# DID数字身份合约 随着互联网的快速发展,数字身份已成为日常生活中不可或缺的一部分。然而,传统的数字身份管理方式存在诸多问题,如中心化存储、隐私泄露、数据滥用等。区块链技术作为一种去中心化、可信、不可篡改的技术,具有解决这些问题的潜力。 分布式数字身份( Decentralized Identifiers,简称DID)是一个基于区块链技术的数字身份解决方案,旨在为用户提供更安全、去中心化的身份管理体验。DID合约通过将用户的身份信息与其对应的数字凭证关联,使得用户能够在不泄露隐私的前提下进行身份验证。 DID合约具有以下功能: 1. **创建和管理DID**:用户可以通过DID合约创建和管理自己的数字身份。每个DID都是唯一的,与用户的身份信息关联。 2. **验证身份**:DID合约支持多种验证,如VC验证、VP验证,确保用户身份的安全性。 3. **颁发和吊销凭证**:用户可以通过DID合约发布和吊销与其身份关联的数字凭证。 4. **授权和共享**:用户可以通过DID合约控制其身份信息的访问和共享,确保数据的隐私性和安全性。 DID合约适用于以下场景: 1. **身份验证**:用户可以在各类应用中使用DID进行身份验证,如登录、支付等。 2. **数字证书**:用户可以将学历、职业资格等证书上链,实现数字化、可信的证书验证。 3. **金融服务**:用户可以使用DID进行KYC(了解你的客户)验证,简化金融服务的身份认证流程。 4. **数据共享**:用户可以将自己的数据与DID关联,实现数据的安全共享。 ## 合约标准 DID合约中的核心数据对象包括:DID文档、可验证凭证VC和可验证呈现VP,以及相关的证明Proof,VC模板VcTemplate。 这些数据结构都定义在:[这里](https://git.chainmaker.org.cn/chainmaker/contract-utils/-/blob/develop/standard/CMDID.go) 主要合约接口参考: [长安链CMDID(CM-CS-231201-DID)数字身份合约标准](https://git.chainmaker.org.cn/contracts/standard/-/blob/master/living/CM-CS-231201-DID.md) DID合约源码参考:[https://git.chainmaker.org.cn/contracts/contracts-go/-/tree/chainweaver_v0.1/standard-did](https://git.chainmaker.org.cn/contracts/contracts-go/-/tree/chainweaver_v0.1/standard-did) ## 调用示例 在cmc命令行下,可以快速安装、调用和查询该DID合约,其中DID文档、VC、VP的生成由对应的DID服务或钱包生成。使用示例如下: ### 安装合约 ```sh echo "create DOCKER_GO DID contract" ./cmc client contract user create \ --contract-name=DID \ --runtime-type=DOCKER_GO \ --byte-code-path=./did.7z \ --version=1.0 \ --sdk-conf-path=../config/sdk_config.yml \ --admin-key-file-paths=../config/node1/admin/admin1/admin1.key,../config/node2/admin/admin2/admin2.key,../config/node3/admin/admin3/admin3.key \ --gas-limit=999999999 \ --sync-result=true \ --params='{"didDocument":"{\"@context\":\"https://www.w3.org/ns/did/v1\",\"id\":\"did:cnbn:7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe\",\"controller\":[\"did:cnbn:7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe\"],\"verificationMethod\":[{\"id\":\"did:cnbn:7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe#keys-1\",\"publicKeyPem\":\"-----BEGIN PUBLIC KEY-----\\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBtUSf7SDTxemXSHKgIrblrzQM2xx\\n3mqoAA4vDTYm3txZ5lfnAB7DBGyAX5Qbap9QLcCrcCN56WGO5iGYN7Splg==\\n-----END PUBLIC KEY-----\\n\",\"controller\":\"did:cnbn:7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe\",\"address\":\"7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe\"}],\"authentication\":[\"did:cnbn:7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe#keys-1\"],\"proof\":{\"type\":\"SM2Signature\",\"created\":\"2023-01-01T00:00:00Z\",\"proofPurpose\":\"verificationMethod\",\"verificationMethod\":\"did:cnbn:7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe#keys-1\",\"proofValue\":\"MEUCIQDnzPad6d/PaEKJCW5OAZNuuY036+9OvcouQgSA7vlENQIgdoxpu3ZI/VKeBBGkPuiT+O6C3794sQCYD433b9qLDp0=\"}}"}' ``` ### 升级合约 ```sh # Upgrade contract echo "Upgrade DOCKER_GO DID contract" ./cmc client contract user upgrade \ --contract-name=DID \ --runtime-type=DOCKER_GO \ --byte-code-path=./did.7z \ --version=2.0 \ --sdk-conf-path=../config/sdk_config.yml \ --admin-key-file-paths=../config/node1/admin/admin1/admin1.key,../config/node2/admin/admin2/admin2.key,../config/node3/admin/admin3/admin3.key \ --gas-limit=999999999 \ --sync-result=true ``` ### 查询DID ```sh echo "根据地址查询某个用户的DID" ./cmc client contract user get \ --contract-name=DID \ --method=GetDidByAddress \ --sdk-conf-path=../config/sdk_config.yml \ --result-to-string=true \ --params='{"address":"7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe"}' echo "根据公钥查询某个用户的DID" ./cmc client contract user get \ --contract-name=DID \ --method=GetDidByPubkey \ --sdk-conf-path=../config/sdk_config.yml \ --result-to-string=true \ --params='{"pubKey":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBtUSf7SDTxemXSHKgIrblrzQM2xx\n3mqoAA4vDTYm3txZ5lfnAB7DBGyAX5Qbap9QLcCrcCN56WGO5iGYN7Splg==\n-----END PUBLIC