Skip to content

nuts-foundation/go-didx509-toolkit

Repository files navigation

Golang did:x509 and X509Credential Toolkit

Maintainability Test Coverage

Description

This is a Golang-based toolkit for creating did:x509 DIDs and X509Credentials. X509Credentials can be used present the identity information contained in the did:x509 DID as Verifiable Credential.

Its original purpose is to create Verifiable Credentials from certificates issued by the UZI certificate chain from the CIBG registry.

Features

Creating did:x509 DIDs

The toolkit creates did:x509 DIDs as specified by https://trustoverip.github.io/tswg-did-x509-method-specification/. It extends this DID method specification by adding support for the san:otherName field in the certificate (required by the CIBG UZI certificate use case).

Issuing X509Credentials

The primary use of this toolkit is self-issuing X509Credentials through a did:x509 DID, backed by an X.509 certificate. To issue an X509Credential, provide the following parameters:

  • certificate_file: the PEM file of the certificate
  • ca_fingerprint_dn: the DN of the certificate in the chain that should be used as ca-fingerprint. It must be one of the intermediate CA or root CAs. If invalid, it prints the DNs of the certificates in the chain.
  • signing_key_file: the unencrypted PEM file of the private key used for signing.
  • credential_subject: the ID of the credential subject, typically a DID.

Usage:

./issuer vc <certificate_file> <signing_key_file> <ca_fingerprint_dn> <credential_subject>

Example:

./issuer vc certificate.pem key.pem "CN=Fake Root CA"  did:web:example.com

Using Docker (given your PEM files are in a directory called certs):

docker run --rm -v "$(pwd)/certs:/certs" nutsfoundation/go-didx509-toolkit:main \
  vc /certs/certificate.pem /certs/key.pem "CN=Fake Root CA" did:web:example.com

Validating X509Credentials

TODO

Limitations

Only RSA keys are supported at the moment.

Contributing

We welcome contributions! To contribute:

  1. Fork the repository.
  2. Create a new branch (git checkout -b feature-branch).
  3. Make your changes.
  4. Commit your changes (git commit -am 'Add new feature').
  5. Push to the branch (git push origin feature-branch).
  6. Create a new Pull Request.

Please ensure your code follows the project's coding conventions and passes all tests.

License

This project is licensed under the GPLv3 License. See the LICENSE file for details.

About

Experimental code to issue VCs based on UZI certificates

Topics

Resources

License

Stars

Watchers

Forks

Languages