Web3

Hyperledger Web3J: Bridging Decentralized Identity & EVM

DailyBlockchain.News AdminJuly 21, 2024

7 minutes read

Hyperledger Web3j: Bridging Decentralized Identity & Evm

In right this moment’s panorama, the momentum behind Web3 is evident throughout numerous industries. As we transfer into this new period, it is necessary to replace our instruments and strategies to match the altering atmosphere. Throughout Web1, one of many key adjustments concerned utilizing authentication strategies to confirm customers on particular web sites for the primary time.

Web2 launched identification suppliers, permitting customers to authenticate themselves utilizing their social accounts. Nevertheless, will this mannequin endure in a Web3 atmosphere? Not fairly.

Enter Decentralized Identification, a trademark of Web3. This paradigm shift eliminates the reliance on central authorities for credential verification. As a substitute, customers have direct management over their credentials, deciding what info to share when proving their identification. This elementary change empowers people, reworking the idea of digital identification within the Web3 period.

The World Broad Net Consortium (W3C) units the usual for these identities, offering detailed details about Decentralized Identifiers (DID), Verifiable Credentials (VC), and Verifiable Displays (VP). For additional insights, readers can discuss with our earlier articles on Decentralized Identity:

This text goes past idea to discover the sensible aspect, demonstrating how Decentralized Identification may be seamlessly built-in into present tasks for efficient use.

We’ll showcase the method with the next steps:

Making a did:ethr DID.
Querying its standing on the Identity Registry throughout the community.
Producing a Verifiable Credential.
Lastly, revoking the DID.

By means of these sensible examples, readers will acquire a deeper understanding of implementing Decentralized Identification in real-world eventualities.

Getting began

With a view to simply obtain the Decentralized Identity in your software it’s essential be sure to have the next:

An Identity generator library for particular DID strategies, DID paperwork, Verifiable Credentials, Verifiable Displays, and on the identical time present the verification mechanism.
A registry that holds the Identities in a blockchain community.
A device that may generate the required key pairs for encryption to create the identifiers talked about earlier. This device must also allow interplay with the blockchain community talked about above.

For demonstrating this we are going to use the next tech stack:

SpruceID library for producing decentralized credentials.
The Ethereum Sepolia take a look at community with ERC-1056 good contract which can characterize the Identity Registry within the community.
Hyperledger Web3J to work together with the Identity Registry good contract and generate the Elliptic Curve SECP-256k1 key pair. SpruceID to create the credentials.

Setting Up the Setting

Generate a brand new Java undertaking. You possibly can accomplish this utilizing any common IDE or generate it as a brand new HelloWorld software utilizing the Web3j-CLI. We suggest utilizing Gradle as a construct device for added duties, though Maven can also be appropriate.

Combine SpruceID:

This library is written in Rust. To make use of it in our Java software, we’ll must construct it regionally. For this use the next tutorial for Java on the documentation website.

The steps are:

git clone –recurse-submodules
git clone
cd didkit/
cargo construct
From DIDKit root listing generate the Java Native Interfaces for to can work together from Java with SpruceID Rust library

make -C lib ../goal/didkit.jar

6. From DIDKit root listing generate the entry level to the SpruceID Library which was constructed on the native machine.

Observe: Please discuss with the undertaking’s documentation to construct the library on your platform, libdidkit.so on UNIX-like techniques, didkit.dll on Home windows, libdidkit.dylib on MacOS.

make -C lib ../goal/launch/libdidkit.so

Add the generated libs from 5 and 6 to the classpath.

Combine Web3J:

If the Java software was created utilizing Web3J-CLI, the Web3J Gradle plugin is robotically included. If not, you may want so as to add it manually to the construct.gradle file, as described beneath:

plugins {
  id("org.web3j") model "4.9.8"
}

Observe: SpruceID will run solely on Java 11, as a consequence of this Web3J is specified with model 4.9.8.

Combine with Ethereum take a look at community:

For this we are going to use the Ethereum Sepolia take a look at community to deploy and work together with the good contract ERC-1056. As talked about above, we are going to use Web3J for the deployment and interplay with the good contract.

First Generate the contract wrapper:

Add the solidity file within the solidity folder underneath the most important module.
Run generateContractWrappers gradle activity

Deploy the good contract to the Sepolia take a look at community by executing the tutorial steps here. Now every part is in place.

did:ethr

The did:ethr refers primarily to an Ethereum public handle, which may be resolved to a DID doc utilizing a resolver entity. On this case, SpruceId offers a resolveDID technique that can be utilized for this objective.

For producing a brand new did:ethr we are going to execute the next code:

//the Sepolia community ID 11155111 in hex
String EVM_CHAIN_ID = 0xaa36a7

public String createEthrIdentity(System machine) throws Exception {
   	ECKeyPair ecKeyPair = Keys.createEcKeyPair();
   	String privateKey = Numeric.toHexStringWithPrefix(ecKeyPair.getPrivateKey());
   	String handle = Numeric.prependHexPrefix(Keys.getAddress(ecKeyPair));
String did = "did:ethr:" + EVM_CHAIN_ID + ":" + handle;
	return did;
}

The code above demonstrates how the Keys class from the Web3J utility module is used to generate the SECP-256k1 key pair for the brand new handle. As soon as created, the brand new DID is fashioned by combining the prefix with the brand new key.

