This is a Golang-based toolkit for creating did:x509
DIDs and X509Credential
s.
X509Credential
s can be used present the identity information contained in the did:x509
DID as Verifiable Credential.
Its original purpose is to create Verifiable Credentials from certificates issued by the UZI certificate chain from the CIBG registry.
The toolkit creates did:x509
DIDs as specified by https://trustoverip.github.io/tswg-did-x509-method-specification/.
It extends this DID method specification by adding support for the san:otherName
field in the certificate (required by the CIBG UZI certificate use case).
The primary use of this toolkit is self-issuing X509Credential
s through a did:x509
DID, backed by an X.509 certificate.
To issue an X509Credential
, provide the following parameters:
- certificate_file: the PEM file of the certificate
- ca_fingerprint_dn: the DN of the certificate in the chain that should be used as ca-fingerprint. It must be one of the intermediate CA or root CAs. If invalid, it prints the DNs of the certificates in the chain.
- signing_key_file: the unencrypted PEM file of the private key used for signing.
- credential_subject: the ID of the credential subject, typically a DID.
Usage:
./issuer vc <certificate_file> <signing_key_file> <ca_fingerprint_dn> <credential_subject>
Example:
./issuer vc certificate.pem key.pem "CN=Fake Root CA" did:web:example.com
TODO
Only RSA keys are supported at the moment.
We welcome contributions! To contribute:
- Fork the repository.
- Create a new branch (
git checkout -b feature-branch
). - Make your changes.
- Commit your changes (
git commit -am 'Add new feature'
). - Push to the branch (
git push origin feature-branch
). - Create a new Pull Request.
Please ensure your code follows the project's coding conventions and passes all tests.
This project is licensed under the GPLv3 License. See the LICENSE file for details.