Check out the DIDKit documentation here.
DIDKit provides Verifiable Credential and Decentralized Identifier
functionality across different platforms. It was written primarily in Rust due
to Rust's expressive type system, memory safety, simple dependency web, and
suitability across different platforms including embedded systems. DIDKit
embeds the ssi
library, which contains the
core functionality.
In the v0.1 release on January 27th, 2021, DIDKit has not yet undergone a formal security audit and to desired levels of confidence for suitable use in production systems. This implementation is currently suitable for exploratory work and experimentation only. We welcome feedback on the usability, architecture, and security of this implementation and are committed to a conducting a formal audit with a reputable security firm before the v1.0 release.
We are setting up a process to accept contributions. Please feel free to open issues or PRs in the interim, but we cannot merge external changes until this process is in place.
We are also in the process of creating crates.io entries for the DIDKit and SSI packages.
DIDKit is written in Rust. To get Rust, you can use Rustup.
Spruce's ssi library must be cloned alongside the didkit
repository:
$ git clone https://github.com/spruceid/ssi ../ssi --recurse-submodules
Build DIDKit using Cargo:
$ cargo build
That will give you the DIDKit CLI and HTTP server executables located at
target/debug/didkit
and target/debug/didkit-http
, respectively. You can also build and install DIDKit's components separately. Building the FFI libraries will require additional dependencies. See the corresponding readmes linked below for more info.
Both the CLI and HTTP server are containerised and available under
ghcr.io/spruceid/didkit-(cli|http)
.
The image are private for now, so a Personal Access Token is required. Once created you can login like so:
$ docker login ghcr.io -u USERNAME --password-stdin
You can use the images like CLIs:
$ docker run ghcr.io/spruceid/didkit-cli:latest --help
$ docker run --init -p 8080 ghcr.io/spruceid/didkit-http:latest --port 8080
You can pass JWKs either by sharing a volume with
docker run --volume
, or by passing the JWK directly withdocker run -e JWK=$MY_JWK
ordocker run didkit-http --jwk $MY_JWK
.
The Dockerfiles rely on having ssi
in the root of didkit
(a symbolic link will not work unfortunately).
Then the images can be built with:
$ docker build -f Dockerfile-cli . -t didkit-cli
$ docker build -f Dockerfile-http . -t didkit-http
And to use them, replace ghcr.io/spruceid/didkit-(cli|http):latest
with didkit-(cli|http)
.
DIDKit can be used in any of the following ways: