1. 简介

DID命令行工具方便大家更便捷的创建和管理自己的DID。

核心功能有:

  • DID管理
  • 声明管理
  • Identity Hub 管理

2. 下载

注:下载完成后,请赋予执行权限

cp didctl-* didctl
chmod +x didctl

3. DID管理

3.1. 创建DID

描述

创建DID时,先根据算法生成DID和私钥并保存在本地,然后同步到链上,状态显示creating

用户需要使用查询命令才能实时查询创建进度。

权限

Anyone,即任何人都可以创建自己的DID

命令

didctl create did

{
    "did": "did::ccp:xxxx",
    "privKey": [
        "123",
        "456"
    ],
    "status": "creating"
}

其中,did和privKey会进行本地存储,status每次都实时查询,创建时status固定返回creating。

  • privKey:十六进制打印的私钥
  • statuscreating/running/failed/deleted/none

3.2. 删除DID

描述

删除一个running的did

权限

Owner,即只有DID的owner才能删除DID

命令

didctl delete did did::ccp:xxxx

{
    "did": "did::ccp:xxxx",
    "status": "deleted"
}

3.3. 获取DID列表

描述

获取DID列表

权限

Owner,即只能获取自己的DID

命令

didctl get did

[
    {
        "did": "did::ccp:xxxx",
        "privKey": [
            "123",
            "456"
        ],
        "status": "creating"
    },
    {
        "did": "did::ccp:xxxx",
        "privKey": [
            "123",
            "456"
        ],
        "status": "running"
    },
    {
        "did": "did::ccp:xxxx",
        "privKey": [
            "123",
            "456"
        ],
        "status": "failed"
    }
]

3.4. 解析DID

描述

解析DID

权限

Anyone,即任何人都可以随意解析DID

命令

didctl get did did::ccp:xxxx

{
    "@context": "https://w3id.org/did/v1",
    "id": "did::ccp:xxxx",
    "version": 1,
    "created": "2016-02-08T16:02:20Z",
    "updated": "2016-02-08T16:02:20Z",
    "publicKey": [
        {
            "id": "did::ccp:xxxx#keys-1",
            "type": "Secp256k1",
            "publicKeyHex": "02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71"
        },
        {
            "id": "did::ccp:xxxx#keys-2",
            "type": "Secp256k1",
            "publicKeyHex": "e3080168ee293053ba33b235d7116a3263d29f1450936b71"
        }
    ],
    "authentication": [
        "did::ccp:xxxx#key-1"
    ],
    "recovery": [
        "did::ccp:xxxx#key-2"
    ],
    "service": [
        {
            "id": "did::ccp:xxxx#resolver",
            "type": "DIDResolve",
            "serviceEndpoint": "https://did.baidu.com"
        }
    ],
    "proof": {
        "type": "Secp256k1",
        "creator": "did::ccp:xxxx#keys-1",
        "signatureValue": "QNB13Y7Q9...1tzjn4w=="
    }
}

字段解释见:https://did.baidu.com/did-spec/

3.5. 使用DID的公钥加密数据

描述

使用DID的公钥加密数据。

用户在 App 上使用 DID 时得证明自己是 DID 的所有者,主要运用的机制是挑战-响应机制:App 首先根据用户提供的 DID 用从 DID Resolver 查到对应的 DID Document,然后 App 使用 DID Document 中的公钥加密自己随机生成的一串 nonce,发送给用户,用户用自己的私钥解密后得到这串 nonce,把 nonce 发送给 App 完成挑战。