KEY-----\n"}' ``` ### 添加DID文档 ```bash echo "添加新的DID文档到链上" ./cmc client contract user invoke \ --contract-name=DID \ --method=AddDidDocument \ --sdk-conf-path=../config/sdk_config.yml \ --sync-result=true \ --gas-limit=99999999 \ --result-to-string=true \ --params='{"didDocument":"{\"@context\":\"https://www.w3.org/ns/did/v1\",\"id\":\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7\",\"controller\":[\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7\"],\"verificationMethod\":[{\"id\":\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7#keys-1\",\"publicKeyPem\":\"-----BEGIN PUBLIC KEY-----\\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhTNgKCYa5QCmchf3hCNX8e0Xz0gU\\nbVQ6r0bg47GA+zbHqPdDRx6ZZ0LuVK6Ojc2Td4NcO4udLsaTOV9R+4QZFw==\\n-----END PUBLIC KEY-----\\n\",\"controller\":\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7\",\"address\":\"5eb4e668952dcef3018a5bc03ca9517eff1cbfa7\"}],\"authentication\":[\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7#keys-1\"],\"proof\":{\"type\":\"SM2Signature\",\"created\":\"2023-01-01T00:00:00Z\",\"proofPurpose\":\"verificationMethod\",\"verificationMethod\":\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7#keys-1\",\"proofValue\":\"MEUCIQDqWhbQtdSCXF5tgal3cwbZOatcLMrtrHHiSqLF5k6zIQIgIAE684MAIbLbjr6MnzkH8kdhBo6jOgYkC8SjxE4KbGA=\"}}"}' ``` ### 颁证机构操作 ```bash echo "设置Issuer" ./cmc client contract user invoke \ --contract-name=DID \ --method=AddDidDocument \ --sdk-conf-path=../config/sdk_config.yml \ --sync-result=true \ --gas-limit=99999999 \ --result-to-string=true \ --params='{"didDocument":"{\"@context\":\"https://www.w3.org/ns/did/v1\",\"id\":\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a\",\"controller\":[\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a\"],\"verificationMethod\":[{\"id\":\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a#keys-1\",\"publicKeyPem\":\"-----BEGIN PUBLIC KEY-----\\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEH9bprLppfniFZHUcoPlco1PZg6iT\\nqTlk16kPVvXuNwhEWhCBnBAl0aDIHDZx2UTvZrH0Wn9QYJSPIJvUUepZsw==\\n-----END PUBLIC KEY-----\\n\",\"controller\":\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a\",\"address\":\"eadf82170c8d6f2ea9349f921be50967ba62b18a\"}],\"service\":[{\"id\":\"http://issuer.cnbn.org.cn\",\"type\":\"IssuerService\",\"serviceEndpoint\":\"http://issuer.cnbn.org.cn\"}],\"authentication\":[\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a#keys-1\"],\"proof\":{\"type\":\"SM2Signature\",\"created\":\"2023-01-01T00:00:00Z\",\"proofPurpose\":\"verificationMethod\",\"verificationMethod\":\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a#keys-1\",\"proofValue\":\"MEUCIQDT6ChI/e1M6uPjWJKO6MXBMUg1le5zawQCAflFLc8ykgIgbxZuameFanyI7OLdwOYj+3S4WnhN+rl1cDhIB01D3H8=\"}}"}' ./cmc client contract user invoke \ --contract-name=DID \ --method=AddTrustIssuer \ --sdk-conf-path=../config/sdk_config.yml \ --sync-result=true \ --gas-limit=99999999 \ --result-to-string=true \ --params='{"did":"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a"}' echo "添加实名认证模板" ./cmc client contract user invoke \ --contract-name=DID \ --method=SetVcTemplate \ --sdk-conf-path=../config/sdk_config.yml \ --sync-result=true \ --gas-limit=99999999 \ --result-to-string=true \ --params='{"id":"1","name":"个人实名认证","version":"v1.0","template":"{\"$schema\":\"http://json-schema.org/draft-07/schema#\",\"type\":\"object\",\"properties\":{\"name\":{\"type\":\"string\"},\"idNumber\":{\"type\":\"string\"},\"phoneNumber\":{\"type\":\"string\"}},\"required\":[\"name\",\"idNumber\",\"phoneNumber\"],\"additionalProperties\":true}"}' ``` ### DID有效性验证 ```bash echo "验证DID有效性" ./cmc client contract user get \ --contract-name=DID \ --method=GetDidDocument \ --sdk-conf-path=../config/sdk_config.yml \ --result-to-string=true \ --params='{"did":"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a"}' ./cmc client