Observe: EVM_CHAIN_ID specifies which community the resolver ought to test to resolve the DID.

The ensuing DID ought to have the next format:

did:ethr:0xaa36a7:0x19e03255f667bdfd50a32722df860b1eeaf4d635

If we had generated the DID for Ethereum Mainnet, it could be:

did:ethr:0xaa36a7:0x19e03255f667bdfd50a32722df860b1eeaf4d635

Observe: Keep in mind to retailer the personal key generated above for later use. You will have it when producing Verifiable credentials. As a finest apply, encrypt it with an RSA key and retailer it in a non-public database till it’s wanted once more.

Examine possession

Even when the DID was created off-chain utilizing Hyperledger Web3J, it features on the community like another SECP-256k1 handle by default. Due to this fact, there isn’t a have to take any further steps so as to add it to the Identity Registry. The registry robotically resolves all queries for newly generated did:ethr addresses as a result of they’re already related to their respective homeowners.

public String checkOwner(String did) throws Exception {
Web3j web3j = Web3j.construct(new HttpService(NETWORK_RPC));
FastRawTransactionManager transactionManager = new FastRawTransactionManager(web3j, Credentials.create(identification.getKeyUsed()), Numeric.toBigInt(DIDConstants.EVM_CHAIN_ID).longValue());

EthereumDIDRegistry registry = new EthereumDIDRegistry(REGISTRY_ADDRESS, web3j, transactionManager, new DefaultGasProvider());

String identityAddress = did.substring();
	
return registry.identityOwner(identityAddress).ship();
}

Within the above code, Hyperledger Web3J is querying the registry good contract to retrieve the proprietor of the present DID.

Observe: the identityAddress is obtained by eradicating the DID prefix (did:ethr:EVM_CHAIN_ID), which represents the beforehand generated public handle. If the proprietor was not beforehand set, the tactic ought to return the saved handle worth as identityAddress by default. Because of this each account is the proprietor of its personal DID.

Generate Verifiable Credentials

As soon as the DID is generated and the proprietor’s personal secret’s obtainable, entry to the Decentralized Identity House turns into potential. Verifiable Credentials (VCs) function digital representations of bodily IDs within the Web3 house. For additional understanding of their use case, please discuss with the articles talked about within the introduction part.

To generate VCs, we are going to make the most of SpruceID and Hyperledger Web3J together with the personal key generated earlier.

public String issueVerifiableCredential(String did, KeyPair keys, DataObject knowledge){
	
closing CredentialObject credential = new CredentialObject(did, did, knowledge);

closing DIDKitOptions choices = new DIDKitOptions(PROOF_ASSERTION, identification.getVerificationMethod(), null, null);

closing String credentialJson = MAPPER.writeValueAsString(credential);
closing String optionsJson = MAPPER.writeValueAsString(choices);


String jwk = generatePrivateJwk(keys);


closing String verifiableCredential = DIDKit.issueCredential(credentialJson, optionsJson, jwk);
return verifiableCredential;
}

Within the above code, DIDKit is the JNI interface positioned within the jar file that we added to the category path. It exposes the issueCredential technique which receives the next arguments:

credentialJson = is the physique of the VC. Created from the CredentialObject, it contains the specified knowledge that should conform to the VC schema. Seek advice from the SpruceId instance for steerage.
optionsJson = this refers to the kind of assertions that Verifiable Credential might want to assist throughout verification requests;
jwk = is the Json Net Key format of the did:ethr’s key pair. Methodology generatePrivateJwk ought to comprise the Web3J code which returns the personal JWK, documentation here.

As soon as SpruceID receives the issueCredential request it is going to begin to do the next:

Examine if credentialJson respects the VC schema talked about in @context;
Resolve the did:ethr with a view to get the DID Doc to test the JWK that was despatched. Relying on the take a look at community 2 choices can happen:
1. If the SpruceId library resolve technique is appropriate with the community, the DID might be resolved.
2. If the library isn’t appropriate, the resolver must be overridden with this customized resolver.

You possibly can obtain this by cloning the repository and executing the npm command to begin the resolver occasion. After occasion begins, redirect the SpruceId calls by overriding the DIDKit resolve actions to the brand new resolver.

3. After finishing the primary two steps, the system returns the verifiable credential.

From right here, you should use it in verification calls, issuing new Verifiable Displays, and extra.

Revoke DID

A DID is revoked when its DID Doc can now not be retrieved. For many DID strategies, this may be achieved by eradicating entry to it. Within the case of did:net, the entry URL to the DID doc is revoked. However what about did:ethrs when there may be an Identity Registry on the community?

On this case, revocation of the DID will consist of fixing the proprietor handle to 0x0. By doing this, we point out that solely the handle 0x0 can use it. Nevertheless, as 0x0 isn’t a legitimate handle that can be utilized, the DID is successfully revoked.

registry.changeOwner(identityAddress,"0x0").ship();

Hyperledger Web3J connects Decentralized Identity (DID) techniques with Ethereum Digital Machine networks, offering important assist for creating decentralized identities. Its interfaces make it simpler to work together with the EVM community and generate obligatory JWK keys for identification creation processes, reminiscent of these utilized in Spruce ID.