123

此命令实现:查询目标DID的Document并使用其中的公钥加密字符串的功能。

权限

Anyone,即任何人都可以使用已存在的DID的公钥加密字符串

命令

didctl encrypt did::ccp:xxxx plainText

{
    "cipherText": "xxx"
}

3.6. 使用DID的私钥解密数据

描述

使用DID的私钥解密数据。

权限

Owner,即只有DID的拥有者才能解密字符串

命令

didctl decrypt did::ccp:xxxx cipherText

{
    "plainText": "123"
}

4. 声明管理

4.1. 获取发证方列表

描述

获取发证方列表

权限

Anyone

命令

didctl get issuer

[
    {
        "id": 3,
        "uuid": "407ab47f-1f7e-4a8c-86b0-e5c12dddf87d",
        "did": "did:ccp:ceNobbK6Me9F5zwyE3MKY88QZLw",
        "website": "https://cloud.baidu.com/solution/digitalIdentity.html",
        "endpoint": "https://did.baidu.com",
        "shortDescription": "XXX实名认证声明",
        "longDescription": "XXX实名认证声明",
        "serviceType": "RealNameAuthentication",
        "requestData": {
            "basicData": [
                "Name",
                "MobilePhone"
            ]
        },
        "deleted": false,
        "createTime": "2019-10-14T13:33:05+08:00",
        "updateTime": "2019-10-14T13:33:05+08:00"
    }
]

4.2. 添加发证方

描述

添加发证方相关信息

权限

Owner,即发证方DID的拥有者才能注册相关信息

命令

didctl create issuer -f /file/to/issuerInfo.json

{
  "uuid": "fc16ad2d-6d03-4903-a509-efd1f4db3d14"
}

4.3. 删除发证方

描述

删除发证方相关信息

权限

Owner,即发证方DID的拥有者才能删除相关信息

命令

// did:ccp:xxx是issuer的did
didctl delete issuer did:ccp:xxx issuerUUID

Delete issuer success.

4.4. 签发声明

描述

使用目标DID签发声明

权限

Owner,即只有目标DID的拥有者才能签发

命令

// did:ccp:xxxx 是 issuer DID
didctl issue claim did:ccp:xxxx -f /path/to/rawClaim.json

{
    "@context": [
        "https://www.w3.org/2018/credentials/v1"
    ],
    "id": "xxxxx",
    "type": [
        "ProofClaim"
    ],
    "issuer": "did:ccp:xxxx",
    "issuanceDate": "2017-04-01T12:01:20Z",
    "expirationDate": "2017-04-01T12:01:20Z",
    "credentialSubject": {
        "id": "did:ccp:97c30de767f084ce3080168ee293053ba33b235d71",
        "shortDescription": "xxx",
        "longDescription": "xxx",
        "type": "RealNameAuthentication"
    },
    "revocation": {
        "id": "https://example.com/v1/claim/revocations",
        "type": "SimpleRevocationListV1"
    },
    "proof": [
        {
            "creator": "did:ccp:xxxx/1",
            "type": "Secp256k1",
            "signatureValue": "eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19"
        }
    ]
}

rawClaim.json 示例如下:

{
  "type": [
      "ProofClaim"
  ],
  "expirationDate": "2017-04-01T12:01:20Z",
  "credentialSubject": {
      "id": "did:ccp:ceNobbK6Me9F5zwyE3MKY88QZLw",
      "shortDescription": "实名认证声明",
      "longDescription": "该用户经过了我司的实名认证",
      "type": "RealNameAuthentication"
  },
  "revocation": {
      "id": "https://example.com/v1/claim/revocations",
      "type": "SimpleRevocationListV1"
  }
}
  • type:claim所属大类的类型,目前仅支持ProofClaim
  • expirationDate:claim过期时间,格式:2017-04-01T12:01:20Z
  • credentialSubject:签发的内容,其中id是目标did,shortDescriptionlongDescription分别是长短描述,type是claim的类型。
  • revocation:claim的吊销相关信息

claim 支持如下类型:

  • RealNameAuthentication:实名认证
  • FingerprintAuthentication:指纹认证
  • EnterpriseAuthentication:企业认证
  • BusinessAuthentication:商户认证
  • VIPAuthentication:大客户认证

claim的详细说明见:http://did.baidu.com/verifiable-claim/

4.5. 验证声明

描述

验证声明

权限

Anyone,即任何人都可以验证声明

命令

didctl verify claim -f /path/to/claim.json

{
    "result": "success"
}
  • result:验证结果,success/failed

4.6. 申请声明

描述

申请声明

权限

Owner,即只有DID的拥有者才能为自己的DID申请声明

命令

// https://example.com 是issue endpoint
didctl apply claim -f /path/to/provideData.json -i https://example.com

