeyBytes }); const generatedPublicEncryptionKey = await Ed25519.convertPublicKeyToX25519({ publicKey: ed25519PublicKey }); const generatedPublicEncryptionKeyBytes = await DidKeyUtils.keyConverter('Ed25519').publicKeyToBytes({ publicKey: generatedPublicEncryptionKey }); /** * 5. Set multicodecValue to 0xec. * 6. Set raw public keyBytes to generatedPublicEncryptionKeyBytes. */ publicEncryptionKey = { keyBytes : generatedPublicEncryptionKeyBytes, multicodecCode : 0xec }; } /** * 7. Return publicEncryptionKey. */ return publicEncryptionKey; } /** * Validates the structure and components of a DID URI against the `did:key` method specification. * * @param parsedDid - An object representing the parsed components of a DID URI, including the * scheme, method, and method-specific identifier. * @returns `true` if the DID URI meets the `did:key` method's structural requirements, `false` otherwise. * */ private static validateIdentifier(parsedDid: Did): boolean { const { method, id: multibaseValue } = parsedDid; const [ scheme ] = parsedDid.uri.split(':', 1); /** * Note: The W3C DID specification makes no mention of a version value being part of the DID * syntax. Additionally, there does not appear to be any real-world usage of the version * number. Consequently, this implementation will ignore the version related guidance in * the did:key specification. */ const version = '1'; return ( scheme === 'did' && method === 'key' && Number(version) > 0 && universalTypeOf(multibaseValue) === 'String' && multibaseValue.startsWith('z') ); } } /** * The `DidKeyUtils` class provides utility functions to support operations in the DID Key method. */ export class DidKeyUtils { /** * A mapping from JSON Web Key (JWK) property descriptors to multicodec names. * * This mapping is used to convert keys in JWK (JSON Web Key) format to multicodec format. * * @remarks * The keys of this object are strings that describe the JOSE key type and usage, * such as 'Ed25519:public', 'Ed25519:private', etc. The values are the corresponding multicodec * names used to represent these key types. * * @example * ```ts * const multicodecName = JWK_TO_MULTICODEC['Ed25519:public']; * // Returns 'ed25519-pub', the multicodec name for an Ed25519 public key * ``` */ private static JWK_TO_MULTICODEC: { [key: string]: string } = { 'Ed25519:public' : 'ed25519-pub', 'Ed25519:private' : 'ed25519-priv', 'secp256k1:public' : 'secp256k1-pub', 'secp256k1:private' : 'secp256k1-priv', 'X25519:public' : 'x25519-pub', 'X25519:private' : 'x25519-priv', }; /** * Defines the expected byte lengths for public keys associated with different cryptographic * algorithms, indexed by their multicodec code values. */ public static MULTICODEC_PUBLIC_KEY_LENGTH: Record<number, number> = { // secp256k1-pub - Secp256k1 public key (compressed) - 33 bytes 0xe7: 33, // x25519-pub - Curve25519 public key - 32 bytes 0xec: 32, // ed25519-pub - Ed25519 public key - 32 bytes 0xed: 32 }; /** * A mapping from multicodec names to their corresponding JOSE (JSON Object Signing and Encryption) * representations. This mapping facilitates the conversion of multicodec key formats to * JWK (JSON Web Key) formats. * * @remarks * The keys of this object are multicodec names, such as 'ed25519-pub', 'ed25519-priv', etc. * The values are objects representing the corresponding JWK properties for that key type. * * @example * ```ts * const joseKey = MULTICODEC_TO_JWK['ed25519-pub']; * // Returns a partial JWK for an Ed25519 public key * ``` */ private static MULTICODEC_TO_JWK: { [key: string]: Jwk } = { 'ed25519-pub' : { crv: 'Ed25519', kty: 'OKP', x: '' }, 'ed25519-priv' : { crv: 'Ed25519', kty: 'OKP', x: '', d: '' }, 'secp256k1-pub' : { crv: 'secp256k1', kty: 'EC', x: '', y: ''}, 'secp256k1-priv' : { crv: 'secp256k1', kty: 'EC', x: '', y: '', d: '' }, 'x25519-pub' : { crv: 'X25519', kty: 'OKP', x: '' }, 'x25519-priv' : { crv: 'X25519', kty: 'OKP', x: '', d: '' }, }; /** * Converts a JWK (JSON Web Key) to a Multicodec code and name. * * @example * ```ts * const jwk: Jwk = { crv: 'Ed25519', kty: 'OKP', x: '...' }; * const { code, name } = await DidKeyUtils.jwkToMulticodec({ jwk }); * ``` * * @param params - The parameters for the conversion. * @param params.jwk - The JSON Web Key to be converted. * @returns A promise that resolves to a Multicodec definition. */ public static async jwkToMulticodec({ jwk }: { jwk: Jwk }): Promise<MulticodecDefinition<MulticodecCode>> { const params: string[] = []; if (jwk.crv) { params.push(jwk.crv); if (jwk.d) { params.push('private'); } else { params.push('public'); } } const lookupKey = params.join(':'); const name = DidKeyUtils.JWK_TO_MULTICODEC[lookupKey]; if (name === undefined) { throw new