-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add cookbook recipe how to generate keys (#223)
* feat: add cookbook recipe how to generate keys (taken from the workshop section) * fix broken test * run prettier * try to fix test * prettier * try to fix test * prettier * add more explanations about derivation pathes * feat: updating to match sporran and updating naming throughout to match * lint: updating the linting * feat: removal of the mention of light did * feat: adding remarks and suggestions for better text * Update docs/develop/01_sdk/02_cookbook/01_dids/00_generate_keys.md Co-authored-by: Albrecht <[email protected]> --------- Co-authored-by: dudleyneedham <[email protected]> Co-authored-by: Skedley <[email protected]> Co-authored-by: Albrecht <[email protected]>
- Loading branch information
1 parent
1e66b46
commit 827222a
Showing
9 changed files
with
184 additions
and
67 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
59 changes: 59 additions & 0 deletions
59
code_examples/sdk_examples/src/core_features/did/00_generate_did_keys.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
import * as Kilt from '@kiltprotocol/sdk-js' | ||
|
||
import { | ||
blake2AsU8a, | ||
keyExtractPath, | ||
keyFromPath, | ||
mnemonicGenerate, | ||
mnemonicToMiniSecret, | ||
sr25519PairFromSeed | ||
} from '@polkadot/util-crypto' | ||
|
||
// Because there is no first-class support for this class of keys, | ||
// we need to use a workaround to generate a key we can use for encryption/decryption. | ||
function generateKeyAgreement(mnemonic: string): Kilt.KiltEncryptionKeypair { | ||
const secretKeyPair = sr25519PairFromSeed(mnemonicToMiniSecret(mnemonic)) | ||
const { path } = keyExtractPath('//did//keyAgreement//0') | ||
const { secretKey } = keyFromPath(secretKeyPair, path, 'sr25519') | ||
return Kilt.Utils.Crypto.makeEncryptionKeypairFromSeed(blake2AsU8a(secretKey)) | ||
} | ||
|
||
export function generateKeypairs(mnemonic = mnemonicGenerate()): { | ||
authentication: Kilt.KiltKeyringPair & { | ||
type: 'sr25519' | ||
} | ||
keyAgreement: Kilt.KiltEncryptionKeypair | ||
assertionMethod: Kilt.KiltKeyringPair | ||
capabilityDelegation: Kilt.KiltKeyringPair | ||
} { | ||
const account = Kilt.Utils.Crypto.makeKeypairFromSeed( | ||
mnemonicToMiniSecret(mnemonic), | ||
'sr25519' | ||
) | ||
|
||
const authentication = { | ||
...account.derive('//did//0'), | ||
type: 'sr25519' | ||
} as Kilt.KiltKeyringPair & { | ||
type: 'sr25519' | ||
} | ||
|
||
const assertionMethod = { | ||
...account.derive('//did//assertion//0'), | ||
type: 'sr25519' | ||
} as Kilt.KiltKeyringPair | ||
|
||
const capabilityDelegation = { | ||
...account.derive('//did//delegation//0'), | ||
type: 'sr25519' | ||
} as Kilt.KiltKeyringPair | ||
|
||
const keyAgreement = generateKeyAgreement(mnemonic) | ||
|
||
return { | ||
authentication: authentication, | ||
keyAgreement: keyAgreement, | ||
assertionMethod: assertionMethod, | ||
capabilityDelegation: capabilityDelegation | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
75 changes: 50 additions & 25 deletions
75
code_examples/sdk_examples/src/core_features/utils/generateKeypairs.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,35 +1,60 @@ | ||
import { mnemonicGenerate, mnemonicToMiniSecret } from '@polkadot/util-crypto' | ||
|
||
import * as Kilt from '@kiltprotocol/sdk-js' | ||
|
||
import { | ||
blake2AsU8a, | ||
keyExtractPath, | ||
keyFromPath, | ||
mnemonicGenerate, | ||
mnemonicToMiniSecret, | ||
sr25519PairFromSeed | ||
} from '@polkadot/util-crypto' | ||
|
||
// Because there is no first-class support for this class of keys, | ||
// we need to use a workaround to generate a key we can use for encryption/decryption. | ||
function generateKeyAgreement(mnemonic: string): Kilt.KiltEncryptionKeypair { | ||
const secretKeyPair = sr25519PairFromSeed(mnemonicToMiniSecret(mnemonic)) | ||
const { path } = keyExtractPath('//did//keyAgreement//0') | ||
const { secretKey } = keyFromPath(secretKeyPair, path, 'sr25519') | ||
return Kilt.Utils.Crypto.makeEncryptionKeypairFromSeed(blake2AsU8a(secretKey)) | ||
} | ||
|
||
export function generateKeypairs(mnemonic = mnemonicGenerate()): { | ||
