Orb cli DID operation steps

[fqutishat]

Step 1: Download orb cli binary.

• darwin: wget https://github.com/trustbloc/orb/releases/download/v0.1.3/orb-cli-darwin-amd64.tar.gz
• linux: wget https://github.com/trustbloc/orb/releases/download/v0.1.3/orb-cli-linux-arm64.tar.gz

Step 2: extract a tar.

• darwin: tar -zxf orb-cli-darwin-amd64.tar.gz
• linux: tar -zxf orb-cli-linux-amd64.tar.gz

Step 3: create DID public keys

• create file called create_publickeys.json
• copy this content to create_publickeys.json

[
 {
  "id": "key1",
  "type": "Ed25519VerificationKey2018",
  "purposes": ["authentication"],
  "jwkPath": "key1_jwk.json"
 }
]

• create file called key1_jwk.json
• copy this content to key1_jwk.json

{
  "kty":"OKP",
  "crv":"Ed25519",
  "x":"o1bG1U7G3CNbtALMafUiFOq8ODraTyVTmPtRDO1QUWg",
  "y":""
}

Step 4: create DID services

• create file called create_services.json
• copy this content to create_services.json

[
  {
    "id": "svc1",
    "type": "type1",
    "priority": 1,
    "routingKeys": ["key1"],
    "recipientKeys": ["key1"],
    "serviceEndpoint": "http://www.example.com"
  }
]

Step 5: create keypair this key will be used for updatekey

• openssl ecparam -name prime256v1 -genkey -noout -out update_privatekey.pem
• openssl ec -in update_privatekey.pem -pubout -out update_publickey.pem
• you should have two files update_privatekey.pem update_publickey.pem

Step 6: create keypair this key will be used for recoverkey

• openssl ecparam -name prime256v1 -genkey -noout -out recover_privatekey.pem
• openssl ec -in recover_privatekey.pem -pubout -out recover_publickey.pem
• you should have two files recover_privatekey.pem recover_publickey.pem

Step 7: create orb DID

./orb-cli-darwin-amd64 did create --domain=https://orb-1.sandbox.trustbloc.dev --publickey-file=./create_publickeys.json --service-file=./create_services.json --recoverykey-file=./recover_publickey.pem --updatekey-file=./update_publickey.pem --did-anchor-origin=https://orb-1.sandbox.trustbloc.dev --tls-systemcertpool=true --sidetree-write-token=#TOKEN

Note: replace #TOKEN with real token value

Step 7: resolve orb DID

curl https://orb-1.sandbox.trustbloc.dev/sidetree/v1/identifiers/#DID_ID

Note: replace #DID_ID with canonical id

Step 8: create DID public keys for update operation

• create file called update_publickeys.json
• will amend DID public key1 and add two purposes [authentication,capabilityInvocation]
• copy this content to update_publickeys.json

[
 {
  "id": "key1",
  "type": "Ed25519VerificationKey2018",
  "purposes": ["authentication","capabilityInvocation"],
  "jwkPath": "key1_jwk.json"
 }
]

Step 9: create keypair this key will be used for next updatekey

• openssl ecparam -name prime256v1 -genkey -noout -out nextupdate_privatekey.pem
• openssl ec -in nextupdate_privatekey.pem -pubout -out nextupdate_publickey.pem
• you should have two files nextupdate_privatekey.pem nextupdate_publickey.pem

Step 10: update orb DID

./orb-cli-darwin-amd64 did update --domain=https://orb-1.sandbox.trustbloc.dev --did-uri=#DID_ID --add-publickey-file=./update_publickeys.json --signingkey-file=./update_privatekey.pem --nextupdatekey-file=./nextupdate_publickey.pem --tls-systemcertpool=true --sidetree-write-token=#TOKEN

Note: replace #TOKEN with real token value
Note: replace #DID_ID with canonical id

Step 11: resolve orb DID check if authentication,capabilityInvocation are exists

curl https://orb-1.sandbox.trustbloc.dev/sidetree/v1/identifiers/#DID_ID

Note: replace #DID_ID with DID id from response of create did command

Step 12: create DID public keys for recover operation

• create file called recover_publickeys.json
• will replace did key1 with new purposes assertionMethod
• copy this content to recover_publickeys.json

[
 {
  "id": "key1",
  "type": "Ed25519VerificationKey2018",
  "purposes": ["assertionMethod"],
  "jwkPath": "key1_jwk.json"
 }
]

Step 13: create keypair this key will be used for next updatekey

• openssl ecparam -name prime256v1 -genkey -noout -out nextupdate1_privatekey.pem
• openssl ec -in nextupdate1_privatekey.pem -pubout -out nextupdate1_publickey.pem
• you should have two files nextupdate1_privatekey.pem nextupdate1_publickey.pem

Step 14: create keypair this key will be used for next recoverkey

• openssl ecparam -name prime256v1 -genkey -noout -out nextrecover_privatekey.pem
• openssl ec -in nextrecover_privatekey.pem -pubout -out nextrecover_publickey.pem
• you should have two files nextrecover_privatekey.pem nextrecover_publickey.pem

Step 15: recover orb DID

./orb-cli-darwin-amd64 did recover --domain=https://orb-1.sandbox.trustbloc.dev --did-uri=#DID_ID --publickey-file=./recover_publickeys.json --signingkey-file=./recover_privatekey.pem --nextupdatekey-file=./nextupdate1_publickey.pem --nextrecoverkey-file=nextrecover_publickey.pem --tls-systemcertpool=true --did-anchor-origin=https://orb-1.sandbox.trustbloc.dev --sidetree-write-token=#TOKEN 

Note: replace #TOKEN with real token value
Note: replace #DID_ID with canonical id

Step 16: resolve orb DID check if assertionMethod is exist in DID

curl https://orb-1.sandbox.trustbloc.dev/sidetree/v1/identifiers/#DID_ID

Note: replace #DID_ID with canonical id

Step 17: deactivate orb DID

./orb-cli-darwin-amd64 did deactivate --domain=https://orb-1.sandbox.trustbloc.dev --did-uri=#DID_ID --signingkey-file=./nextrecover_privatekey.pem --tls-systemcertpool=true --sidetree-write-token=#TOKEN 

Step 18: resolve orb DID check if did is deactivated

curl https://orb-1.sandbox.trustbloc.dev/sidetree/v1/identifiers/#DID_ID

Note: replace #DID_ID with canonical id