1. 简介
DID命令行工具方便大家更便捷的创建和管理自己的DID。
核心功能有:
- DID管理
- 声明管理
- Identity Hub 管理
2. 下载
注:下载完成后,请赋予执行权限
cp didctl-* didctl
chmod +x didctl
3. DID管理
3.1. 创建DID
描述
创建DID时,先根据算法生成DID和私钥并保存在本地,然后同步到链上,状态显示creating
。
用户需要使用查询命令才能实时查询创建进度。
权限
Anyone
,即任何人都可以创建自己的DID
命令
didctl create did
{
"did": "did::ccp:xxxx",
"privKey": [
"123",
"456"
],
"status": "creating"
}
其中,did和privKey会进行本地存储,status每次都实时查询,创建时status固定返回creating。
privKey
:十六进制打印的私钥status
:creating
/running
/failed
/deleted
/none
3.2. 删除DID
描述
删除一个running
的did
权限
Owner
,即只有DID的owner才能删除DID
命令
didctl delete did did::ccp:xxxx
{
"did": "did::ccp:xxxx",
"status": "deleted"
}
3.3. 获取DID列表
描述
获取DID列表
权限
Owner
,即只能获取自己的DID
命令
didctl get did
[
{
"did": "did::ccp:xxxx",
"privKey": [
"123",
"456"
],
"status": "creating"
},
{
"did": "did::ccp:xxxx",
"privKey": [
"123",
"456"
],
"status": "running"
},
{
"did": "did::ccp:xxxx",
"privKey": [
"123",
"456"
],
"status": "failed"
}
]
3.4. 解析DID
描述
解析DID
权限
Anyone
,即任何人都可以随意解析DID
命令
didctl get did did::ccp:xxxx
{
"@context": "https://w3id.org/did/v1",
"id": "did::ccp:xxxx",
"version": 1,
"created": "2016-02-08T16:02:20Z",
"updated": "2016-02-08T16:02:20Z",
"publicKey": [
{
"id": "did::ccp:xxxx#keys-1",
"type": "Secp256k1",
"publicKeyHex": "02b97c30de767f084ce3080168ee293053ba33b235d7116a3263d29f1450936b71"
},
{
"id": "did::ccp:xxxx#keys-2",
"type": "Secp256k1",
"publicKeyHex": "e3080168ee293053ba33b235d7116a3263d29f1450936b71"
}
],
"authentication": [
"did::ccp:xxxx#key-1"
],
"recovery": [
"did::ccp:xxxx#key-2"
],
"service": [
{
"id": "did::ccp:xxxx#resolver",
"type": "DIDResolve",
"serviceEndpoint": "https://did.baidu.com"
}
],
"proof": {
"type": "Secp256k1",
"creator": "did::ccp:xxxx#keys-1",
"signatureValue": "QNB13Y7Q9...1tzjn4w=="
}
}
字段解释见:https://did.baidu.com/did-spec/
3.5. 使用DID的公钥加密数据
描述
使用DID的公钥加密数据。
用户在 App 上使用 DID 时得证明自己是 DID 的所有者,主要运用的机制是挑战-响应机制:App 首先根据用户提供的 DID 用从 DID Resolver 查到对应的 DID Document,然后 App 使用 DID Document 中的公钥加密自己随机生成的一串 nonce,发送给用户,用户用自己的私钥解密后得到这串 nonce,把 nonce 发送给 App 完成挑战。
此命令实现:查询目标DID的Document并使用其中的公钥加密字符串的功能。
权限
Anyone
,即任何人都可以使用已存在的DID的公钥加密字符串
命令
didctl encrypt did::ccp:xxxx plainText
{
"cipherText": "xxx"
}
3.6. 使用DID的私钥解密数据
描述
使用DID的私钥解密数据。
权限
Owner
,即只有DID的拥有者才能解密字符串
命令
didctl decrypt did::ccp:xxxx cipherText
{
"plainText": "123"
}
4. 声明管理
4.1. 获取发证方列表
描述
获取发证方列表
权限
Anyone
命令
didctl get issuer
[
{
"id": 3,
"uuid": "407ab47f-1f7e-4a8c-86b0-e5c12dddf87d",
"did": "did:ccp:ceNobbK6Me9F5zwyE3MKY88QZLw",
"website": "https://cloud.baidu.com/solution/digitalIdentity.html",
"endpoint": "https://did.baidu.com",
"shortDescription": "XXX实名认证声明",
"longDescription": "XXX实名认证声明",
"serviceType": "RealNameAuthentication",
"requestData": {
"basicData": [
"Name",
"MobilePhone"
]
},
"deleted": false,
"createTime": "2019-10-14T13:33:05+08:00",
"updateTime": "2019-10-14T13:33:05+08:00"
}
]
4.2. 添加发证方
描述
添加发证方相关信息
权限
Owner
,即发证方DID的拥有者才能注册相关信息
命令
didctl create issuer -f /file/to/issuerInfo.json
{
"uuid": "fc16ad2d-6d03-4903-a509-efd1f4db3d14"
}
4.3. 删除发证方
描述
删除发证方相关信息
权限
Owner
,即发证方DID的拥有者才能删除相关信息
命令
// did:ccp:xxx是issuer的did
didctl delete issuer did:ccp:xxx issuerUUID
Delete issuer success.
