Key Series Revocation

A client can revoke any existing key series in a DID with did_revoke operation by specifying the ID of the revoked key series. Similar to did_add, this operation requires another active key series to sign and verify its HTTP request.

A private-public key pair is always required to sign and verify a request. Hence, every DID must always have at least one active key series.

A key series cannot be used to revoke itself.

delete
did_revoke

https://test-network.finema.co/did/<did_address>/key/<key_id>
Request
Response
Request
Body Parameters
operation
required
string
The method's name that is "did_revoke".
did_address
required
string
The DID address.
current_key
required
string
The current public key in the series. It is used to verify the request's signature.
next_key_hash
required
string
The SHA-256 hash of the next public key in the series.
revoked_key_id
required
string
The ID of the revoked key series.
nonce
required
number
The request nonce.
Response
200: OK
The operation name, DID address (<did_address>) and the ID of the revoked key series will be given as the response.
{
"operation": "did_revoke",
"did_address": "did:idin:9cd19d4cbab9ca1d6f4c6a4b9117fb8904f250b47307cf4f484424f44e0c8370",
"key_id": "14ef7c1c80554c187435d9f6d647f57ccb1189193ea22f5cf7b77bebbda79ac5"
}
422: Unprocessable Entity
{
"errors": [
{
"status": 422,
"title": "Invalid Attribute",
"detail": "the server cannot process the request",
}
]
}

Example Message and Request

{
"operation": "did_revoke",
"did_address": "did:idin:9cd19d4cbab9ca1d6f4c6a4b9117fb8904f250b47307cf4f484424f44e0c8370",
"current_key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeR8NhQeHPT7l1yMyvkZMacPpibjH\n7mp5IRyO2J2kuE97h/fzu1c/7DFsO23qUN6/OezYglMEkoVo5Ob1b6k53A==\n-----END PUBLIC KEY-----",
"next_key_hash": "a18b790a92683ad00d3562de385ca9e07d20a729809c782e72412f57dd847105"
"revoked_key_id": "14ef7c1c80554c187435d9f6d647f57ccb1189193ea22f5cf7b77bebbda79ac5",
"nonce": 2
}

The above message can then be encoded in Base64 and signed with ECDSA to obtain the following HTTP request

{
"message": "ewogICAgIm9wZXJhdGlvbiI6ICJkaWRfcmVnaXN0ZXJfcmVzZXR0ZXJzIiwKICAgICJkaWRfYWRkcmVzcyI6ICJkaWQ6aWRpbjo5Y2QxOWQ0Y2JhYjljYTFkNmY0YzZhNGI5MTE3ZmI4OTA0ZjI1MGI0NzMwN2NmNGY0ODQ0MjRmNDRlMGM4MzcwIiwKICAgICJjdXJyZW50X2tleSI6ICItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFZVI4TmhRZUhQVDdsMXlNeXZrWk1hY1BwaWJqSFxuN21wNUlSeU8ySjJrdUU5N2gvZnp1MWMvN0RGc08yM3FVTjYvT2V6WWdsTUVrb1ZvNU9iMWI2azUzQT09XG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0iLAogICAgIm5leHRfa2V5X2hhc2giOiAiYTE4Yjc5MGE5MjY4M2FkMDBkMzU2MmRlMzg1Y2E5ZTA3ZDIwYTcyOTgwOWM3ODJlNzI0MTJmNTdkZDg0NzEwNSIKICAgICJub25jZSI6IDEKfQ==",
"signature": "OTI3MzgyNDgzNTQ3NTU5ODMyNTM1NzYwMDc2MTEwNzYwMTUzMjAzMzQ2NzQ5MDU4NzIwMzM4ODUzNjc4OTE2MTI2NzA2NzQyODgyMDcsIDQ1MjE2NzEwMzM3MjI5NjEzOTc3MjYxMzY2MjUwODYxOTA5MzY2MDU1MDg2Mjk0NzEyMDAwMTU3MjU4ODYxNTQ3ODUzNDc3NTY2ODQw"
}