Key Series Addition

Once a DID is registered, its owner has the option to add more key series with did_add operation. This operation requires another active key series to sign and verify its HTTP request. In the did_add request, the client must specify the SHA-256 hash of the first public key in the new series must be given.

A new key series cannot be used to sign and verify its own addition.

did_add

POST https://test-network.finema.co/did/<did_address>/key

Request Body

Name	Type	Description
operation	string	The method's name that is "did_add".
did_address	string	The DID address.
current_key	string	The current public key in the series. It is used to verify the request's signature.
next_key_hash	string	The SHA-256 hash of the next public key in the series.
new_key_hash	string	The SHA256 hash of the first public key in the new series.
nonce	number	The request nonce.

Name

Type

Description

operation

string

The method's name that is "did_add".

did_address

string

The DID address.

current_key

string

The current public key in the series. It is used to verify the request's signature.

next_key_hash

string

The SHA-256 hash of the next public key in the series.

new_key_hash

string

The SHA256 hash of the first public key in the new series.

nonce

number

The request nonce.

{
     "operation": "did_add",
     "did_address": "did:idin:afb7ba88c76edbda55c344b70ae0cf0556d770ec256820d7185000de395391b5",
     "key_id": "f975e5f2e4a06fced2d65bd59e12c33c901814555b026264b8377ace79cee60a"
}

{
    "errors": [
        {
           "status": 422,
            "title": "Invalid Attribute",
            "detail": "the server cannot process the request",
        }
    ]
}

Example Message and Request

{
    "operation": "did_add",
    "did_address": "did:idin:afb7ba88c76edbda55c344b70ae0cf0556d770ec256820d7185000de395391b5",
    "current_key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEu7ZonDYYEnCTvPA9H8eM9JxaQGHB\nMzLgxUMo58SXoJKIzt93kQK/bhwdPnFaEfQhiLB5VkOFgn2qKgScdIcXVw==\n-----END PUBLIC KEY-----",
    "next_key_hash": "ccca6c11cfa40f266968f6a71bba495bc73e97d882eb74523784769d43175cd5",
    "new_key_hash": "2a37b9edff78e6c0d5ef90888b29fa649498094a4970a660adcd5e0b3161e66f",
    "nonce": 1
}

The above message can then be encoded in Base64 and signed with ECDSA to obtain the following HTTP request

{
    "message": "eyJuZXdfa2V5X2hhc2giOiAiMmEzN2I5ZWRmZjc4ZTZjMGQ1ZWY5MDg4OGIyOWZhNjQ5NDk4MDk0YTQ5NzBhNjYwYWRjZDVlMGIzMTYxZTY2ZiIsICJjdXJyZW50X2tleSI6ICItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFdTdab25EWVlFbkNUdlBBOUg4ZU05SnhhUUdIQlxuTXpMZ3hVTW81OFNYb0pLSXp0OTNrUUsvYmh3ZFBuRmFFZlFoaUxCNVZrT0ZnbjJxS2dTY2RJY1hWdz09XG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0iLCAibmV4dF9rZXlfaGFzaCI6ICJjY2NhNmMxMWNmYTQwZjI2Njk2OGY2YTcxYmJhNDk1YmM3M2U5N2Q4ODJlYjc0NTIzNzg0NzY5ZDQzMTc1Y2Q1IiwgIm9wZXJhdGlvbiI6ICJkaWRfYWRkIiwgImRpZF9hZGRyZXNzIjogImRpZDppZGluOmFmYjdiYTg4Yzc2ZWRiZGE1NWMzNDRiNzBhZTBjZjA1NTZkNzcwZWMyNTY4MjBkNzE4NTAwMGRlMzk1MzkxYjUiLCAibm9uY2UiOiAxfQ==",
    "signature": "MEUCIQCfZqZodAu7pTgb9xLHdi+DWTrwbCjI4z18RXAQFcXp0AIgf3VyAP86Yr6gMqUiMg97YJRx67ELwlaKFhh9Bolj3cY="
}

PreviousDID Registration NextKey Series Revocation

Last updated 4 years ago