4.4. 签发声明
描述
使用目标DID签发声明
权限
Owner
,即只有目标DID的拥有者才能签发
命令
// did:ccp:xxxx 是 issuer DID
didctl issue claim did:ccp:xxxx -f /path/to/rawClaim.json
{
"@context": [
"https://www.w3.org/2018/credentials/v1"
],
"id": "xxxxx",
"type": [
"ProofClaim"
],
"issuer": "did:ccp:xxxx",
"issuanceDate": "2017-04-01T12:01:20Z",
"expirationDate": "2017-04-01T12:01:20Z",
"credentialSubject": {
"id": "did:ccp:97c30de767f084ce3080168ee293053ba33b235d71",
"shortDescription": "xxx",
"longDescription": "xxx",
"type": "RealNameAuthentication"
},
"revocation": {
"id": "https://example.com/v1/claim/revocations",
"type": "SimpleRevocationListV1"
},
"proof": [
{
"creator": "did:ccp:xxxx/1",
"type": "Secp256k1",
"signatureValue": "eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19"
}
]
}
rawClaim.json
示例如下:
{
"type": [
"ProofClaim"
],
"expirationDate": "2017-04-01T12:01:20Z",
"credentialSubject": {
"id": "did:ccp:ceNobbK6Me9F5zwyE3MKY88QZLw",
"shortDescription": "实名认证声明",
"longDescription": "该用户经过了我司的实名认证",
"type": "RealNameAuthentication"
},
"revocation": {
"id": "https://example.com/v1/claim/revocations",
"type": "SimpleRevocationListV1"
}
}
type
:claim所属大类的类型,目前仅支持ProofClaim
expirationDate
:claim过期时间,格式:2017-04-01T12:01:20Z
credentialSubject
:签发的内容,其中id
是目标did,shortDescription
和longDescription
分别是长短描述,type是claim的类型。revocation
:claim的吊销相关信息
claim 支持如下类型:
RealNameAuthentication
:实名认证FingerprintAuthentication
:指纹认证EnterpriseAuthentication
:企业认证BusinessAuthentication
:商户认证VIPAuthentication
:大客户认证
claim的详细说明见:http://did.baidu.com/verifiable-claim/
4.5. 验证声明
描述
验证声明
权限
Anyone
,即任何人都可以验证声明
命令
didctl verify claim -f /path/to/claim.json
{
"result": "success"
}
result
:验证结果,success
/failed
4.6. 申请声明
描述
申请声明
权限
Owner
,即只有DID的拥有者才能为自己的DID申请声明
命令
// https://example.com 是issue endpoint
didctl apply claim -f /path/to/provideData.json -i https://example.com
{
"applyId": "c71f883b-b3dd-4851-8110-e94b32bef91d"
}
其中provideData.json
举例如下:
{
"did": "did:ccp:rGiR2khCfp8fxFf2Ss2eKnAbfhb",
"provideData": {
"Name": "lilei",
"MobilePhone": "13088888888",
"ClaimType": "RealNameAuthentication"
}
}
4.7. 获取声明申请结果
描述
获取声明申请结果
权限
Owner
,即只有DID的拥有者才能去获取相应的申请结果
命令
didctl get claimResult did:ccp:xxxx c71f883b-b3dd-4851-8110-e94b32bef91d -f /path/to/store/claim.json
{
status:"Done",
claim: {...}
}
-f
:指定存储路径,可选
5. Identity hub
5.1. 获取 Hub DID
描述
通过 hub 的 url 获取 hub 的 did
权限
Anyone
命令
didctl get hubDid
{
"hubDid": "did:ccp:4FVf55vxFa466f37XoFqfmFuvYAx"
}
5.2. 获取hub 中的声明
描述
获取 hub 种存储的Claim
权限
Owner
,即只有 DID 的拥有者才能获取自己的数据
命令
didctl get claim did::ccp:xxxx claimId [-f /path/to/store/claim.json]
didctl get claim did::ccp:xxxx
[
{
"claimId": "56be6cf448bb423eb46a35a56b5878a8758fff0b20517d3fe51abbb32746ee91",
"claim": {
"@context": [
"https://www.w3.org/2018/credentials/v1"
],
"id": "9a5b9594-ca53-4532-8dd9-95db6eb7b646",
"type": [
"ProofClaim"
],
"issuer": "did:ccp:471jwUNr8dxvVJfFPtzVbMped7mW",
"issuanceDate": "2020-01-13T11:03:47Z",
"expirationDate": "2088-04-01T12:01:20Z",
