Skip to main content

Create a Light DID

The creation of a light DID requires the generation of some keying material for keys that are to be used for authentication and encryption. For the sake of ease of use, the example snippets below show how to use keys generated with a Keyring, provided also by the @polkadot/api library, to generate key pairs that are kept in memory and disappear at the end of the program execution, unless saved to some persistent storage.

The following is an example of how to create a light DID after creating an authentication keypair.

import * as Kilt from '@kiltprotocol/sdk-js'

export function createSimpleLightDid({
authentication
}: {
authentication: Kilt.NewLightDidVerificationKey
}): Kilt.DidDocument {
// Create a light DID from the generated authentication key.
const lightDID = Kilt.Did.createLightDidDocument({
authentication: [authentication]
})
console.log(lightDID.uri)

return lightDID
}

For cases in which an encryption key and some services also need to be added to a light DID:

import * as Kilt from '@kiltprotocol/sdk-js'

export function createCompleteLightDid({
authentication,
keyAgreement
}: {
authentication: Kilt.NewLightDidVerificationKey
keyAgreement: Kilt.NewDidEncryptionKey
}): Kilt.DidDocument {
// Example service for the DID.
const service: Kilt.DidServiceEndpoint[] = [
{
id: '#my-service',
type: ['KiltPublishedCredentialCollectionV1'],
serviceEndpoint: ['http://example.domain.org']
}
]

// Create the KILT light DID with the information generated.
const lightDID = Kilt.Did.createLightDidDocument({
authentication: [authentication],
keyAgreement: [keyAgreement],
service
})
console.log(lightDID.uri)

return lightDID
}
info

In KILT, light DIDs are meant to be used in one of two cases:

  1. As ephemeral, one-time identifiers when establishing new communication channels with untrusted parties.
  2. As an entrypoint into the KILT ecosystem, i.e., to obtain one's first credentials and get acquainted with KILT.

As such, light DIDs do not support updates of any sort, but they retain the same identifier until they are upgraded to full DIDs. They are not intended for use in complex and/or high-security use cases. In those situations, a full DID should be used. Visit the next section to see how to create and manage full DIDs.