Skip to content

Browser extension that displays and verifies decentralized identity information of websites

License

Notifications You must be signed in to change notification settings

identinet/identinet-plugin

Repository files navigation

identinet-plugin

identinet-plugin is a browser extension that displays and verifies decentralized identity information of websites. The extension originated as a did:hack project.

DID Details

Presentation

Installation

Usage

After installation, the extension is added to the list of extensions. Pin the extension to the browser bar so that it is permanently visible.

The availability of a DID document and additional credentials for the website is displayed with the following icons:

  • No DID document available No DID document is available.
  • DID document and credentials available DID and credentials are available, the credentials have been successfully verified.
  • DID document and credentials available but broken DID document incorrect or verification of credentials of failed.

Examples:

How it Works

The extension ..

  1. displays the W3C DID Document that is associated with the visited website, i.e. the DID did:web:<domainname> who's document is stored at https://<domainname>/.well-known/did.json.
  2. retrieves, verifies, and displays a publicly stored W3C Verifiable Presentation that might contain multiple credentials. It's expected that DID did:web:<domainname> issued the presentation and that it's publicly available at https://<domainname>/.well-known/presentation.json.

Create DID and Credentials for Domain

Requirements:

  • didkit CLI
  • Website that's hosted at a custom domain name, e.g. example.com
  • jq

Create did:web DID and issue sample credential:

  1. Generate a key: didkit key generate ed25519 > key.jwk
  2. Generate a DID did:web:<domainname>:
DOMAINNAME="<your domainname>"
DID_WEB="did:web:${DOMAINNAME}"
KEY_ID=$(didkit key to did -k key.jwk | sed -ne 's/^did:key://p')
cat <<EOF | yq > did.json
{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://w3id.org/security/suites/ed25519-2020/v1",
    {
      "publicKeyJwk": {
        "@id": "https://w3id.org/security#publicKeyJwk",
        "@type": "@json"
      }
    }
  ],
  "id": "${DID_WEB}",
  "verificationMethod": [
    {
      "id": "${DID_WEB}#${KEY_ID}",
      "type": "Ed25519VerificationKey2020",
      "controller": "${DID_WEB}",
      "publicKeyJwk": $(yq e 'del(.d)' key.jwk)
    }
  ],
  "authentication": [
    "${DID_WEB}#${KEY_ID}"
  ],
  "assertionMethod": [
    "${DID_WEB}#${KEY_ID}"
  ]
}
EOF
  1. Store and publish did.json in the web server's root directory at path /.well-known/did.json
  2. Verify that the DID is publicly resolveable: didkit did-resolve "${DID_WEB}"
  3. Issue sample credential:
cat > credential.json <<EOF
{
  "@context": ["https://www.w3.org/2018/credentials/v1", "https://w3id.org/security/suites/ed25519-2020/v1"],
  "type": ["VerifiableCredential"],
  "issuer": "${DID_WEB}",
  "issuanceDate": "$(date -u +"%Y-%m-%dT%H:%M:%SZ")",
  "credentialSubject": {
    "id": "${DID_WEB}"
  }
}
EOF

VERIFICATION_METHOD=$(jq -r '.assertionMethod[0]' < did.json)
didkit credential issue -t Ed25519Signature2020 -k key.jwk -p assertionMethod -v "${VERIFICATION_METHOD}" < credential.json > credential_signed.json
didkit credential verify < credential_signed.json
  1. Verify credential: didkit vc-verify-credential < credential_signed.json
  2. Issue presentation:
cat > presentation.json <<EOF
{
  "@context": ["https://www.w3.org/2018/credentials/v1", "https://w3id.org/security/suites/ed25519-2020/v1"],
  "type": ["VerifiablePresentation"],
  "holder": "${DID_WEB}",
  "verifiableCredential": [
$(cat credential_signed.json)
  ]
}
EOF

VERIFICATION_METHOD=$(jq -r '.authentication[0]' < did.json)
didkit presentation issue -t Ed25519Signature2020 -k key.jwk -p authentication -C "${DOMAINNAME}" -d "${DOMAINNAME}" -v "${VERIFICATION_METHOD}" < presentation.json > presentation_signed.json
didkit presentation verify < presentation_signed.json
  1. Verify presentation: didkit vc-verify-presentation < presentation_signed.json
  2. Store and publish presentation_signed.json in the web server's root directory at path /.well-known/presentation.json

Development

Requirements

Dependencies for running the test websites locally:

  • mkcert - Locally-trusted development certificates
    • Perform these steps manually:
    • Install local CA: mkcert -install
    • If needed, manually add the CA to Firefox and Chrome
  • caddy - HTTP server
  • htmlq - Like jq, but for HTML

Steps to start development

  1. Install node modules: just deps
  2. Start extension builder: just build-watch
    • Firefox build directory: .build_firefox
    • Chrome build directory: .build_chrome
  3. Install browser plugin temporarily:
    • Firefox:
      • Open about:debugging and select "This Firefox"
      • Click on "Load Temporary Add-on..." and select manifest.json in the Firefox build directory
      • See more detailed instructions
    • Chrome:
      • Open chrome://extensions/
      • Click on "Load unpacked" and select the Chrome build directory
      • See more detailed instructions
  4. Start website test server: just run-websites
  5. Start preview server: just run-preview
  6. Start development
  7. Manually reload extension by clicking reload (Firefox) or update (Chrome) to include changes

Publish Updates

Use of did:web in the Wild

LikedIn

Linkedin DID Details

Resources