Product Docs
Product DocsTechnical DocsLearning & GovernanceUseful Links
  • Product Docs
  • Node Docs
  • Learning Docs
  • โ„น๏ธGetting Started
    • Product Overview
    • โžก๏ธGet Started with cheqd Studio
      • ๐Ÿ‘‰Set Up Your Account
      • ๐Ÿ—๏ธCreate API Keys
      • ๐Ÿช™Token Top Up
      • ๐Ÿ”„Advanced Configuration Options
    • โ˜‘๏ธUse Trust Registries for AI Agents
      • ๐Ÿ—๏ธBuild an AI Agent Trust Registry
        • Setup AI Agent Trust Registry
          • Issue Verifiable Credentials to AI Agent
        • Setup and Configure MCP Server
          • Create AI Agent DID
          • Import Credential to AI Agent
          • Advanced functionality
            • Issue a Verifiable Credential
            • Verify a Credential
      • ๐ŸคValidate AI Agent Trust Chain
  • ๐ŸŸขStart using cheqd
    • ๐Ÿ†”Create DIDs and Identity Keys
      • Create a DID
      • Create Identity Keys
      • Create a Subject DID
      • Resolve a DID
      • Update a DID
      • Deactivate a DID
    • โœ…Issue Credentials and Presentations
      • Issue a Verifiable Credential
      • Setup Verida Wallet
      • Verify a Verifiable Credential
      • Verify a Verifiable Presentation
      • Revoke a Verifiable Credential
      • Suspend or Unsuspend a Verifiable Credential
    • โ™ป๏ธCharge for Verifiable Credentials
      • Understanding Credential Payments
        • Access Control Conditions
        • Privacy Considerations
      • Charge for Status List
      • Issue Credential with Encrypted Status List
      • Create Verifier Pays Issuer flow
      • Bulk Update or Rotate Encryption Keys
    • ๐ŸคBuild Trust Registries
      • Decentralized Trust Chains (DTCs)
        • Root Authorisations
        • RTAO -> TAO
        • TAO -> SubTAO
        • TAO -> Trusted Issuer (TI)
        • Referencing Trust Registry within a Verifiable Credential
      • Set up Trust Chain
        • Issue a Verifiable Accreditation
        • Verify a Verifiable Accreditation
      • Get Started with TRAIN
        • Deploy TRAIN and Anchor rTAO in DNS
        • Validate Trust Chain
    • ๐ŸŽ‹Create Status Lists
      • Bitstring Status List
        • Create Bitstring Status List
        • Update Bitstring Status List
        • Check Bitstring Status List
        • Search Bitstring Status List
      • Token Status List
        • Create Token Status List
        • Update Token Status List
    • โ†•๏ธCreate DID-Linked Resources
      • Understanding DID-Linked Resources
        • Context for developing DID-Linked Resources
        • Technical composition of DID-Linked Resources
        • Referencing DID-Linked Resources in VCs
      • Create a DID-Linked Resource
      • Search for DID-Linked Resources
  • ๐Ÿ› ๏ธIntegrate an SDK
    • Choosing the right SDK
    • ๐ŸCredo
      • Setup Credo Agent
      • Decentralized Identifiers (DIDs)
        • Create a DID
        • Update a DID
        • Deactivate a DID
      • DID-Linked Resources
        • Create a DID-Linked Resource
        • Resolve a DID-Linked Resource
        • Create an AnonCreds Schema
        • Create an AnonCreds Credential Definition
      • Verifiable Credentials and Presentations
        • AnonCreds
          • Issue a Verifiable Credential
          • Present a Verifiable Credential
        • JSON-LD
          • Issue a Verifiable Credential
          • Present a Verifiable Credential
        • SD-JWT VC
          • Issue a Verifiable Credential
          • Present a Verifiable Credential
          • Verify a Verifiable Credential
    • ๐ŸŠACA-Py
      • Setup ACA-Py Agent
      • Decentralized Identifiers (DIDs)
        • Create a DID
        • Update a DID
        • Deactivate a DID
      • DID-Linked Resources
        • Create AnonCreds Schema
        • Create AnonCreds Credential Definition
      • Verifiable Credentials and Presentations
        • AnonCreds
          • Issue a Verifiable Credential
          • Present a Verifiable Credential
          • Revoke a Verifiable Credential
        • JSON-LD
          • Issue a Verifiable Credential
          • Present a Verifiable Credential
    • ๐ŸˆVeramo
      • Setup Veramo CLI for cheqd
        • Troubleshooting Veramo CLI Setup
      • Decentralized Identifiers (DIDs)
        • Create a DID
        • Querying a DID
        • Update an existing DID
        • Deactivate a DID
        • Create an off-ledger holder DID
        • Managing Identity Keys
        • Troubleshooting
      • Verifiable Credentials and Presentations
        • Issue a Verifiable Credential
        • Verify a Verifiable Credential
        • Create a Verifiable Presentation
        • Verify a Verifiable Presentation
      • Credential Payments
        • Charge for Status List
        • Issue Credential with Encrypted Status List
        • Verifier pays Issuer
      • Bitstring Status List
        • Create Status List
        • Issuing a Verifiable Credential referencing Status List
      • DID-Linked Resources
        • Create a DID-Linked Resource
        • Create a new Resource version within existing Collection
    • ๐ŸซWalt.id Community Stack
  • ๐Ÿ—๏ธArchitecture
    • Architecture Decision Record (ADR) Process
    • List of ADRs
      • ๐Ÿ”ตADR 001: cheqd DID Method
      • ๐ŸŸขADR 002: DID-Linked Resources
      • ๐ŸŸกADR 003: DID Resolver
      • ๐ŸŸ ADR 004: DID Registrar
      • ๐ŸŸฃADR 005: DID Resolution & DID URL Dereferencing
  • ๐Ÿ’ซAdvanced features and alternatives
    • โžก๏ธDID Registrar
      • Setup DID Registrar
      • Create a DID
      • Create a DID-Linked Resource
    • โฌ…๏ธDID Resolver
      • Setup DID Resolver
    • โšกAnonCreds Object Method
      • Schemas
      • Credential Definitions
      • Revocation Registry Definitions
      • Revocation Status Lists
    • ๐ŸŒ Advanced Tooling
      • cheqd Cosmos CLI for identity
        • Create a DID
        • Update a DID
        • Deactivate a DID
        • Query a DID
        • Create a DID-Linked Resource
        • Update a DID-Linked Resource
      • Direct interaction with ledger code
      • VDR Tools CLI with cheqd (deprecated)
      • Demo Wallet for Identity Setup
  • โš›๏ธNetwork
    • Get started with cheqd Network
      • Identity Write Pricing
      • Comparison to Hyperledger Indy
    • โฉSetup your Wallet
      • Setup Leap Wallet
        • Congifure cheqd Testnet for Leap
      • Setup Keplr Wallet
      • Migrate from Keplr to Leap Wallet
    • โ†ช๏ธUseful Tools and APIs
      • Block Explorer
      • Testnet Faucet
      • Validator Status API
      • Cheqd x Cosmos Data APIs
      • Cosmos Airdrop Helpers
      • Cosmos Address Convertor
      • Ethereum Bridge
    • โฌ†๏ธNetwork Upgrades
      • 2021
        • 0.1.x
        • 0.2.x
        • 0.3.x
      • 2022
        • 0.4.x
        • 0.5.x
        • 0.6.x
      • 2023
        • 1.x
      • 2024
        • 2.x
        • 3.x
      • 2025
        • 3.1.x
        • 4.x
      • Root Cause Analysis of Outages
        • v1.x Upgrade RCA
        • v4.x Upgrade RCA (Testnet)
  • โš–๏ธLegal
    • License
    • Code of Conduct
    • Security Policy
  • ๐Ÿ†˜Support
    • System Status
    • Discord
    • Bugs & Feature Requests
Powered by GitBook
LogoLogo

