Key Series Revocation

A client can revoke any existing key series in a DID with did_revoke operation by specifying the ID of the revoked key series. Similar to did_add, this operation requires another active key series to sign and verify its HTTP request.

A private-public key pair is always required to sign and verify a request. Hence, every DID must always have at least one active key series.

A key series cannot be used to revoke itself.

did_revoke

DELETE https://test-network.finema.co/did/<did_address>/key/<key_id>

Request Body

Name
Type
Description

operation

string

The method's name that is "did_revoke".

did_address

string

The DID address.

current_key

string

The current public key in the series. It is used to verify the request's signature.

next_key_hash

string

The SHA-256 hash of the next public key in the series.

key_id

string

The ID of the revoked key series.

nonce

number

The request nonce.

{
    "operation": "did_revoke",
    "did_address": "did:idin:afb7ba88c76edbda55c344b70ae0cf0556d770ec256820d7185000de395391b5",
    "key_id": "f975e5f2e4a06fced2d65bd59e12c33c901814555b026264b8377ace79cee60a"
}

Example Message and Request

The above message can then be encoded in Base64 and signed with ECDSA to obtain the following HTTP request

PreviousKey Series AdditionNextResetter Registration

Last updated

Was this helpful?