Skip to main content

The Basics of Decentralized Identity

Introduction

In this tutorial, we will explore the basics of decentralized identity. We will demonstrate how to initialize decentralized identifiers (DIDs), issue credentials, and verify those credentials using the did:key method for both the issuer and the subject.

Steps

Prerequisites

Before you begin, follow the prerequisites for installation and configuration instructions.

1. Initialize a DID for the Issuer (Company)

First, we will create a DID for a company called "Sample Company" using the did:key method.

veramo did create

Select the following options:

? Select identifier provider did:key
? Select key management system local
? Enter alias company

The expected output will be similar to:

┌──────────┬─────────┬──────────────────────────────────────────────────────────┐
│ provider │   alias │                                                      did │
├──────────┼─────────┼──────────────────────────────────────────────────────────┤
│  did:key │ company │ did:key:z6Mkh947sfb9PpdavrvESu9GMDhsoTaYTfeYYSaoG9gis3rh │
└──────────┴─────────┴──────────────────────────────────────────────────────────┘

2. Initialize a DID for the Subject (Employee)

Next, we will create a DID for an employee using the did:key method.

veramo did create

Select the following options:

? Select identifier provider did:key
? Select key management system local
? Enter alias employee

Expected output will be similar to:

┌──────────┬──────────┬──────────────────────────────────────────────────────────┐
│ provider │    alias │                                                      did │
├──────────┼──────────┼──────────────────────────────────────────────────────────┤
│  did:key │ employee │ did:key:z6Mkv3jVTwRPkvXszJcuffKuqben46eP3ye5fF5fCG56iaYF │
└──────────┴──────────┴──────────────────────────────────────────────────────────┘

3. Issue a Credential

With the DIDs set up, we will issue an "employee" credential from the company to the employee.

veramo credential create

Select the following options:

? Credential proofFormat jwt
? Issuer DID did:key:z6Mkh947sfb9PpdavrvESu9GMDhsoTaYTfeYYSaoG9gis3rh company
? Subject DID did:key:z6Mkv3jVTwRPkvXszJcuffKuqben46eP3ye5fF5fCG56iaYF
? Credential Type VerifiableCredential,EmployeeCredential
? Claim Type employeeOf
? Claim Value Sample Company

Expected output:

{
  "credentialSubject": {
    "employeeOf": "Sample Company",
    "id": "did:key:z6Mkv3jVTwRPkvXszJcuffKuqben46eP3ye5fF5fCG56iaYF"
  },
  "issuer": {
    "id": "did:key:z6Mkh947sfb9PpdavrvESu9GMDhsoTaYTfeYYSaoG9gis3rh"
  },
  "type": ["VerifiableCredential", "EmployeeCredential"],
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://veramo.io/contexts/profile/v1"
  ],
  "issuanceDate": "2024-06-27T03:47:06.000Z",
  "proof": {
    "type": "JwtProof2020",
    "jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdmVyYW1vLmlvL2NvbnRleHRzL3Byb2ZpbGUvdjEiXSwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIkVtcGxveWVlQ3JlZGVudGlhbCJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJlbXBsb3llZU9mIjoiU2FtcGxlIENvbXBhbnkifX0sInN1YiI6ImRpZDprZXk6ejZNa3YzalZUd1JQa3ZYc3pKY3VmZkt1cWJlbjQ2ZVAzeWU1ZkY1ZkNHNTZpYVlGIiwibmJmIjoxNzE5NDYwMDI2LCJpc3MiOiJkaWQ6a2V5Ono2TWtoOTQ3c2ZiOVBwZGF2cnZFU3U5R01EaHNvVGFZVGZlWVlTYW9HOWdpczNyaCJ9.PbIBO2mP7EHVsPzCmkI-nh9W8nehOj_9ArI2kUFlzW22RnpfakAqG7UfDAAamii28l8UG9P98jblZIDHFn5XBw"
  }
}

4. Verify the Credential

Finally, we will verify the issued credential to ensure its authenticity and validity.

veramo credential verify

Paste the credential to be verified (from above) and type Ctrl+D when done

{
  "credentialSubject": {
    "employeeOf": "Sample Company",
    "id": "did:key:z6Mkv3jVTwRPkvXszJcuffKuqben46eP3ye5fF5fCG56iaYF"
  },
  "issuer": {
    "id": "did:key:z6Mkh947sfb9PpdavrvESu9GMDhsoTaYTfeYYSaoG9gis3rh"
  },
  "type": ["VerifiableCredential", "EmployeeCredential"],
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://veramo.io/contexts/profile/v1"
  ],
  "issuanceDate": "2024-06-27T03:47:06.000Z",
  "proof": {
    "type": "JwtProof2020",
    "jwt": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdmVyYW1vLmlvL2NvbnRleHRzL3Byb2ZpbGUvdjEiXSwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIkVtcGxveWVlQ3JlZGVudGlhbCJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJlbXBsb3llZU9mIjoiU2FtcGxlIENvbXBhbnkifX0sInN1YiI6ImRpZDprZXk6ejZNa3YzalZUd1JQa3ZYc3pKY3VmZkt1cWJlbjQ2ZVAzeWU1ZkY1ZkNHNTZpYVlGIiwibmJmIjoxNzE5NDYwMDI2LCJpc3MiOiJkaWQ6a2V5Ono2TWtoOTQ3c2ZiOVBwZGF2cnZFU3U5R01EaHNvVGFZVGZlWVlTYW9HOWdpczNyaCJ9.PbIBO2mP7EHVsPzCmkI-nh9W8nehOj_9ArI2kUFlzW22RnpfakAqG7UfDAAamii28l8UG9P98jblZIDHFn5XBw"
  }
}

The expected output is:

Credential was verified successfully.

By following these steps, you have completed the basics of decentralized identity, from initializing DIDs to issuing and verifying credentials.