General

  • Website
  • Blog
  • Get $CHEQ

Product Docs

  • Product Docs
  • cheqd Studio
  • Creds.xyz
  • Bug/Feature Requests

Technical Docs

  • Node Docs
  • GitHub
  • Block Explorer

Learning Docs

  • Learning Docs
  • Governance Docs
  • Governance Forum
  • Governance Explorer
On this page

Was this helpful?

Edit on GitHub
Export as PDF
  1. Start using cheqd
  2. Create DIDs and Identity Keys

Create a Subject DID

Create a 'Holder' or 'Subject' Decentralized Identifier (DID), of method did:key using cheqd Studio.

Last updated 1 month ago

Was this helpful?

In decentralized identity systems, Holders (also referred to as Subjects) are the recipients of Verifiable Credentialsโ€”typically representing individuals, organisations, objects or devices.

To enable credential interactions such as receiving, presenting, and proving control over an identity, each Holder needs a unique cryptographic key pair. This key pair is used to create a Decentralized Identifier (DID) that represents their identity.


Use Cases for Holder Identity Keys

After generating a key pair using the API below, you can use it to:

  • โœ… Generate a did:key identifier, an off-ledger, self-contained DID that is ideal for lightweight identity use cases


Why Use did:key for Holders?

The did:key method is a simple, deterministic DID method that embeds the Holderโ€™s public key directly into the DID itself. It doesnโ€™t require blockchain anchoring, making it:

  • โšก Fast and lightweight โ€“ no on-ledger operations required

  • ๐Ÿ” Privacy-preserving โ€“ good for ephemeral or throwaway identifiers

  • ๐Ÿงช Useful for testing and interoperability โ€“ widely supported by wallets and agent frameworks

  • ๐Ÿง Ideal for Holder/Subject identities โ€“ where the main role is to receive and present credentials rather than issue them

Many ecosystems choose did:key for wallet-based identities, while keeping issuer DIDs on-ledger (e.g. did:cheqd) to ensure resolvability and public trust.

Take a deeper look into the did:key specification here:

Note that there are also perfectly valid use cases for using a did:cheqd DID for a 'Holder' or 'Subject' DID as well, where it is valuable to have the 'Holder' / 'Subject' identifiable on-chain.

For example, AI Agents, Organisations or products in a supply chain are good use cases for using did:cheqd.

This is because the 'Holder' / 'Subject' does not have Personally Identifiable Information (PII) associated with it.


Get Started

To create a did:key DID, you can generate an identity key pair using the API below on cheqd Studio.

๐ŸŸข
๐Ÿ†”

Create a did:key DID

Create an off-ledger 'holder' or 'subject' DID, of the did:key method using the specification.

Create an identity key pair.

post

This endpoint creates an identity key pair associated with the user's account for custodian-mode clients.

Authorizations
Query parameters
typestring ยท enumOptional

Key type of the identity key pair to create.

Possible values:
Responses
200
The request was successful.
application/json
400
A problem with the input fields has occurred. Additional state information plus metadata may be available in the response body.
application/json
401
Access token is missing or invalid
500
An internal error has occurred. Additional state information plus metadata may be available in the response body.
application/json
post
POST /key/create HTTP/1.1
Host: 
x-api-key: YOUR_API_KEY
Accept: */*
{
  "kid": "text",
  "type": "Ed25519",
  "publicKeyHex": "text"
}
  • Use Cases for Holder Identity Keys
  • Why Use did:key for Holders?
  • Get Started
  • POSTCreate an identity key pair.