authentication: Kilt.KiltKeyringPair & { | ||
type: 'ed25519' | ||
type: 'sr25519' | ||
} | ||
encryption: Kilt.KiltEncryptionKeypair | ||
attestation: Kilt.KiltKeyringPair | ||
delegation: Kilt.KiltKeyringPair | ||
keyAgreement: Kilt.KiltEncryptionKeypair | ||
assertionMethod: Kilt.KiltKeyringPair | ||
capabilityDelegation: Kilt.KiltKeyringPair | ||
} { | ||
const authentication = Kilt.Utils.Crypto.makeKeypairFromSeed( | ||
mnemonicToMiniSecret(mnemonic) | ||
) | ||
const encryption = Kilt.Utils.Crypto.makeEncryptionKeypairFromSeed( | ||
mnemonicToMiniSecret(mnemonic) | ||
) | ||
const attestation = authentication.derive( | ||
'//attestation' | ||
) as Kilt.KiltKeyringPair | ||
const delegation = authentication.derive( | ||
'//delegation' | ||
) as Kilt.KiltKeyringPair | ||
const keyring = new Kilt.Utils.Keyring({ | ||
ss58Format: 38, | ||
type: 'sr25519' | ||
}) | ||
const account = keyring.addFromMnemonic(mnemonic) | ||
|
||
const authentication = { | ||
...account.derive('//did//0'), | ||
type: 'sr25519' | ||
} as Kilt.KiltKeyringPair & { | ||
type: 'sr25519' | ||
} | ||
|
||
const assertionMethod = { | ||
...account.derive('//did//assertion//0'), | ||
type: 'sr25519' | ||
} as Kilt.KiltKeyringPair | ||
|
||
const capabilityDelegation = { | ||
...account.derive('//did//delegation//0'), | ||
type: 'sr25519' | ||
} as Kilt.KiltKeyringPair | ||
|
||
const keyAgreement = generateKeyAgreement(mnemonic) | ||
|
||
return { | ||
authentication, | ||
encryption, | ||
attestation, | ||
delegation | ||
authentication: authentication, | ||
keyAgreement: keyAgreement, | ||
assertionMethod: assertionMethod, | ||
capabilityDelegation: capabilityDelegation | ||
} | ||
} | ||
|
||
// Required for the raw-loader to successfully import this code snippet as text. | ||
export default generateKeypairs |
33 changes: 33 additions & 0 deletions
33
docs/develop/01_sdk/02_cookbook/01_dids/00_generate_keys.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
--- | ||
id: key-generation | ||
title: Generate DID keys | ||
--- | ||
|
||
import TsJsBlock from '@site/src/components/TsJsBlock'; | ||
|
||
import GenerateKeys from '!!raw-loader!@site/code_examples/sdk_examples/src/core_features/did/00_generate_did_keys.ts'; | ||
|
||
Creating a Decentralized Identifier (DID) in the KILT network involves generating keying material for authentication and encryption. | ||
In this guide, we'll demonstrate how to create a set of key pairs suitable for generating a KILT DID. | ||
|
||
Before we proceed, it's important to note that this example assumes the usage of the `@kiltprotocol/sdk-js` library along with the `@polkadot/util-crypto` library for cryptographic operations. | ||
Additionally, we want to emphasize the significance of securely storing keys and the mnemonic seed phrase. | ||
For production use, ensure that private keys are encrypted and stored safely, while also creating a backup of the mnemonic seed phrase. | ||
|
||
In the example provided, we derive different types of keys from a single account using derivation paths. | ||
This approach allows us to generate various key pairs for authentication, key agreement, assertion methods, and capability delegation from one mnemonic seed phrase. | ||
Using derivation paths simplifies key management, ensuring that a single mnemonic seed serves as the basis for multiple keys associated with a DID. | ||
This method improves efficiency while maintaining security. | ||
However, it's essential to handle and store private keys securely to prevent unauthorized access and ensure the overall integrity and privacy of the decentralized identity system. | ||
|
||
Below is an example code snippet illustrating the key pair generation for a KILT DID: | ||
|
||
<TsJsBlock> | ||
{GenerateKeys} | ||
</TsJsBlock> | ||
|
||
:::info | ||
This example doesn't show how to store the keys. | ||
It is recommended to store the keys in a secure manner, e.g. only storing the private keys encrypted on disk. | ||
The mnemonic seed phrase can be used to regenerate the keys, so it is recommended to also store the mnemonic in a secure manner and create a backup of it. | ||
::: |