{
    "applyId": "c71f883b-b3dd-4851-8110-e94b32bef91d"
}

其中provideData.json举例如下:

{
  "did": "did:ccp:rGiR2khCfp8fxFf2Ss2eKnAbfhb",
  "provideData": {
      "Name": "lilei",
      "MobilePhone": "13088888888",
      "ClaimType": "RealNameAuthentication"
  }
}

4.7. 获取声明申请结果

描述

获取声明申请结果

权限

Owner,即只有DID的拥有者才能去获取相应的申请结果

命令

didctl get claimResult did:ccp:xxxx c71f883b-b3dd-4851-8110-e94b32bef91d -f /path/to/store/claim.json

{
    status:"Done",
    claim: {...}
}

-f:指定存储路径,可选

5. Identity hub

5.1. 获取 Hub DID

描述

通过 hub 的 url 获取 hub 的 did

权限

Anyone

命令

didctl get hubDid

{
    "hubDid": "did:ccp:4FVf55vxFa466f37XoFqfmFuvYAx"
}

5.2. 获取hub 中的声明

描述

获取 hub 种存储的Claim

权限

Owner,即只有 DID 的拥有者才能获取自己的数据

命令

didctl get claim did::ccp:xxxx claimId [-f /path/to/store/claim.json]
didctl get claim did::ccp:xxxx

[
    {
        "claimId": "56be6cf448bb423eb46a35a56b5878a8758fff0b20517d3fe51abbb32746ee91",
        "claim": {
            "@context": [
                "https://www.w3.org/2018/credentials/v1"
            ],
            "id": "9a5b9594-ca53-4532-8dd9-95db6eb7b646",
            "type": [
                "ProofClaim"
            ],
            "issuer": "did:ccp:471jwUNr8dxvVJfFPtzVbMped7mW",
            "issuanceDate": "2020-01-13T11:03:47Z",
            "expirationDate": "2088-04-01T12:01:20Z",
            "credentialSubject": {
                "id": "did:ccp:ceNobbK6Me9F5zwyE3MKY88QZLw",
                "shortDescription": "实名认证声明",
                "longDescription": "该用户经过了我司的实名认证",
                "type": "RealNameAuthentication"
            },
            "revocation": {
                "id": "https://example.com/v1/claim/revocations",
                "type": "SimpleRevocationListV1"
            },
            "proof": [
                {
                    "type": "Secp256k1",
                    "creator": "did:ccp:471jwUNr8dxvVJfFPtzVbMped7mW/1",
                    "signatureValue": "3044022051c2115ccfd015e856c797da22f3a2561fb17642103b382264dd3bf9cbe898ed022066aed37712b37f44f21294967947cb33e16cc84713907975b5ec049d4ebbfbeb"
                }
            ]
        }
    }
]

// 指定claimId
didctl get claim did::ccp:xxxx 56be6cf448bb423eb46a35a56b5878a8758fff0b20517d3fe51abbb32746ee91

