2. Practical work: Get your own keypair, x509 certificate & create your own DID¶
The first step of the Gaia-X journey starts with either creating (locally), delegating to third party or requesting from a Trust Service Provider, cryptographic material, certificates and Decentralized Identifiers to start issuing verifiable credentials.
This guide is dedicated to only preparing these prerequisites locally, as this is for educational purposes only, a proper use of these resources is highly recommended for any production use, such as wallet use, secure authentication and storage and requesting a certificate from a trusted certificate authority.
2.1 Step 1 : Install or check if already installed openssl¶
Windows (or possibly use Windows Subsystem Linux WSL if installed)
First, check if `openssl` is already installed, it might already be available with Git Bash Otherwise, install using ChocolateyLinux
First, check if `openssl` is already installed Otherwise, install using `apt`, `brew` or `make`2.2 Step 2: Create a keypair (private and public key)¶
In this case we are creating an RSA private key as .PEM in the file private_key.pem
2.3 Step 3: Extract the public key from the private key¶
The public key will be created in .PEM format in public_key.pem
2.4 Step 4: Create a self-signed certificate using the private key¶
This does not include many attributes which are usually present in x509 certificates.
In case you have any errors, try escaping the /
2.5 Step 5: Store the public key in JSON Web Key JWK format¶
If the property alg is missing make sure to add it manually to JWK "alg": "RS256"
2.6 Step 6: Create your DID Document¶
In this workshop we will only use the did as a file stored in a GitHub repository, for obvious reasons this should not be done in production.
The different results of the previous steps should be used here.
You can use GitHub (the url to a raw file in Gitlab is ont compatible with did spec), and add the did.json in the repository of your choosing.
Everything between {} in the values of the json must be replaced by your own values.
The id of the verification can be a unique identifier that will be used in the proof or kid in Verifiable Credentials.
The certificate should also be resolvable, so it should also be pushed to git, and the url to the raw file can be used right away.
{
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3c-ccg.github.io/lds-jws2020/contexts/v1/"
],
"id": "did:web:raw.githubusercontent.com:{Repository Owner}:{Repository}:{branch}",
"verificationMethod": [
{
"id": "did:web:raw.githubusercontent.com:{GitHub Profile Name}:{Repository}:{branch}#{A unique ID for this verification method}",
"type": "JsonWebKey2020",
"publicKeyJwk": {
"kty": "RSA",
"n": "{Replace with your JWK}",
"e": "{Replace with your JWK}",
"alg": "RS256",
"x5u": "https://raw.githubusercontent.com/{GitHub Profile Name}/{Repository}/{branch}/{fileName}.pem"
}
}
],
"assertionMethod": [
"did:web:raw.githubusercontent.com:{GitHub Profile Name}:{Repository}:{branch}#{A unique ID for this verification method}"
]
}
2.6.1 Gaia-X DID resolver¶
To make sure your DID is indeed setup right and is resolvable, make sure to try it with a resolver. Gaia-X provides a DID resolver that can be used like this following example: (for Gaia-X DID) https://resolver.lab.gaia-x.eu/1.0/identifiers/did:web:gaia-x.eu
Note
In case you have some issues, make sure that your repository is public, or try to browse your repository to your DID as raw and check that the url matches the did, using the did specification.