"credentialSubject": {
"id": "did:ccp:ceNobbK6Me9F5zwyE3MKY88QZLw",
"shortDescription": "实名认证声明",
"longDescription": "该用户经过了我司的实名认证",
"type": "RealNameAuthentication"
},
"revocation": {
"id": "https://example.com/v1/claim/revocations",
"type": "SimpleRevocationListV1"
},
"proof": [
{
"type": "Secp256k1",
"creator": "did:ccp:471jwUNr8dxvVJfFPtzVbMped7mW/1",
"signatureValue": "3044022051c2115ccfd015e856c797da22f3a2561fb17642103b382264dd3bf9cbe898ed022066aed37712b37f44f21294967947cb33e16cc84713907975b5ec049d4ebbfbeb"
}
]
}
}
]
// 指定claimId
didctl get claim did::ccp:xxxx 56be6cf448bb423eb46a35a56b5878a8758fff0b20517d3fe51abbb32746ee91
{
"@context": [
"https://www.w3.org/2018/credentials/v1"
],
"id": "9a5b9594-ca53-4532-8dd9-95db6eb7b646",
"type": [
"ProofClaim"
],
"issuer": "did:ccp:471jwUNr8dxvVJfFPtzVbMped7mW",
"issuanceDate": "2020-01-13T11:03:47Z",
"expirationDate": "2088-04-01T12:01:20Z",
"credentialSubject": {
"id": "did:ccp:ceNobbK6Me9F5zwyE3MKY88QZLw",
"shortDescription": "实名认证声明",
"longDescription": "该用户经过了我司的实名认证",
"type": "RealNameAuthentication"
},
"revocation": {
"id": "https://example.com/v1/claim/revocations",
"type": "SimpleRevocationListV1"
},
"proof": [
{
"type": "Secp256k1",
"creator": "did:ccp:471jwUNr8dxvVJfFPtzVbMped7mW/1",
"signatureValue": "3044022051c2115ccfd015e856c797da22f3a2561fb17642103b382264dd3bf9cbe898ed022066aed37712b37f44f21294967947cb33e16cc84713907975b5ec049d4ebbfbeb"
}
]
}
claimId
为空,那么就获取hub 中的所有 claim[-f /path/to/store/claim]
为获取 claim 后本地存储的路径,为空则不本地存储
5.3. 将声明存储在 hub 中
描述
将创建或者本地的声明存储到 hub 中
权限
Owner
,即只有 DID 的拥有者才能操作自己的数据
命令
签发声明后同时存储在本地和 hub
didctl issue claim did:ccp:xxxx -f /path/to/rawClaim.json [--hub]
将本地的声明存储到 hub 中
didctl sync claim did:ccp:xxxx -f /path/to/claim.json
{
"claimId": "56be6cf448bb423eb46a35a56b5878a8758fff0b20517d3fe51abbb32746ee91"
}
5.4. 删除hub中的 claim
描述
删除存储在 hub 中的 claim
权限
Owner
,即只有 DID 的拥有者才能操作自己的数据
命令
didctl delete claim did:ccp:xxxx claimIds
didctl delete claim did:ccp:xxxx 02e615696fd0051991ac0e7164be898e22e9a6cb0ef96c8daa57a794a3348bc7
claim 02e615696fd0051991ac0e7164be898e22e9a6cb0ef96c8daa57a794a3348bc7 has been deleted from hub
5.5. 将 claim 授权分享给第三方 DID
描述
将 claim 分享给第三方 DID
权限
Owner
,即只有 DID 的拥有者才能分享自己的数据
命令
// did: 第三方的did
didctl create permission <from DID> claimId <to DID>
didctl create permission did:ccp:xxxx 56be6cf448bb423eb46a35a56b5878a8758fff0b20517d3fe51abbb32746ee91 did:ccp:dftAQtkF2v3PNRz2BLFqhGPQ6SK
{
"permissionId": "385968d96cb5346cf571e84a1fab49027b92f3f2cbd65c3366e30ca948331e50"
}
5.6. 查看创建的授权信息
描述
查看已经创建的claim 授权分享信息
权限
Owner
,即只有 DID 的拥有者才能查看自己创建的授权
命令
didctl get permission did:ccp:xxxx [permissionId]
// 获取所有permission
didctl get permission did:ccp:xxxx
[
{
"permissionId": "385968d96cb5346cf571e84a1fab49027b92f3f2cbd65c3366e30ca948331e50",
"permission": {
"owner": "did:ccp:3m79cYx51cbo9m28PPVkd5Hxydbd",
"grantee": "did:ccp:dftAQtkF2v3PNRz2BLFqhGPQ6SK",
"allow": "-R--",
"context": "schema.identity.foundation/0.1",