contract user get \ --contract-name=DID \ --method=IsValidDid \ --sdk-conf-path=../config/sdk_config.yml \ --result-to-string=true \ --params='{"did":"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a"}' echo "验证VC(admin3给admin2颁发的实名认证)" ./cmc client contract user get \ --contract-name=DID \ --method=VerifyVc \ --sdk-conf-path=../config/sdk_config.yml \ --result-to-string=true \ --params='{"vcJson":"{\"@context\":[\"https://www.w3.org/2018/credentials/v1\",\"https://www.w3.org/2018/credentials/examples/v1\"],\"id\":\"https://example.com/credentials/123\",\"type\":[\"VerifiableCredential\",\"IdentityCredential\"],\"issuer\":\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a\",\"issuanceDate\":\"2023-01-01T00:00:00Z\",\"expirationDate\":\"2042-01-01T00:00:00Z\",\"credentialSubject\":{\"id\":\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7\",\"idNumber\":\"511112188501010001\",\"name\":\"Devin\",\"phoneNumber\":\"13811888888\"},\"template\":{\"id\":\"1\",\"name\":\"个人实名认证\",\"version\":\"1.0\"},\"proof\":{\"type\":\"SM2Signature\",\"created\":\"2023-01-01T00:00:00Z\",\"proofPurpose\":\"assertionMethod\",\"verificationMethod\":\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a#keys-1\",\"proofValue\":\"MEUCIQCNZ7sSa4vcC03HYVMQdN/B3t1e25fnB3H6L77s3eGUZgIgHhFn84qtg/meCNNjDQKz+X/WUWKJSBmNK/b4ZIlytnM=\"}}"}' echo "验证VP" ./cmc client contract user get \ --contract-name=DID \ --method=VerifyVp \ --sdk-conf-path=../config/sdk_config.yml \ --result-to-string=true \ --params='{"vpJson":"{\"@context\":[\"https://www.w3.org/2018/credentials/v1\",\"https://www.w3.org/2018/credentials/examples/v1\"],\"type\":\"VerifiablePresentation\",\"id\":\"https://example.com/presentations/123\",\"verifiableCredential\":[{\"@context\":[\"https://www.w3.org/2018/credentials/v1\",\"https://www.w3.org/2018/credentials/examples/v1\"],\"id\":\"https://example.com/credentials/123\",\"type\":[\"VerifiableCredential\",\"IdentityCredential\"],\"issuer\":\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a\",\"issuanceDate\":\"2023-01-01T00:00:00Z\",\"expirationDate\":\"2042-01-01T00:00:00Z\",\"credentialSubject\":{\"id\":\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7\",\"idNumber\":\"511112188501010001\",\"name\":\"Devin\",\"phoneNumber\":\"13811888888\"},\"template\":{\"id\":\"1\",\"name\":\"个人实名认证\",\"version\":\"1.0\"},\"proof\":{\"type\":\"SM2Signature\",\"created\":\"2023-01-01T00:00:00Z\",\"proofPurpose\":\"assertionMethod\",\"verificationMethod\":\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a#keys-1\",\"proofValue\":\"MEUCIQCNZ7sSa4vcC03HYVMQdN/B3t1e25fnB3H6L77s3eGUZgIgHhFn84qtg/meCNNjDQKz+X/WUWKJSBmNK/b4ZIlytnM=\"}}],\"presentationUsage\":\"租房\",\"expirationDate\":\"2024-01-01T00:00:00Z\",\"verifier\":\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1fa7\",\"proof\":{\"type\":\"SM2Signature\",\"created\":\"2023-01-01T00:00:00Z\",\"proofPurpose\":\"authentication\",\"challenge\":\"123\",\"verificationMethod\":\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7#keys-1\",\"proofValue\":\"MEUCIFmfSg6HEOzECmh6svzRMddEiqY16C9GNCtMG72Yw1/lAiEA3SmYgypj3F9TodrVUN3t45xtv3jU7FfS56dYiwY5Sdk=\"}}"}' ``` ### 代理委托 ```bash echo "设置代理" ./cmc client contract user invoke \ --contract-name=DID \ --method=Delegate \ --sdk-conf-path=../config/sdk_config.yml \ --sync-result=true \ --gas-limit=99999999 \ --result-to-string=true \ --params='{"delegateeDid":"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7","resource":"https://www.w3.org/2018/credentials/examples/v1","action":"sign"}' echo "查询代理" ./cmc client contract user get \ --contract-name=DID \ --method=GetDelegateList \ --sdk-conf-path=../config/sdk_config.yml \ --result-to-string=true \ --params='{"delegatorDid":"did:cnbn:7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe","delegateeDid":"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7"}' ```