/SSI-SDK-crypto-extensions

SSI SDK Crypto Extensions (BBS+, JWK, RSA, EBSI, KMS & DID methods)

Primary LanguageTypeScriptApache License 2.0Apache-2.0


Sphereon
Sphereon SSI SDK Crypto Extensions


BBS+, RSA, JWK, EBSI DID and key management support

This mono repository, contains packages that add different crypto keys and signature suites as well as different DID methods to the SSI-SDK. The packages are also compatible with Veramo.

Key Management

Plugin Description
Key Manager The Key Manager orchestrates the various implementations of Key Management Systems, using a KeyStore to remember the link between a key reference, its metadata, and the respective key management system that provides the actual cryptographic capabilities. The methods of this plugin are used automatically by other plugins, such as DIDManager, CredentialPlugin, or DIDComm to perform their required cryptographic operations using the managed keys. You will need this version if you want to use BLS/BBS+ keys
Local Key Management System SSI-SDK and Veramo compatible Key Management System that stores keys in a local key store. It has support for RSA, BLS/BBS+ signatures, next to ed25519, es256k1, es256r1
Mnemonic Seed Manager SSI-SDK and Veramo compatible Mnemonic Seed manager. Allows to create and persist Mnemonic Seeds, which you can use to derive keys
Key Utils SSI-SDK and Veramo compatible Key Utility and generation functions
DID Utils SSI-SDK and Veramo compatible DID functions

DID Methods

The below packages can be used both in our SSI-SDK and Veramo. The below packages extend did:key and support did:jwk.

DID methods Description
DIF did:key resolver DIF DID resolver compatible did:key resolver with support for BLS/BBS+, JWK (EBSI natural persons), ed25519, es256k1, es256r1, es384r1, es521r1.
did:key provider SSI-SDK and Veramo compatible did:key provider, allows you to manage keys and DIDs with support for BLS/BBS+, JWK (EBSI natural persons), ed25519, es256k1, es256r1, es384r1, es521r1
DIF did:jwk resolver DIF DID resolver compatible did:jwk resolver with support for ed25519, es256k1, es256r1, RSA keys.
did:jwk provider SSI-SDK and Veramo compatible did:jwk provider, allows you to manage JWK keys and DIDs
DIF did:ebsi resolver DIF DID resolver compatible did:ebsi v1 Legal Entity resolver
did:ebsi provider SSI-SDK and Veramo compatible did:ebsi v1 Legal Entity provider, allows you to manage ebsi v1 keys and DIDs

DID resolution


Note: DID resolution is not part of this SDK. We do provide a Universal DID client you can use in Veramo, simply by using the below code when setting up the Agent:

Using the Universal resolver for all DID methods:

export const agent = createAgent<IDIDManager & CredentialIssuerLD & IKeyManager & IDataStore & IDataStoreORM & IResolver>({
  plugins: [
    // Other plugins
    new DIDResolverPlugin({
      resolver: new UniResolver({ resolveURL: 'https://dev.uniresolver.io/1.0/identifiers' })
    })
  ]
})

Using the Universal resolver for specific DID methods and DID-key:

export const agent = createAgent<IDIDManager & CredentialIssuerLD & IKeyManager & IDataStore & IDataStoreORM & IResolver>({
  plugins: [
    // Other plugins
    new DIDResolverPlugin({
      resolver: new Resolver({
        ...getDidKeyResolver(),
        ...getUniResolver('lto', { resolveUrl: 'https://uniresolver.test.sphereon.io/1.0/identifiers' }),
        ...getUniResolver('factom', { resolveUrl: 'https://dev.uniresolver.io/1.0/identifiers' }),
      }),
    }),
  ]
})

Building and testing

Lerna

This package makes use of Lerna for managing multiple packages. Lerna is a tool that optimizes the workflow around managing multi-package repositories with git and npm / pnpm.

Build

The below command builds all packages for you

pnpm build

Test

The test command runs:

  • jest
  • coverage

You can also run only a single section of these tests, using for example pnpm test:watch.

pnpm test

Utility scripts

There are other utility scripts that help with development.

  • pnpm prettier - runs prettier to fix code style.

Publish

There are scripts that can publish the following versions:

  • latest
  • next
  • unstable
pnpm publish:[version]