1. DID数字身份合约
随着互联网的快速发展,数字身份已成为日常生活中不可或缺的一部分。然而,传统的数字身份管理方式存在诸多问题,如中心化存储、隐私泄露、数据滥用等。区块链技术作为一种去中心化、可信、不可篡改的技术,具有解决这些问题的潜力。 分布式数字身份( Decentralized Identifiers,简称DID)是一个基于区块链技术的数字身份解决方案,旨在为用户提供更安全、去中心化的身份管理体验。DID合约通过将用户的身份信息与其对应的数字凭证关联,使得用户能够在不泄露隐私的前提下进行身份验证。
DID合约具有以下功能:
创建和管理DID:用户可以通过DID合约创建和管理自己的数字身份。每个DID都是唯一的,与用户的身份信息关联。
验证身份:DID合约支持多种验证,如VC验证、VP验证,确保用户身份的安全性。
颁发和吊销凭证:用户可以通过DID合约发布和吊销与其身份关联的数字凭证。
授权和共享:用户可以通过DID合约控制其身份信息的访问和共享,确保数据的隐私性和安全性。
DID合约适用于以下场景:
身份验证:用户可以在各类应用中使用DID进行身份验证,如登录、支付等。
数字证书:用户可以将学历、职业资格等证书上链,实现数字化、可信的证书验证。
金融服务:用户可以使用DID进行KYC(了解你的客户)验证,简化金融服务的身份认证流程。
数据共享:用户可以将自己的数据与DID关联,实现数据的安全共享。
1.1. 合约标准
DID合约中的核心数据对象包括:DID文档、可验证凭证VC和可验证呈现VP,以及相关的证明Proof,VC模板VcTemplate。 这些数据结构都定义在:这里 主要合约接口参考: 长安链CMDID(CM-CS-231201-DID)数字身份合约标准
DID合约源码参考:https://git.chainmaker.org.cn/contracts/contracts-go/-/tree/chainweaver_v0.1/standard-did
1.2. 调用示例
在cmc命令行下,可以快速安装、调用和查询该DID合约,其中DID文档、VC、VP的生成由对应的DID服务或钱包生成。使用示例如下:
1.2.1. 安装合约
echo "create DOCKER_GO DID contract"
./cmc client contract user create \
--contract-name=DID \
--runtime-type=DOCKER_GO \
--byte-code-path=./did.7z \
--version=1.0 \
--sdk-conf-path=../config/sdk_config.yml \
--admin-key-file-paths=../config/node1/admin/admin1/admin1.key,../config/node2/admin/admin2/admin2.key,../config/node3/admin/admin3/admin3.key \
--gas-limit=999999999 \
--sync-result=true \
--params='{"didDocument":"{\"@context\":\"https://www.w3.org/ns/did/v1\",\"id\":\"did:cnbn:7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe\",\"controller\":[\"did:cnbn:7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe\"],\"verificationMethod\":[{\"id\":\"did:cnbn:7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe#keys-1\",\"publicKeyPem\":\"-----BEGIN PUBLIC KEY-----\\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBtUSf7SDTxemXSHKgIrblrzQM2xx\\n3mqoAA4vDTYm3txZ5lfnAB7DBGyAX5Qbap9QLcCrcCN56WGO5iGYN7Splg==\\n-----END PUBLIC KEY-----\\n\",\"controller\":\"did:cnbn:7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe\",\"address\":\"7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe\"}],\"authentication\":[\"did:cnbn:7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe#keys-1\"],\"proof\":{\"type\":\"SM2Signature\",\"created\":\"2023-01-01T00:00:00Z\",\"proofPurpose\":\"verificationMethod\",\"verificationMethod\":\"did:cnbn:7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe#keys-1\",\"proofValue\":\"MEUCIQDnzPad6d/PaEKJCW5OAZNuuY036+9OvcouQgSA7vlENQIgdoxpu3ZI/VKeBBGkPuiT+O6C3794sQCYD433b9qLDp0=\"}}"}'
1.2.2. 升级合约
# Upgrade contract
echo "Upgrade DOCKER_GO DID contract"
./cmc client contract user upgrade \
--contract-name=DID \
--runtime-type=DOCKER_GO \
--byte-code-path=./did.7z \
--version=2.0 \
--sdk-conf-path=../config/sdk_config.yml \
--admin-key-file-paths=../config/node1/admin/admin1/admin1.key,../config/node2/admin/admin2/admin2.key,../config/node3/admin/admin3/admin3.key \
--gas-limit=999999999 \
--sync-result=true
1.2.3. 查询DID
echo "根据地址查询某个用户的DID"
./cmc client contract user get \
--contract-name=DID \
--method=GetDidByAddress \
--sdk-conf-path=../config/sdk_config.yml \
--result-to-string=true \
--params='{"address":"7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe"}'
echo "根据公钥查询某个用户的DID"
./cmc client contract user get \
--contract-name=DID \
--method=GetDidByPubkey \
--sdk-conf-path=../config/sdk_config.yml \
--result-to-string=true \
--params='{"pubKey":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBtUSf7SDTxemXSHKgIrblrzQM2xx\n3mqoAA4vDTYm3txZ5lfnAB7DBGyAX5Qbap9QLcCrcCN56WGO5iGYN7Splg==\n-----END PUBLIC KEY-----\n"}'
1.2.4. 添加DID文档
echo "添加新的DID文档到链上"
./cmc client contract user invoke \
--contract-name=DID \
--method=AddDidDocument \
--sdk-conf-path=../config/sdk_config.yml \
--sync-result=true \