"type": "Claim",
"objectId": "56be6cf448bb423eb46a35a56b5878a8758fff0b20517d3fe51abbb32746ee91",
"key": "5ae6e37dbd3ba07ccef4ec30dc47836e66488d14a8821681e966194aa8ba138f04cd7014c6372030458892139de05e3c99abcd47107f5c4093e09eb2632440cd208030a143b84b10b5aa6661f67a1868360a4bf82cb8a8e41bf969dba79d154edc",
"expiration": 1578726167568
}
}
]
// 根据permissionId 获取具体信息
didctl get permission did:ccp:xxxx 385968d96cb5346cf571e84a1fab49027b92f3f2cbd65c3366e30ca948331e50
{
"owner": "did:ccp:3m79cYx51cbo9m28PPVkd5Hxydbd",
"grantee": "did:ccp:dftAQtkF2v3PNRz2BLFqhGPQ6SK",
"allow": "-R--",
"context": "schema.identity.foundation/0.1",
"type": "Claim",
"objectId": "56be6cf448bb423eb46a35a56b5878a8758fff0b20517d3fe51abbb32746ee91",
"key": "5ae6e37dbd3ba07ccef4ec30dc47836e66488d14a8821681e966194aa8ba138f04cd7014c6372030458892139de05e3c99abcd47107f5c4093e09eb2632440cd208030a143b84b10b5aa6661f67a1868360a4bf82cb8a8e41bf969dba79d154edc",
"expiration": 1578726167568
}
- [permissionId]为空,则获取所有 permission的元信息列表
5.7. 第三方通过授权获取数据
描述
第三方 DID 通过授权获取 claim
权限
Authorized DID
,即只有被授权的DID 才能获取 claim
命令
didctl get claimByPermission did:ccp:xxxx claimId ownerDID
didctl get claimByPermission did:ccp:xxxx 56be6cf448bb423eb46a35a56b5878a8758fff0b20517d3fe51abbb32746ee91 did:ccp:3m79cYx51cbo9m28PPVkd5Hxydbd
{
"@context": [
"https://www.w3.org/2018/credentials/v1"
],
"id": "9a5b9594-ca53-4532-8dd9-95db6eb7b646",
"type": [
"ProofClaim"
],
"issuer": "did:ccp:471jwUNr8dxvVJfFPtzVbMped7mW",
"issuanceDate": "2020-01-13T11:03:47Z",
"expirationDate": "2088-04-01T12:01:20Z",
"credentialSubject": {
"id": "did:ccp:ceNobbK6Me9F5zwyE3MKY88QZLw",
"shortDescription": "实名认证声明",
"longDescription": "该用户经过了我司的实名认证",
"type": "RealNameAuthentication"
},
"revocation": {
"id": "https://example.com/v1/claim/revocations",
"type": "SimpleRevocationListV1"
},
"proof": [
{
"type": "Secp256k1",
"creator": "did:ccp:471jwUNr8dxvVJfFPtzVbMped7mW/1",
"signatureValue": "3044022051c2115ccfd015e856c797da22f3a2561fb17642103b382264dd3bf9cbe898ed022066aed37712b37f44f21294967947cb33e16cc84713907975b5ec049d4ebbfbeb"
}
]
}
5.8. 删除hub中的 claim
描述
删除已创建的授权
权限
Owner
,即只有 DID 的拥有者才能操作自己的数据
命令
didctl delete permission did:ccp:xxxx permissionId
didctl delete permission did:ccp:xxxx 385968d96cb5346cf571e84a1fab49027b92f3f2cbd65c3366e30ca948331e50
permission 385968d96cb5346cf571e84a1fab49027b92f3f2cbd65c3366e30ca948331e50 has been deleted from hub
6. 配置
6.1. 显示配置
描述
显示命令行配置
权限
Anyone
命令
didctl config --list
{
"resolverEndpoint": "https://did.baidu.com"
}
6.2. 设置配置
描述
设置配置
权限
Anyone
命令
# 设置
didctl config set resolver="https://did.baidu.com"
didctl config --list
{
"resolver": "https://did.baidu.com",
"repo": "/Users/John/.did"
}
# 删除
didctl config set resolver=
didctl config --list
{
"repo": "/Users/John/.did"
}
支持如下字段:
resolver
:DID解析器地址,默认为https://did.baidu.com
repo
:本地存储位置,默认为~/.did
registry
:发证方注册中心地址,默认为https://did.baidu.com
hub_url
:hub 地址,需要用户手动设置hub_did
:hub DID,需要用户手动设置