Create an off-ledger holder DID

This tutorial offers step-by-step guidance on how to create a subject DID to be used for a holder that will receive a Verifiable Credentials.

⚠️ Before you begin...

Make sure you've correctly configured the cheqd plugin's agent settings for Veramo CLI

Background

We chose to use did:key for the holder because the did:key specification has a lot synergy with cheqd did method, did:cheqd.

Using did:key also keeps holder DIDs off-ledger. This is very important for the privacy and data protection of the holder. If holder DIDs and DIDDocs were stored on-ledger, this could constitute a risk where data written within the DIDDoc could not be removed in line with a holder's right to be forgotten.

It is also easily managable by a client agent as a full ledger backup for the writing of a DID / DID Doc is not required, thereby making it easily reproducable in a client environment.

Creating a subject did:key DID can be achieved through both the Veramo CLI, or directly through an application that has been setup to read and write to the cheqd ledger, using the Veramo SDK for cheqd.

Instructions

1. Invoke Veramo CLI DID create function

This off-ledger DID, of type did:key, is used for the recipient of the Verifiable Credential and Verifiable Presentation using:

veramo did create

2. Select the did:key provider and KMS

Select did:key as the provider when prompted as well as a key management system (KMS) to use (default is local).

The agent.yml file used for the Veramo SDK for cheqd has a preloaded local key management system which is bootstrapped along with the CLI.

The KMS is stored in a local SQLite database.

3. Enter an alias for the DID

This is the nickname for your DID, which will be managed by Veramo KMS. Providing a memorable alias will help reference this for future uses, e.g., Alice off ledger DID.

Once you have entered this, you will receive a response in a table, e.g:

Next steps

If you got the table above, your off-ledger did:key has been created