{
    "@context": [
        "https://www.w3.org/2018/credentials/v1"
    ],
    "id": "9a5b9594-ca53-4532-8dd9-95db6eb7b646",
    "type": [
        "ProofClaim"
    ],
    "issuer": "did:ccp:471jwUNr8dxvVJfFPtzVbMped7mW",
    "issuanceDate": "2020-01-13T11:03:47Z",
    "expirationDate": "2088-04-01T12:01:20Z",
    "credentialSubject": {
        "id": "did:ccp:ceNobbK6Me9F5zwyE3MKY88QZLw",
        "shortDescription": "实名认证声明",
        "longDescription": "该用户经过了我司的实名认证",
        "type": "RealNameAuthentication"
    },
    "revocation": {
        "id": "https://example.com/v1/claim/revocations",
        "type": "SimpleRevocationListV1"
    },
    "proof": [
        {
            "type": "Secp256k1",
            "creator": "did:ccp:471jwUNr8dxvVJfFPtzVbMped7mW/1",
            "signatureValue": "3044022051c2115ccfd015e856c797da22f3a2561fb17642103b382264dd3bf9cbe898ed022066aed37712b37f44f21294967947cb33e16cc84713907975b5ec049d4ebbfbeb"
        }
    ]
}
  • claimId 为空,那么就获取hub 中的所有 claim
  • [-f /path/to/store/claim]为获取 claim 后本地存储的路径,为空则不本地存储

5.3. 将声明存储在 hub 中

描述

将创建或者本地的声明存储到 hub 中

权限

Owner,即只有 DID 的拥有者才能操作自己的数据

命令

签发声明后同时存储在本地和 hub

didctl issue claim did:ccp:xxxx -f /path/to/rawClaim.json [--hub]

将本地的声明存储到 hub 中

didctl sync claim did:ccp:xxxx -f /path/to/claim.json

{
    "claimId": "56be6cf448bb423eb46a35a56b5878a8758fff0b20517d3fe51abbb32746ee91"
}

5.4. 删除hub中的 claim

描述

删除存储在 hub 中的 claim

权限

Owner,即只有 DID 的拥有者才能操作自己的数据

命令

didctl delete claim did:ccp:xxxx claimIds

didctl delete claim did:ccp:xxxx 02e615696fd0051991ac0e7164be898e22e9a6cb0ef96c8daa57a794a3348bc7

claim 02e615696fd0051991ac0e7164be898e22e9a6cb0ef96c8daa57a794a3348bc7 has been deleted from hub

5.5. 将 claim 授权分享给第三方 DID

描述

将 claim 分享给第三方 DID

权限

Owner,即只有 DID 的拥有者才能分享自己的数据

命令

// did: 第三方的did
didctl create permission <from DID> claimId <to DID>

didctl create permission did:ccp:xxxx 56be6cf448bb423eb46a35a56b5878a8758fff0b20517d3fe51abbb32746ee91 did:ccp:dftAQtkF2v3PNRz2BLFqhGPQ6SK

{
    "permissionId": "385968d96cb5346cf571e84a1fab49027b92f3f2cbd65c3366e30ca948331e50"
}

5.6. 查看创建的授权信息

描述

查看已经创建的claim 授权分享信息

权限

Owner,即只有 DID 的拥有者才能查看自己创建的授权

命令

didctl get permission did:ccp:xxxx [permissionId]
// 获取所有permission
didctl get permission did:ccp:xxxx 

[
    {
        "permissionId": "385968d96cb5346cf571e84a1fab49027b92f3f2cbd65c3366e30ca948331e50",
        "permission": {
            "owner": "did:ccp:3m79cYx51cbo9m28PPVkd5Hxydbd",
            "grantee": "did:ccp:dftAQtkF2v3PNRz2BLFqhGPQ6SK",
            "allow": "-R--",
            "context": "schema.identity.foundation/0.1",
            "type": "Claim",
            "objectId": "56be6cf448bb423eb46a35a56b5878a8758fff0b20517d3fe51abbb32746ee91",
            "key": "5ae6e37dbd3ba07ccef4ec30dc47836e66488d14a8821681e966194aa8ba138f04cd7014c6372030458892139de05e3c99abcd47107f5c4093e09eb2632440cd208030a143b84b10b5aa6661f67a1868360a4bf82cb8a8e41bf969dba79d154edc",
            "expiration": 1578726167568
        }
    }
]

// 根据permissionId 获取具体信息
didctl get permission did:ccp:xxxx 385968d96cb5346cf571e84a1fab49027b92f3f2cbd65c3366e30ca948331e50

