Overview
@nuwa-ai/identity-kit provides DID creation, resolution, key management, and DIDAuth v1 signing/verification. It supports multiple DID methods (e.g., did:rooch, did:key) and follows NIP-1 (single DID, multi-key) and NIP-2 (DIDAuth v1).
Install
Quick Start
IdentityKit (Static)
bootstrap
Prepare VDR(s) and a KeyManager without creating a DID. Inputs Bootstrap optionsEnvironment with VDRRegistry and KeyManager
fromExistingDID
Resolve a DID and bind an IdentityKit instance to it. InputsDID to resolve (e.g., did:rooch:0x…)
Used for publishing changes and signing
Instance bound to the DID
fromDIDDocument
Create an instance using a known DID Document. InputsPre-resolved DID Document
Signer for publishing
Instance bound to the doc
createNewDID
Create and publish a new DID via registered VDR. InputsDID method (e.g., rooch)
VDR-specific creation payload
Signer for publishing
Optional VDR params
Instance bound to new DID
IdentityEnv
loadDid
Load an existing DID using the environment. InputsDID to load
Defaults to env.keyManager
Instance bound to DID
fromDocument
Bind a known DID Document. InputsKnown DID Document
Defaults to env.keyManager
Instance bound to doc
createDid
Create a DID via the underlying VDR. InputsDID method name
Creation payload
Override signer
VDR-specific options
Instance bound to new DID
IdentityKit (Instance)
addVerificationMethod
Add a verification method to the DID Document and publish. Inputs Key material and metadataOne or more of authentication/assertionMethod/keyAgreement/capabilityInvocation/capabilityDelegation
New verification method id
removeVerificationMethod
Remove a verification method and update relationships. InputsVerification method id to remove
Signing key (capabilityDelegation)
True if removal published
updateVerificationMethodRelationships
Add/remove relationships for an existing key. InputsVerification method id
Relationships to add
Relationships to remove
Override signer
True if update published
addService
Publish a new service entry to the DID Document. Inputs Service definitionSigning key (capabilityInvocation)
Fully qualified service id
removeService
Delete a service by id and publish. InputsService id to remove
Signing key (capabilityInvocation)
True if removal published
getDIDDocument
Return the current DID Document. InputsNo input parameters
Latest resolved DID Document
findServiceByType
Find a service by its type. InputsService type string
Matching service (if any)
findVerificationMethodsByRelationship
List verification methods for a given relationship. InputsRelationship key
Matching verification methods
canSignWithKey
Check if the signer has the private key for keyId. InputsVerification method id
True if signer can sign
getAvailableKeyIds
List available key ids by relationship present in both DID doc and signer. InputsNo input parameters
Map of relationships to key ids
DIDAuth.v1
createSignature
Create a signed object suitable for DIDAuth v1. Inputs Operation payloadSigning interface
Verification method id
Signed object
toAuthorizationHeader
Serialize a signed object into an Authorization header value. InputsSigned object
DIDAuthV1 <base64url(payload)>
verifyAuthHeader
Verify a DIDAuth header string. InputsAuthorization header value
DID resolver
Detailed verification result (ok, error?, errorCode?, signedObject?)
verifySignatureDetailed
Verify a signed object using a resolver or a DID Document. InputsSigned object
Source for public key
Detailed verification result (ok, error?, errorCode?, signedObject?)
verifySignature
Backward compatible boolean verification. InputsSigned object
Source for public key
True if signature is valid