Error(`Unsupported JWK to Multicodec conversion: '${lookupKey}'`); } const code = Multicodec.getCodeFromName({ name }); return { code, name }; } /** * Returns the appropriate public key compressor for the specified cryptographic curve. * * @param curve - The cryptographic curve to use for the key conversion. * @returns A public key compressor for the specified curve. */ public static keyCompressor( curve: string ): KeyCompressor['compressPublicKey'] { // ): ({ publicKeyBytes }: { publicKeyBytes: Uint8Array }) => Promise<Uint8Array> { const compressors = { 'P-256' : Secp256r1.compressPublicKey, 'secp256k1' : Secp256k1.compressPublicKey } as Record<string, KeyCompressor['compressPublicKey']>; const compressor = compressors[curve]; if (!compressor) throw new DidError(DidErrorCode.InvalidPublicKeyType, `Unsupported curve: ${curve}`); return compressor; } /** * Returns the appropriate key converter for the specified cryptographic curve. * * @param curve - The cryptographic curve to use for the key conversion. * @returns An `AsymmetricKeyConverter` for the specified curve. */ public static keyConverter(curve: string): AsymmetricKeyConverter { const converters: Record<string, AsymmetricKeyConverter> = { 'Ed25519' : Ed25519, 'P-256' : Secp256r1, 'secp256k1' : Secp256k1, 'X25519' : X25519 }; const converter = converters[curve]; if (!converter) throw new DidError(DidErrorCode.InvalidPublicKeyType, `Unsupported curve: ${curve}`); return converter; } /** * Converts a Multicodec code or name to parial JWK (JSON Web Key). * * @example * ```ts * const partialJwk = await DidKeyUtils.multicodecToJwk({ name: 'ed25519-pub' }); * ``` * * @param params - The parameters for the conversion. * @param params.code - Optional Multicodec code to convert. * @param params.name - Optional Multicodec name to convert. * @returns A promise that resolves to a JOSE format key. */ public static async multicodecToJwk({ code, name }: { code?: MulticodecCode, name?: string }): Promise<Jwk> { // Either code or name must be specified, but not both. if (!(name ? !code : code)) { throw new Error(`Either 'name' or 'code' must be defined, but not both.`); } // If name is undefined, lookup by code. name = (name === undefined ) ? Multicodec.getNameFromCode({ code: code! }) : name; const lookupKey = name; const jose = DidKeyUtils.MULTICODEC_TO_JWK[lookupKey]; if (jose === undefined) { throw new Error(`Unsupported Multicodec to JWK conversion`); } return { ...jose }; } /** * Converts a public key in JWK (JSON Web Key) format to a multibase identifier. * * @remarks * Note: All secp public keys are converted to compressed point encoding * before the multibase identifier is computed. * * Per {@link https://github.com/multiformats/multicodec/blob/master/table.csv | Multicodec table}: * Public keys for Elliptic Curve cryptography algorithms (e.g., secp256k1, * secp256k1r1, secp384r1, etc.) are always represented with compressed point * encoding (e.g., secp256k1-pub, p256-pub, p384-pub, etc.). * * Per {@link https://datatracker.ietf.org/doc/html/rfc8812#name-jose-and-cose-secp256k1-cur | RFC 8812}: * "As a compressed point encoding representation is not defined for JWK * elliptic curve points, the uncompressed point encoding defined there * MUST be used. The x and y values represented MUST both be exactly * 256 bits, with any leading zeros preserved." * * @example * ```ts * const publicKey = { crv: 'Ed25519', kty: 'OKP', x: '...' }; * const multibaseId = await DidKeyUtils.publicKeyToMultibaseId({ publicKey }); * ``` * * @param params - The parameters for the conversion. * @param params.publicKey - The public key in JWK format. * @returns A promise that resolves to the multibase identifier. */ public static async publicKeyToMultibaseId({ publicKey }: { publicKey: Jwk }): Promise<string> { if (!(publicKey?.crv && publicKey.crv in AlgorithmToKeyTypeMap)) { throw new DidError(DidErrorCode.InvalidPublicKeyType, `Public key contains an unsupported key type: ${publicKey?.crv ?? 'undefined'}`); } // Convert the public key from JWK format to a byte array. let publicKeyBytes = await DidKeyUtils.keyConverter(publicKey.crv).publicKeyToBytes({ publicKey }); // Compress the public key if it is an elliptic curve key. if (/^(secp256k1|P-256|P-384|P-521)$/.test(publicKey.crv)) { publicKeyBytes = await DidKeyUtils.keyCompressor(publicKey.crv)({ publicKeyBytes }); } // Convert the JSON Web Key (JWK) parameters to a Multicodec name. const { name: multicodecName } = await DidKeyUtils.jwkToMulticodec({ jwk: publicKey }); // Compute the multibase identifier based on the provided key. const multibaseId = keyBytesToMultibaseId({ keyBytes: publicKeyBytes, multicodecName }); return multibaseId; } }