{
    "owner": "did:ccp:3m79cYx51cbo9m28PPVkd5Hxydbd",
    "grantee": "did:ccp:dftAQtkF2v3PNRz2BLFqhGPQ6SK",
    "allow": "-R--",
    "context": "schema.identity.foundation/0.1",
    "type": "Claim",
    "objectId": "56be6cf448bb423eb46a35a56b5878a8758fff0b20517d3fe51abbb32746ee91",
    "key": "5ae6e37dbd3ba07ccef4ec30dc47836e66488d14a8821681e966194aa8ba138f04cd7014c6372030458892139de05e3c99abcd47107f5c4093e09eb2632440cd208030a143b84b10b5aa6661f67a1868360a4bf82cb8a8e41bf969dba79d154edc",
    "expiration": 1578726167568
}

  • [permissionId]为空,则获取所有 permission的元信息列表

5.7. 第三方通过授权获取数据

描述

第三方 DID 通过授权获取 claim

权限

Authorized DID,即只有被授权的DID 才能获取 claim

命令

didctl get claimByPermission did:ccp:xxxx claimId ownerDID
didctl get claimByPermission did:ccp:xxxx 56be6cf448bb423eb46a35a56b5878a8758fff0b20517d3fe51abbb32746ee91 did:ccp:3m79cYx51cbo9m28PPVkd5Hxydbd

{
    "@context": [
        "https://www.w3.org/2018/credentials/v1"
    ],
    "id": "9a5b9594-ca53-4532-8dd9-95db6eb7b646",
    "type": [
        "ProofClaim"
    ],
    "issuer": "did:ccp:471jwUNr8dxvVJfFPtzVbMped7mW",
    "issuanceDate": "2020-01-13T11:03:47Z",
    "expirationDate": "2088-04-01T12:01:20Z",
    "credentialSubject": {
        "id": "did:ccp:ceNobbK6Me9F5zwyE3MKY88QZLw",
        "shortDescription": "实名认证声明",
        "longDescription": "该用户经过了我司的实名认证",
        "type": "RealNameAuthentication"
    },
    "revocation": {
        "id": "https://example.com/v1/claim/revocations",
        "type": "SimpleRevocationListV1"
    },
    "proof": [
        {
            "type": "Secp256k1",
            "creator": "did:ccp:471jwUNr8dxvVJfFPtzVbMped7mW/1",
            "signatureValue": "3044022051c2115ccfd015e856c797da22f3a2561fb17642103b382264dd3bf9cbe898ed022066aed37712b37f44f21294967947cb33e16cc84713907975b5ec049d4ebbfbeb"
        }
    ]
}

5.8. 删除hub中的 claim

描述

删除已创建的授权

权限

Owner,即只有 DID 的拥有者才能操作自己的数据

命令

didctl delete permission did:ccp:xxxx permissionId
didctl delete permission did:ccp:xxxx 385968d96cb5346cf571e84a1fab49027b92f3f2cbd65c3366e30ca948331e50

permission 385968d96cb5346cf571e84a1fab49027b92f3f2cbd65c3366e30ca948331e50 has been deleted from hub

6. 配置

6.1. 显示配置

描述

显示命令行配置

权限

Anyone

命令

didctl config --list

{
    "resolverEndpoint": "https://did.baidu.com"
}

6.2. 设置配置

描述

设置配置

权限

Anyone

命令

# 设置
didctl config set resolver="https://did.baidu.com"

didctl config --list

{
    "resolver": "https://did.baidu.com",
    "repo": "/Users/John/.did"
}

# 删除
didctl config set resolver=

didctl config --list

{
    "repo": "/Users/John/.did"
}

支持如下字段:

  • resolver:DID解析器地址,默认为https://did.baidu.com
  • repo:本地存储位置,默认为~/.did
  • registry:发证方注册中心地址,默认为https://did.baidu.com
  • hub_url:hub 地址,需要用户手动设置
  • hub_did:hub DID,需要用户手动设置