# Create Identity Keys

In decentralized identity systems, all actors—whether Issuers, Holders, or Verifiers—require cryptographic keys to prove control over a **Decentralized Identifier (DID)** and to sign or verify interactions (e.g. credential issuance or presentation).

This tutorial guides you through generating a **key pair** that can be used to:

* ✅ Create a new DID (e.g. `did:cheqd` or `did:key`)
* ✅ Import into **cheqd Studio** for identity operations
* ✅ Use directly in SDKs or agent frameworks that support key-based identity

***

## Why Identity Keys Matter

DIDs are built on public-private key cryptography. The **public key** is embedded in or referenced by the DID Document, while the **private key** remains securely held by the actor controlling the identity.

Without keys, you can’t:

* Create a DID
* Authenticate or prove control of an identity
* Sign or verify credentials and presentations
* Rotate or deactivate identifiers

***

## Step 1: Choose Your Key Type

cheqd Studio supports two cryptographic key types for identity operations:

| Key Type    | Use Case / Notes                                                                                                                                                        |
| ----------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `Ed25519`   | The default and recommended key type for most DID and Verifiable Credential operations. Fast, secure, and widely supported across agent frameworks.                     |
| `secp256k1` | A widely adopted elliptic curve used in blockchain ecosystems (e.g. Bitcoin, Ethereum). Useful for cross-chain identity interoperability or aligning with Web3 wallets. |

> ✅ Choose `Ed25519` for identity-specific use cases. Use `secp256k1` if you need compatibility with blockchain-based tooling, wallets, or ecosystems that already rely on this curve.

## Step 2: Hit the API below

Use the API below to create and generate your new identity key pair of either type `Ed25519` or `secp256k1.`

## Create an identity key pair.

> This endpoint creates an identity key pair associated with the user's account for custodian-mode clients.

```json
{"openapi":"3.0.0","info":{"title":"cheqd Studio API for cheqd network","version":"2.0.0"},"tags":[{"name":"Keys"}],"servers":[{"url":"https://studio-api.cheqd.net","description":"Main (production) server"},{"url":"https://studio-api-staging.cheqd.net","description":"Staging server for testing"},{"url":"http://localhost:3000","description":"Local server for testing"}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"x-api-key","in":"header"}},"schemas":{"KeyResult":{"type":"object","properties":{"kid":{"type":"string"},"type":{"type":"string","enum":["Ed25519","Secp256k1"]},"publicKeyHex":{"type":"string"}}},"InvalidRequest":{"description":"A problem with the input fields has occurred. Additional state information plus metadata may be available in the response body.","type":"object","properties":{"error":{"type":"string"}}},"UnauthorizedError":{"description":"Access token is missing or invalid","type":"object","properties":{"error":{"type":"string"}}}}},"paths":{"/key/create":{"post":{"tags":["Keys"],"summary":"Create an identity key pair.","description":"This endpoint creates an identity key pair associated with the user's account for custodian-mode clients.","parameters":[{"name":"type","description":"Key type of the identity key pair to create.","in":"query","schema":{"type":"string","enum":["Ed25519"]}}],"responses":{"200":{"description":"The request was successful.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/KeyResult"}}}},"400":{"description":"A problem with the input fields has occurred. Additional state information plus metadata may be available in the response body.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidRequest"}}}},"401":{"$ref":"#/components/schemas/UnauthorizedError"},"500":{"description":"An internal error has occurred. Additional state information plus metadata may be available in the response body.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InvalidRequest"}}}}}}}}}
```

## Step 3 (Alternative): Fetch Identity Key Details

If you've already generated a key pair using cheqd Studio and want to **retrieve, reference or use it later**, you can do so by referencing its **Key ID (`kid`)**. This is useful for:

* Recovering key material generated earlier (e.g., to construct a DID or sign a credential)
* Working with shared or externally provisioned keys
* Avoiding duplicate key creation when managing identities programmatically

{% openapi src="<https://raw.githubusercontent.com/cheqd/credential-service/main/src/static/swagger-api.json>" path="/key/read/{kid}" method="get" expanded="true" %}
<https://raw.githubusercontent.com/cheqd/credential-service/main/src/static/swagger-api.json>
{% endopenapi %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cheqd.io/product/studio/dids/create-identity-keys.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.