Key DID Method¶
The Key DID Method is a DID method which can be used to authenticate to a Ceramic client to perform writes to streams that rely on DIDs for authentication. The Key DID Method is the most simple DID method. It simply encodes a public key in the DID string, and when resolved converts this public key into a DID Document. Key DID is on the W3C's official DID method registry and is fully compliant with decentralized identity standards. Carefully read the considerations below before deciding to use the Key DID Method in your project.
One key only: The DID Document for a Key DID is explicitly tied to a single crypto key. It can not support multiple keys in the DID document nor can it support key rotation, which means only one key can ever control the DID and it can never be changed in case it is compromised.
For advanced users: For the reasons above, the Key DID Method is only suitable for advanced users who will only want to ever use one keypair to control their DID, and who have strong key security practices - such as a developer - and so generally will not be appropriate for identities for non-technical end users.
Key DID Provider Ed25519¶
Below, find a simplified version of the Key DID Method specification. View the complete W3C specification.
The official method name for the Key DID method is
The DID string for the Key DID Method simply encodes the public key. Example Key DID identifier:
Key DID offers an immutable DID document that is statically generated from any cryptographic key pair. The DID document is not actually stored anywhere since it can always be regenerated from the key pair.
The Key DID Resolver takes a Key DID string and returns a DID Document that includes the key pair.