README
¶
Mailio Decentralized Indetifiers (DID)
The implementation is loosely based on this repository: https://github.com/whyrusleeping/go-did
Example Mailio DID document:
{
"@context": ["https://www.w3.org/ns/did/v1", "https://w3id.org/security/suites/ed25519-2020/v1", "https://w3id.org/security/suites/x25519-2019/v1"],
"id": "did:mailio:0xedccad2a5fc72c7924eed3a93ca631cd6b1f02de",
"authentication": ["did:mailio:0xedccad2a5fc72c7924eed3a93ca631cd6b1f02de#master"],
"verificationMethod": [{
"id": "did:mailio:0xedccad2a5fc72c7924eed3a93ca631cd6b1f02de#master",
"type": "JsonWebKey2020",
"controller": "did:mailio:0xedccad2a5fc72c7924eed3a93ca631cd6b1f02de",
"publicKeyJwk": {
"crv": "Ed25519",
"kty": "OKP",
"x": "RlpTGFFWyaPo_-eM8vDaZ_LPFgoVYnBeeo5c4d_6pQQ"
}
}],
"keyAgreement": [{
"id": "did:mailio:0xedccad2a5fc72c7924eed3a93ca631cd6b1f02de",
"type": "X25519KeyAgreementKey2019",
"controller": "did:mailio:0xedccad2a5fc72c7924eed3a93ca631cd6b1f02de",
"publicKeyMultibase": "2NFu1v4xS8QxgfkoaqarGv6rV6mEqpXht1SxQqR2QXgg"
}],
"service": [{
"id": "did:mailio:0x7baa1e7c6af409a1b8125ef15553192c4682c17e#auth",
"type": "MailioDIDAuth",
"serviceEndpoint": "https://api.mail.io/api/v1/didauth/did:mailio:0xedccad2a5fc72c7924eed3a93ca631cd6b1f02de"
}, {
"id": "did:mailio:0x7baa1e7c6af409a1b8125ef15553192c4682c17e#didcomm",
"type": "DIDCommMessaging",
"serviceEndpoint": "https://api.mail.io/api/v2/didmessage/did:mailio:0xedccad2a5fc72c7924eed3a93ca631cd6b1f02de",
"accept": ["didcomm/v2", "didcomm/aip2;env=rfc587"]
}]
}
Mailio DID
Mailio DID is composed based on Igor Rendulic, "MIR-11: Mailio Decentralized Identifiers (DIDs) [DRAFT]," Mailio Improvement Proposals, no. 11, September 2022. [Online serial].
Mailio Verification Methods
A set of parameters that can be used together with a process to independently verify a proof.
For example, a cryptographic public key can be used as a verification method with respect to a digital signature; in such usage, it verifies that the signer possessed the associated cryptographic private key.
Mailio DID Authentication
The authentication is used to specify how the Mailio DID subject is expected to be authenticated, for purposes such as logging into a website / engaging in challenge-response protocol.
Mailio KeyAgreement
The keyAgreement in Mailio is used to specify how an entity can generate encryption material in order to transmit confidential information intended for the Mailio DID, such as for the purposes of establishing a secure communication channel with the recipient.
Mailio Service
Services are used to express ways of communicating with the Mailio DID subjects.
Mailio supports two types of services:
- MailioDIDAuth specifying an authentication endpoint
- DIDCommMessaging specifying an endpoint for messaging with a DID subject and supported DIDComm version
Documentation
¶
Index ¶
Constants ¶
const ( AuthenticationDIDType = "MailioDIDAuth" MessagingDIDType = "DIDCommMessaging" )
const ( MCed25519 = 0xED KeyTypeEd25519 = "Ed25519VerificationKey2020" PublicKeyJwkType = "JsonWebKey2020" KeyTypeX25519KeyAgreement = "X25519KeyAgreementKey2019" DIDKeyPrefix = "did:mailio:" )
const ( CtxDIDv1 = "https://www.w3.org/ns/did/v1" CtxSecEd25519_2020v1 = "https://w3id.org/security/suites/ed25519-2020/v1" CtxSecX25519_2019v1 = "https://w3id.org/security/suites/x25519-2019/v1" CtxDIDCommMsg_v2 = "https://didcomm.org/messaging/contexts/v2" )
Variables ¶
var (
ErrInvalidSignature = fmt.Errorf("invalid signature")
)
Functions ¶
This section is empty.
Types ¶
type AuthorizedApplication ¶ added in v0.1.7
type AuthorizedApplication struct {
ID string `json:"id"` // target application did: did:example:123456789abcdefghi
Domains []string `json:"domains"` // domains of the auth application: [example.com]
ApprovalDate time.Time `json:"approvalDate"`
UserPermissions []string `json:"userPermissions,omitempty"` // optional list of permissions specific to a target application
}
type CredentialStatus ¶ added in v0.1.7
type CredentialStatus struct {
ID string `json:"id"` // https://example.edu/status/24"
Type string `json:"type"` // CredentialStatusList2017
}
type CredentialSubject ¶ added in v0.1.7
type CredentialSubject struct {
ID string `json:"id"`
Origin string `json:"origin,omitempty"`
AuthorizedApplication *AuthorizedApplication `json:"authorizedApplication,omitempty"`
}
type DID ¶
type DID struct {
// contains filtered or unexported fields
}
func (DID) MarshalJSON ¶
func (*DID) UnmarshalJSON ¶
type Document ¶
type Document struct {
Context []string `json:"@context"`
ID DID `json:"id"`
AlsoKnownAs []string `json:"alsoKnownAs,omitempty"`
Authentication []interface{} `json:"authentication,omitempty"`
VerificationMethod []VerificationMethod `json:"verificationMethod,omitempty"`
KeyAgreement []KeyAgreement `json:"keyAgreement,omitempty"`
Service []Service `json:"service,omitempty"`
}
Each DID document can express cryptographic material, verification methods, or services, which provide a set of mechanisms enabling a DID controller to prove control of the DID. Services enable trusted interactions associated with the DID subject.
