This presentation:

Leaving presentation mode.

Verifiable Credentials and Decentralized Identifiers with DIDKit

Charles E. Lehner / Spruce Systems, Inc.
FOSDEM 2022 Web3 Devroom

Verifiable Credentials (VCs)

Verifiable Credentials Data Model v1.1
W3C Recommendation

[Credentials and
	       Presentations. Figure 11 from VC Data Model]

Verifiable Credentials (VCs)

  // set the context, which establishes the special terms we will be using
  // such as 'issuer' and 'alumniOf'.
  "@context": [
  // specify the identifier for the credential
  "id": "",
  // the credential types, which declare what data to expect in the credential
  "type": ["VerifiableCredential", "AlumniCredential"],
  // the entity that issued the credential
  "issuer": "",
  // when the credential was issued
  "issuanceDate": "2010-01-01T19:23:24Z",
  // claims about the subjects of the credential
  "credentialSubject": {
    // identifier for the only subject of the credential
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    // assertion about the only subject of the credential
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": [{
        "value": "Example University",
        "lang": "en"
      }, {
        "value": "Exemple d'Université",
        "lang": "fr"
  // digital proof that makes the credential tamper-evident
  // see the NOTE at end of this section for more detail
  "proof": {
    // the cryptographic signature suite that was used to generate the signature
    "type": "RsaSignature2018",
    // the date the signature was created
    "created": "2017-06-18T21:19:10Z",
    // purpose of this proof
    "proofPurpose": "assertionMethod",
    // the identifier of the public key that can verify the signature
    "verificationMethod": "",
    // the digital signature value
    "jws": "eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..TCYt5X

Decentralized Identifiers (DIDs)

Decentralized Identifiers (DIDs) v1.0
W3C Proposed Recommendation

[Diagram of parts of a DID. Figure 1 from the DID Core Specification]

Decentralized Identifiers (DIDs)

Example 1: A simple DID document
  "@context": [
  "id": "did:example:123456789abcdefghi",
  "authentication": [{
    // used to authenticate as did:...fghi
    "id": "did:example:123456789abcdefghi#keys-1",
    "type": "Ed25519VerificationKey2020",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"


ssi: Core library in Rust
didkit: CLI and bindings
[DIDKit and ssi library architecture]


didkit-cli 0.1.1

    didkit <SUBCOMMAND>

    -h, --help       Prints help information
    -V, --version    Prints version information

    did-auth                      Authenticate with a DID
    did-dereference               Dereference a DID URL to a resource
    did-resolve                   Resolve a DID to a DID Document
    generate-ed25519-key          Generate and output a Ed25519 keypair in JWK format
    help                          Prints this message or the help of the given subcommand(s)
    key-to-did                    Output a DID for a given JWK according to the provided DID method name or pattern
    key-to-verification-method    Output a verificationMethod DID URL for a JWK and DID method name/pattern
    ssh-pk-to-jwk                 Convert a SSH public key to a JWK
    to-rdf-urdna2015              Convert JSON-LD to URDNA2015-canonicalized RDF N-Quads
    vc-issue-credential           Issue Credential
    vc-issue-presentation         Issue Presentation
    vc-verify-credential          Verify Credential
    vc-verify-presentation        Verify Presentation

DIDKit - Demo

  "@context": [
  "type": [
  "verifiableCredential": {
    "@context": [
    "type": [
    "credentialSubject": {
      "id": "did:key:zQ3shVad4rYU4yBPwBrUU6kPFwpwxccQDZUDovcJqYFbGQHX5"
    "issuer": "did:key:z6MkrPSezXuJQ9NXPtrduu4ZtpsuxFjKh9aj2UUTG11oPNsa",
    "issuanceDate": "2022-01-18T15:48:56Z",
    "proof": {
      "type": "Ed25519Signature2018",
      "proofPurpose": "assertionMethod",
      "verificationMethod": "did:key:z6MkrPSezXuJQ9NXPtrduu4ZtpsuxFjKh9aj2UUTG11oPNsa#z6MkrPSezXuJQ9NXPtrduu4ZtpsuxFjKh9aj2UUTG11oPNsa",
      "created": "2022-01-18T15:49:51.926Z",
      "jws": "eyJhbGciOiJFZERTQSIsImNyaXQiOlsiYjY0Il0sImI2NCI6ZmFsc2V9..bw6XLICM7KgHQCeGCSNekS-fuFz-QRIS9eX-ChR1hgQjunyZRKt-MSeHb-K21m3Yk0totuKV6-54XLjy8ju_Aw"
  "proof": {
    "type": "EcdsaSecp256k1Signature2019",
    "proofPurpose": "authentication",
    "verificationMethod": "did:key:zQ3shVad4rYU4yBPwBrUU6kPFwpwxccQDZUDovcJqYFbGQHX5#zQ3shVad4rYU4yBPwBrUU6kPFwpwxccQDZUDovcJqYFbGQHX5",
    "created": "2022-01-18T15:52:20.690Z",
    "jws": "eyJhbGciOiJFUzI1NksiLCJjcml0IjpbImI2NCJdLCJiNjQiOmZhbHNlfQ..csLle_2_LETPOlVtkrpgCPG3cxYmtqnaS3A_wl6ANHAkvlTNWu00Gk6xGHCrgvpc7A1E1RNZZFtw2OFL0c1LLw"
  "holder": "did:key:zQ3shVad4rYU4yBPwBrUU6kPFwpwxccQDZUDovcJqYFbGQHX5"

Other VC/DID Implementations




IRC: #spruce-dev @ Libera.Chat



[Portrait of CEL]

Matrix: /

IRC: cel @ Libera.Chat / W3C IRC /

Email: /

OpenPGP: B8FF 71DA 2A37 5F8F 93FC BBDA 4D2E 8021 3413 F006

Secure Scuttlebutt: @f/6sQ6d2CMxRUhLpspgGIulDxDCwYD7DzFzPNr7u5AU=.ed25519


Created 17 January 2022 by Charles E. Lehner. Last modified: 2022-01-18 14:11:57 -0500

This presentation is released under Creative Commons Attribution 4.0 International Public License, except for the following: the b6+ slides framework (modified), and the examples and diagrams from the VC Data Model and DID Core specification, are Copyright 2005-2021 W3C (MIT, ERCIM, Keio, Beihang) (W3C Software Notice and Document License); the DIDKit logo and diagrams are Copyright 2021 Spruce Systems, Inc.