Skip to content

zZHorizonZz/did-key-java

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
.sdkmanrc
.sdkmanrc
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

did-key-java

Java implementation of the did:key DID method.

Handles key generation, DID resolution, signing, verification, and DID Document expansion for all key types in the spec.

Built on did-common-java for W3C DID data model types (DID, DIDDocument, VerificationMethod). Uses BouncyCastle for crypto operations and copper-multibase/copper-multicodec for multibase/multicodec encoding.

Inspired by did-key.rs.

Supported key types

Algorithm Multicodec Fingerprint prefix Key length
Ed25519 0xed z6Mk 32 bytes
X25519 0xec z6LS 32 bytes
P-256 0x1200 zDn 33 bytes (compressed)
P-384 0x1201 z82 49 bytes (compressed)
secp256k1 0xe7 zQ3s 33 bytes (compressed)

Installation

Add the dependency and required repositories:

<dependency>
    <groupId>dev.gitni</groupId>
    <artifactId>did-key-java</artifactId>
    <version>0.1.1</version>
</dependency>
<repositories>
    <repository>
        <id>github</id>
        <url>https://maven.pkg.github.com/zZHorizonZz/did-key-java</url>
    </repository>
    <repository>
        <id>danubetech</id>
        <url>https://repo.danubetech.com/repository/maven-public/</url>
    </repository>
</repositories>

Usage

// Generate a random key pair
DidKeyPair kp = DidKey.generate(DidKey.ED25519);
DID did = kp.did(); // did:key:z6Mk...

// Deterministic from a 32-byte seed
DidKeyPair kp = DidKey.generate(DidKey.ED25519, seed);

// Resolve a did:key URI (public key only, can verify but not sign)
DidKeyPair resolved = DidKey.resolve("did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK");

// Sign and verify
byte[] signature = kp.sign(message);
resolved.verify(message, signature);

// DID Document (from did-common-java)
DIDDocument doc = kp.document();

// JCA KeyPair for standard Java crypto APIs
kp.keyPair().getPublic();
kp.keyPair().getPrivate(); // null for resolved (public-only) pairs

Architecture

The public API is three types in dev.gitni.did:

  • DidKey - entry point (generate, resolve, fromPublicKey)
  • DidKeyPair - interface returned by all operations
  • DidKeyProvider - SPI for pluggable key types via java.util.ServiceLoader

DID data model types (DID, DIDDocument, VerificationMethod) come from did-common-java.

Implementations live in dev.gitni.did.impl (not exported by the JPMS module).

To add a custom key type, implement DidKeyProvider and register it in META-INF/services/dev.gitni.did.DidKeyProvider or in your module-info.java.

JPMS

module your.module {
    requires dev.gitni.did;
}

Building

sdk env
mvn clean verify

Requires Java 25+ and Maven 3.9+.

Spec compliance

Follows the did:key Method v0.9 (W3C CCG Draft):

  • Identifier syntax with both base58btc (z) and base64url (u) multibase encodings
  • Key pair generation from seed or random
  • DID Document expansion with Multikey verification method type
  • All five key types from the spec's multicodec table
  • Public key length and curve point validation

Update and Deactivate aren't supported - the spec defines did:key as purely generative.

Resources

Contributing

Contributions are welcome. Please open an issue to discuss before submitting a PR.

License

Apache License 2.0

About

Java implementation of the did:key DID method key generation, resolution, signing, and DID Document expansion

Topics

java cryptography w3c did decentralized-identity verifiable-credentials decentralized-identifiers did-key

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 2

v0.1.1 Latest
Apr 10, 2026
+ 1 release

Packages

 
 
 

Contributors

Languages