--gas-limit=99999999 \
--result-to-string=true \
--params='{"didDocument":"{\"@context\":\"https://www.w3.org/ns/did/v1\",\"id\":\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7\",\"controller\":[\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7\"],\"verificationMethod\":[{\"id\":\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7#keys-1\",\"publicKeyPem\":\"-----BEGIN PUBLIC KEY-----\\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhTNgKCYa5QCmchf3hCNX8e0Xz0gU\\nbVQ6r0bg47GA+zbHqPdDRx6ZZ0LuVK6Ojc2Td4NcO4udLsaTOV9R+4QZFw==\\n-----END PUBLIC KEY-----\\n\",\"controller\":\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7\",\"address\":\"5eb4e668952dcef3018a5bc03ca9517eff1cbfa7\"}],\"authentication\":[\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7#keys-1\"],\"proof\":{\"type\":\"SM2Signature\",\"created\":\"2023-01-01T00:00:00Z\",\"proofPurpose\":\"verificationMethod\",\"verificationMethod\":\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7#keys-1\",\"proofValue\":\"MEUCIQDqWhbQtdSCXF5tgal3cwbZOatcLMrtrHHiSqLF5k6zIQIgIAE684MAIbLbjr6MnzkH8kdhBo6jOgYkC8SjxE4KbGA=\"}}"}'
1.2.5. 颁证机构操作
echo "设置Issuer"
./cmc client contract user invoke \
--contract-name=DID \
--method=AddDidDocument \
--sdk-conf-path=../config/sdk_config.yml \
--sync-result=true \
--gas-limit=99999999 \
--result-to-string=true \
--params='{"didDocument":"{\"@context\":\"https://www.w3.org/ns/did/v1\",\"id\":\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a\",\"controller\":[\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a\"],\"verificationMethod\":[{\"id\":\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a#keys-1\",\"publicKeyPem\":\"-----BEGIN PUBLIC KEY-----\\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEH9bprLppfniFZHUcoPlco1PZg6iT\\nqTlk16kPVvXuNwhEWhCBnBAl0aDIHDZx2UTvZrH0Wn9QYJSPIJvUUepZsw==\\n-----END PUBLIC KEY-----\\n\",\"controller\":\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a\",\"address\":\"eadf82170c8d6f2ea9349f921be50967ba62b18a\"}],\"service\":[{\"id\":\"http://issuer.cnbn.org.cn\",\"type\":\"IssuerService\",\"serviceEndpoint\":\"http://issuer.cnbn.org.cn\"}],\"authentication\":[\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a#keys-1\"],\"proof\":{\"type\":\"SM2Signature\",\"created\":\"2023-01-01T00:00:00Z\",\"proofPurpose\":\"verificationMethod\",\"verificationMethod\":\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a#keys-1\",\"proofValue\":\"MEUCIQDT6ChI/e1M6uPjWJKO6MXBMUg1le5zawQCAflFLc8ykgIgbxZuameFanyI7OLdwOYj+3S4WnhN+rl1cDhIB01D3H8=\"}}"}'
./cmc client contract user invoke \
--contract-name=DID \
--method=AddTrustIssuer \
--sdk-conf-path=../config/sdk_config.yml \
--sync-result=true \
--gas-limit=99999999 \
--result-to-string=true \
--params='{"did":"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a"}'
echo "添加实名认证模板"
./cmc client contract user invoke \
--contract-name=DID \
--method=SetVcTemplate \
--sdk-conf-path=../config/sdk_config.yml \
--sync-result=true \
--gas-limit=99999999 \
--result-to-string=true \
--params='{"id":"1","name":"个人实名认证","version":"v1.0","template":"{\"$schema\":\"http://json-schema.org/draft-07/schema#\",\"type\":\"object\",\"properties\":{\"name\":{\"type\":\"string\"},\"idNumber\":{\"type\":\"string\"},\"phoneNumber\":{\"type\":\"string\"}},\"required\":[\"name\",\"idNumber\",\"phoneNumber\"],\"additionalProperties\":true}"}'
1.2.6. DID有效性验证
echo "验证DID有效性"
./cmc client contract user get \
--contract-name=DID \
--method=GetDidDocument \
--sdk-conf-path=../config/sdk_config.yml \
--result-to-string=true \
--params='{"did":"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a"}'
./cmc client contract user get \
--contract-name=DID \
--method=IsValidDid \
--sdk-conf-path=../config/sdk_config.yml \
