Manage keys, DIDs, issue Verifiable Credentials, and verify them using the SSI-Kit command line tool.
Choose between a Docker or a JVM-based runtime.
Make sure you have Docker build environment installed on your machine.
Pulling the project directly from DockerHub
2. Setting and alias for convenience
3. Getting an overview of the commands and options available
Make sure you have a JDK 16+ build environment including Gradle installed on your machine.
Clone the project
2. Change the folder
3. Run the project
The first time you run the command you will be asked to built the project. You can confirm the prompt.
You will now see an overview of all the different commands and options available.
4. Set an alias
To make it more convient to use, you can also set an alias as follows for the wrapper script:
5. Get the overview again
If you want to get a more detailed overview of the options provided for building the project on your machine, please refer to building the project.
For debug infos add "-v" e.g.:
Explore the components of the SSI Kit and their functionality:
DID related operations, like registering, updating and deactivating DIDs. For more info on DIDs, go here.
Commands:
Create DID - using create command.
Resolve DID - using resolve command.
List DIDs - using list command.
Import DID to custodian store - using import command.
Delete DID from custodian - using delete command.
All commands have the help option available:
<your-command> -h
<your-command> --help
E.g. did create -h
Creates a DID document using did create [options]
command based on the corresponding SSI ecosystem (DID method). Optionally the associated asymmetric key is also created.
-m, --did-method [key | web | ebsi | iota | jwk | cheqd]
- Specify DID method [key], Supported DID methods are: "key", "web", "ebsi", "iota", "jwk"
-k, --key TEXT
- Specific key (ID or alias)
-d, --domain TEXT
- Domain for did:web
-p, --path TEXT
- Path for did:web
-v, --version INT
- Version of did:ebsi. Allowed values: 1 (default), 2
-n, --network [testnet | mainnet]
- cheqd network, default is testnet
-j, --useJwkJcsPub
- specifies whether to create a did:key using the jwk_jcs-pub multicodec (code: 0xeb51)
The returned value represents the DID document.
E.g. did create -m ebsi -k 8a2c3628acdd45999b4c0b5a69911437
IOTA support
For creating IOTA DIDs and registering them on the IOTA tangle, a wrapper library needs to be installed and available in the local library path.
The wrapper library is included in the SSIKit Docker image, such that for Docker users no additional setup is required.
CLI users can find instructions for build and SSIKit integration at:
Resolves the DID document.
Options:
-d, --did TEXT DID to be resolved
-r, --raw / -t, --typed
-w, --write
List all created DIDs using did list
command
Import DID to custodian store using did import [options]
command
-k, --key-id TEXT
- Specify key ID for imported did, if left empty, only public key will be imported
-f, --file TEXT
- Load the DID document from the given file
-d, --did TEXT
- Try to resolve DID document for the given DID
Use the delete
command to delete a DID:
did delete <your did>
E.g. did delete -d "did:ebsi:zs79GYJvzEnQYxkAAj4UX1j"
Key management functions like generation, listing, export/import, and deletion.
SSI-Kit CLI key management commands can be accessed with the key
command. It provides the following functionality:
Generate key - using gen command
List keys - using list command
Import key - using import command
Export key - using export command
Delete key - using delete command
All commands have the help option available:
<your-command> -h
or <your-command> --help
E.g. key gen -h
Use the gen
command to create asymmetric key pair by the specified algorithm. Supported algorithms are:
RSA:
key gen -a RSA
or key gen --algorithm RSA
ECDSA Secp256k1:
key gen -a Secp256k1
or key gen --algorithm Secp256k1
EdDSA Ed25519 (default)
key gen
or key gen -a Ed25519
or key gen --algorithm Ed25519
The returned value represents the keyId
of the newly created key.
E.g. key gen -a Secp256k1
Use the list
command to list all keys in the key store:
key list
It will output the following fields:
key index - index within the list
keyId - key identification number
key algorithm - algorithm used to create the key
crypto service - the cryptographic service used to create the key
Use the import
command to import a key in JWK or PEM format:
key import <your-key-file-path>
JWK - based on the JWK key ID and key material, an internal key object will be created and placed in the corresponding key store
PEM - if there's no key ID in the PEM file (which is usually the case), a random key ID will be generated and, based on the key material, an internal key object will be created and placed in the corresponding key store. PEM files must have the file extension 'pem':
RSA keys - file should contain either the private key or private and public keys concatenated with a 'new line' character
Ed25519, Secp256k1 - file should contain both private and public keys concatenated with a 'new line' character
E.g.