func NewMailioDIDDocument ¶
type KeyAgreement ¶
type KeyAgreement struct {
ID string `json:"id,omitempty"`
Type string `json:"type,omitempty"` // usually X25519KeyAgreementKey2019
Controller string `json:"controller,omitempty"`
PublicKeyMultibase string `json:"publicKeyMultibase,omitempty"`
PublicKeyJwk *PublicKeyJwk `json:"publicKeyJwk,omitempty"`
}
A set of parameters that can be used together with a process to independently derive a shared key or secret that can be used for secure communication.
func (*KeyAgreement) GetPublicKey ¶
func (ka *KeyAgreement) GetPublicKey() (*crypto.PublicKey, error)
GetPublicKey for an KeyAgreement
type MailioKey ¶
type MailioKey struct {
MasterSignKey *Key
MasterAgreementKey *Key
VerificationKeys []*Key
AuthenticationKeys []*Key
}
func (*MailioKey) DIDFromKey ¶
func (*MailioKey) MailioAddress ¶
type Proof ¶ added in v0.1.7
type Proof struct {
Type string `json:"type"`
Created time.Time `json:"created"`
ProofPurpose string `json:"proofPurpose"`
VerificationMethod string `json:"verificationMethod"`
Challenge string `json:"challenge,omitempty"` // prevent replay attacks
Domain string `json:"domain,omitempty"` // prevent replay attacks
Jws string `json:"jws"`
}
type PublicKeyJwk ¶
func (*PublicKeyJwk) GetRawKey ¶
func (pk *PublicKeyJwk) GetRawKey() (interface{}, error)
func (*PublicKeyJwk) MarshalJSON ¶
func (pkj *PublicKeyJwk) MarshalJSON() ([]byte, error)
func (*PublicKeyJwk) UnmarshalJSON ¶
func (pkj *PublicKeyJwk) UnmarshalJSON(b []byte) error
type Service ¶
type Service struct {
ID string `json:"id"`
Type string `json:"type"`
ServiceEndpoint string `json:"serviceEndpoint"`
Accept []string `json:"accept,omitempty"`
RoutingKeys []string `json:"routingKeys,omitempty"`
}
Means of communicating or interacting with the DID subject or associated entities via one or more service endpoints. Examples include discovery services, agent services, social networking services, file storage services, and verifiable credential repository services.
type VerifiableCredential ¶ added in v0.1.7
type VerifiableCredential struct {
Context []string `json:"@context"`
ID string `json:"id,omitempty"`
Type []string `json:"type"`
Issuer string `json:"issuer"`
IssuanceDate time.Time `json:"issuanceDate"`
CredentialSubject CredentialSubject `json:"credentialSubject"`
Proof *Proof `json:"proof,omitempty"`
CredentialStatus *CredentialStatus `json:"credentialStatus,omitempty"`
}
VerifiableCredential is a JSON-LD document that cryptographically proves that the subject identified by the DID has been verified against a given credential schema. The Verifiable Credential data model is defined in the W3C Verifiable Credentials Data Model 1.0 specification.
func NewVerifiableCredential ¶ added in v0.1.7
func NewVerifiableCredential(mailioDID string) *VerifiableCredential
func (*VerifiableCredential) CreateProof ¶ added in v0.1.7
func (vc *VerifiableCredential) CreateProof(privateKey ed25519.PrivateKey) error
CreateProof creates a proof for Verifiable Credential using private key from a signer
func (*VerifiableCredential) VerifyProof ¶ added in v0.1.7
func (vc *VerifiableCredential) VerifyProof(publicKey ed25519.PublicKey) (bool, error)
Verify if the proof of Verifialbe Credential is valid using public key from a signer
type VerifiablePresentation ¶ added in v0.1.7
type VerifiablePresentation struct {
Context []string `json:"@context"`
ID string `json:"id"`
Type string `json:"type"`
Holder string `json:"holder"`
VerifiableCredential []VerifiableCredential `json:"verifiableCredential"`
Proof Proof `json:"proof"`
}
VerifiablePresentation is a JSON-LD document that cryptographically proves that the holder of the DID has been verified against a given credential schema. (response to VC request)
type VerificationMethod ¶
type VerificationMethod struct {
ID string `json:"id,omitempty"`
Type string `json:"type,omitempty"`
Controller string `json:"controller,omitempty"`
PublicKeyJwk *PublicKeyJwk `json:"publicKeyJwk,omitempty"`
}
A set of parameters that can be used together with a process to independently verify a proof. For example, a cryptographic public key can be used as a verification method with respect to a digital signature; in such usage, it verifies that the signer possessed the associated cryptographic private key.
func (VerificationMethod) GetPublicKey ¶
func (vm VerificationMethod) GetPublicKey() (*crypto.PublicKey, error)
get public key from verification method
Source Files