Key Series Revocation

A client can revoke any existing key series in a DID with did_revoke operation by specifying the ID of the revoked key series. Similar to did_add, this operation requires another active key series to sign and verify its HTTP request.

A private-public key pair is always required to sign and verify a request. Hence, every DID must always have at least one active key series.

A key series cannot be used to revoke itself.

delete
did_revoke

https://test-network.finema.co/did/<did_address>/key/<key_id>
Request
Response
Request
Body Parameters
operation
required
string
The method's name that is "did_revoke".
did_address
required
string
The DID address.
current_key
required
string
The current public key in the series. It is used to verify the request's signature.
next_key_hash
required
string
The SHA-256 hash of the next public key in the series.
key_id
required
string
The ID of the revoked key series.
nonce
required
number
The request nonce.
Response
200: OK
The operation name, DID address (<did_address>) and the ID of the revoked key series will be given as
{
"operation": "did_revoke",
"did_address": "did:idin:afb7ba88c76edbda55c344b70ae0cf0556d770ec256820d7185000de395391b5",
"key_id": "f975e5f2e4a06fced2d65bd59e12c33c901814555b026264b8377ace79cee60a"
}
422: Unprocessable Entity
{
"errors": [
{
"status": 422,
"title": "Invalid Attribute",
"detail": "the server cannot process the request",
}
]
}

Example Message and Request

{
"operation": "did_revoke",
"did_address": "did:idin:afb7ba88c76edbda55c344b70ae0cf0556d770ec256820d7185000de395391b5",
"current_key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEA2UzvDva55MhIv8PY/OZ8kThIzxR\nQrDpv1f67ZrzADKLpQj47qE2VlQMTgTpMx/4BnEhzDJXnzxZz66s7Gke9A==\n-----END PUBLIC KEY-----",
"next_key_hash": "18c87792d69ad938b3dde8346628363807735a8d1644c5750aad35d2e153d580",
"key_id": "f975e5f2e4a06fced2d65bd59e12c33c901814555b026264b8377ace79cee60a",
"nonce": 2
}

The above message can then be encoded in Base64 and signed with ECDSA to obtain the following HTTP request

{
"message": "eyJrZXlfaWQiOiAiZjk3NWU1ZjJlNGEwNmZjZWQyZDY1YmQ1OWUxMmMzM2M5MDE4MTQ1NTViMDI2MjY0YjgzNzdhY2U3OWNlZTYwYSIsICJjdXJyZW50X2tleSI6ICItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFQTJVenZEdmE1NU1oSXY4UFkvT1o4a1RoSXp4UlxuUXJEcHYxZjY3WnJ6QURLTHBRajQ3cUUyVmxRTVRnVHBNeC80Qm5FaHpESlhuenhaejY2czdHa2U5QT09XG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0iLCAibmV4dF9rZXlfaGFzaCI6ICIxOGM4Nzc5MmQ2OWFkOTM4YjNkZGU4MzQ2NjI4MzYzODA3NzM1YThkMTY0NGM1NzUwYWFkMzVkMmUxNTNkNTgwIiwgIm9wZXJhdGlvbiI6ICJkaWRfcmV2b2tlIiwgImRpZF9hZGRyZXNzIjogImRpZDppZGluOmFmYjdiYTg4Yzc2ZWRiZGE1NWMzNDRiNzBhZTBjZjA1NTZkNzcwZWMyNTY4MjBkNzE4NTAwMGRlMzk1MzkxYjUiLCAibm9uY2UiOiAyfQ==",
"signature": "MEUCIQCGnSfpv5RHQwwKM6eyelaGUTNbuvs5dMlr6jQSx3+hWAIgR3aBRhHERxJHmSRW9zyD2Tf5UTCkIxQ/aqURrZh7IN4="
}