--result-to-string=true \
--params='{"did":"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a"}'
echo "验证VC(admin3给admin2颁发的实名认证)"
./cmc client contract user get \
--contract-name=DID \
--method=VerifyVc \
--sdk-conf-path=../config/sdk_config.yml \
--result-to-string=true \
--params='{"vcJson":"{\"@context\":[\"https://www.w3.org/2018/credentials/v1\",\"https://www.w3.org/2018/credentials/examples/v1\"],\"id\":\"https://example.com/credentials/123\",\"type\":[\"VerifiableCredential\",\"IdentityCredential\"],\"issuer\":\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a\",\"issuanceDate\":\"2023-01-01T00:00:00Z\",\"expirationDate\":\"2042-01-01T00:00:00Z\",\"credentialSubject\":{\"id\":\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7\",\"idNumber\":\"511112188501010001\",\"name\":\"Devin\",\"phoneNumber\":\"13811888888\"},\"template\":{\"id\":\"1\",\"name\":\"个人实名认证\",\"version\":\"1.0\"},\"proof\":{\"type\":\"SM2Signature\",\"created\":\"2023-01-01T00:00:00Z\",\"proofPurpose\":\"assertionMethod\",\"verificationMethod\":\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a#keys-1\",\"proofValue\":\"MEUCIQCNZ7sSa4vcC03HYVMQdN/B3t1e25fnB3H6L77s3eGUZgIgHhFn84qtg/meCNNjDQKz+X/WUWKJSBmNK/b4ZIlytnM=\"}}"}'
echo "验证VP"
./cmc client contract user get \
--contract-name=DID \
--method=VerifyVp \
--sdk-conf-path=../config/sdk_config.yml \
--result-to-string=true \
--params='{"vpJson":"{\"@context\":[\"https://www.w3.org/2018/credentials/v1\",\"https://www.w3.org/2018/credentials/examples/v1\"],\"type\":\"VerifiablePresentation\",\"id\":\"https://example.com/presentations/123\",\"verifiableCredential\":[{\"@context\":[\"https://www.w3.org/2018/credentials/v1\",\"https://www.w3.org/2018/credentials/examples/v1\"],\"id\":\"https://example.com/credentials/123\",\"type\":[\"VerifiableCredential\",\"IdentityCredential\"],\"issuer\":\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a\",\"issuanceDate\":\"2023-01-01T00:00:00Z\",\"expirationDate\":\"2042-01-01T00:00:00Z\",\"credentialSubject\":{\"id\":\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7\",\"idNumber\":\"511112188501010001\",\"name\":\"Devin\",\"phoneNumber\":\"13811888888\"},\"template\":{\"id\":\"1\",\"name\":\"个人实名认证\",\"version\":\"1.0\"},\"proof\":{\"type\":\"SM2Signature\",\"created\":\"2023-01-01T00:00:00Z\",\"proofPurpose\":\"assertionMethod\",\"verificationMethod\":\"did:cnbn:eadf82170c8d6f2ea9349f921be50967ba62b18a#keys-1\",\"proofValue\":\"MEUCIQCNZ7sSa4vcC03HYVMQdN/B3t1e25fnB3H6L77s3eGUZgIgHhFn84qtg/meCNNjDQKz+X/WUWKJSBmNK/b4ZIlytnM=\"}}],\"presentationUsage\":\"租房\",\"expirationDate\":\"2024-01-01T00:00:00Z\",\"verifier\":\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1fa7\",\"proof\":{\"type\":\"SM2Signature\",\"created\":\"2023-01-01T00:00:00Z\",\"proofPurpose\":\"authentication\",\"challenge\":\"123\",\"verificationMethod\":\"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7#keys-1\",\"proofValue\":\"MEUCIFmfSg6HEOzECmh6svzRMddEiqY16C9GNCtMG72Yw1/lAiEA3SmYgypj3F9TodrVUN3t45xtv3jU7FfS56dYiwY5Sdk=\"}}"}'
1.2.7. 代理委托
echo "设置代理"
./cmc client contract user invoke \
--contract-name=DID \
--method=Delegate \
--sdk-conf-path=../config/sdk_config.yml \
--sync-result=true \
--gas-limit=99999999 \
--result-to-string=true \
--params='{"delegateeDid":"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7","resource":"https://www.w3.org/2018/credentials/examples/v1","action":"sign"}'
echo "查询代理"
./cmc client contract user get \
--contract-name=DID \
--method=GetDelegateList \
--sdk-conf-path=../config/sdk_config.yml \
--result-to-string=true \
--params='{"delegatorDid":"did:cnbn:7d5e485e5fb34bc1846848c50c9eeb38e8ba62fe","delegateeDid":"did:cnbn:5eb4e668952dcef3018a5bc03ca9517eff1cbfa7"}'