Ed25519 JWK public key
key import ./ed25519jwk.json
Secp256k1 PEM key
key import ./secp256k1.pem
Use the export
command to export a specified key type with the specified id and format.
Available key type:
public (default):
key export <your-key-id>
or key export <your-key-id> --pub
private:
key export <your-key-id> --priv
Available export formats:
JWK (default):
key export <your-key-id>
or key export <your-key-id> -f JWK
or key export <your-key-id> --key-format JWK
PEM:
key export <your-key-id> -f PEM
key export <your-key-id> --key-format PEM
The output will display the exported key in the specified format.
E.g.
key export 17592087c6f04c358b9b813dbe2ef027 --pub -f PEM
key export 17592087c6f04c358b9b813dbe2ef027 --pub
key export 17592087c6f04c358b9b813dbe2ef027 --priv -f PEM
key export 17592087c6f04c358b9b813dbe2ef027 --priv
Use the delete
command to delete a key with the specified ID:
key delete <your-key-id>
E.g. key delete 17592087c6f04c358b9b813dbe2ef027
VC related operations like issuing, verifying and revoking VCs.
Commands:
All commands have the help option available:
<your-command> -h
or <your-command> --help
E.g. vc issue -h
Use the issue
command to issue a W3C Verifiable Credential with either a JWT or a JSON_LD signature.
options:
-i, --issuer-did TEXT
DID of the issuer (associated with signing key). [Required]
-s, --subject-did TEXT
DID of the VC subject (receiver of VC). [Required]
-v, --issuer-verification-method TEXT
KeyId of the issuers' signing key
-y, --proof-type [JWT|LD_PROOF]
Proof type to be used [LD_PROOF]
-p, --proof-purpose TEXT
Proof purpose to be used [assertion]
--interactive
Interactively prompt for VC data to fill in
--ld-signature, --ld-sig \[Ed25519Signature2018|Ed25519Signature2020|EcdsaSecp256k1Signature2019|RsaSignature2018|JsonWebSignature2020|JcsEd25519Signature2020]
--ecosystem \[DEFAULT|ESSIF|GAIAX|IOTA]
Specify ecosystem, for specific defaults of issuing parameters
--statusType \[StatusList2021Entry|SimpleCredentialStatus2022]
specify the credentialStatus type
e.g.
vc issue -t OpenBadgeCredential -s did:key:z6MkpuUYdpaZPcpnEWnkE8vb7s2u2geTZJden1BwGXsdFUz3 -i did:ebsi:zZ5apnsHPUXNqjWELjNZhYW
, returns a credential document (JSON format)
Use present command to present a VC or VP to a verifier.
-i, --holder-did TEXT
DID of the holder (owner of the VC)
-v, --verifier-did TEXT
DID of the verifier (recipient of the VP)
-d, --domain TEXT
Domain name to be used in the LD proof
-c, --challenge TEXT
Challenge to be used in the LD proof
use verify command to verify
To see available verification policies, use vc policies
command
Import VC to custodian store
Learn about VC template related functions like the listing and exporting of templates, as well as how to create/import your own custom VC template.
list
List VC Templates.
vc template list
result
export <template-name>
Export VC Template.
Options:
-n, --name <Name>
Name of the template
e.g. vc templates export --name VerifiableId
import <customCredentialPath.json>
Options:
-n, --name <Name>
Name of the template
Arguments:
credential path
the last argument of the command references the path to the custom credential, which should be imported
e.g vc templates import -n MyCustomCredential custom.json
custom.json
Output of the command
list
VCs saved in the custodian store
e.g. vc list
VC related operations like issuing, verifying and revoking VCs. If you're new to VCs, check out the for an overview.
- using issue command
- using present command
- using verify command
- using policies command
- using import command
- using templates command
- using list command
-t, --template TEXT
specify the VC template. To create your own template, have a look [Required]
-p, --policy VALUE
Verification policy. Can be specified multiple times. By default, SignaturePolicy is used. For more details on how to specify the policies, refer to .