Awesome

identinet-plugin

identinet-plugin is a browser extension that displays and verifies decentralized identity information of websites. The extension originated as a did:hack project.

Presentation

<div style="display: flex; gap: 1em;"> <div style="display: flex; flex-direction: column; align-items: center;"> <a href="https://slidesdown.github.io/?slides=github.com/identinet/identinet-plugin"><img src="images/presentation.png" alt="Slideshow" width="250" height="200" /></a> <a href="https://slidesdown.github.io/?slides=github.com/identinet/identinet-plugin">Slideshow</a> </div> <div style="display: flex; flex-direction: column; align-items: center;"> <a href="https://youtu.be/pXtc385wGfA"><img src="images/video.png" alt="did:hack presentation" width="250" height="200" /></a> <a href="https://youtu.be/pXtc385wGfA">did:hack presentation</a> </div> </div>

Installation

Firefox: https://addons.mozilla.org/en-US/firefox/addon/identinet/

Attention: after installing the add-on, it's currently necessary to grant the plugin access to websites. Firefox doesn't prompt the user during installation to grant these permissions.

Navigate to Tools -> Add-ons and Themes. Select the identinet add-on and switch to the "Permissions" tab. Then grant the optional permission "Access your data for all websites".
Chrome: https://chrome.google.com/webstore/detail/identinet/hehmpjacggciaiknjpfkiecokomeeopm

Usage

After installation, the extension is added to the list of extensions. Pin the extension to the browser bar so that it is permanently visible.

The availability of a DID document and additional credentials for the website is displayed with the following icons:

<img style="height: 1em" alt="No DID document available" src="./public/icons/shield-slash.svg" /> No DID document is available.
<img style="height: 1em" alt="DID document and credentials available" src="./public/icons/shield-plus.svg" /> DID and credentials are available, the credentials have been successfully verified.
<img style="height: 1em" alt="DID document and credentials available but broken" src="./public/icons/shield-xmark.svg" /> DID document incorrect or verification of credentials of failed.

Examples:

<img style="height: 1em" alt="No DID document available" src="./public/icons/shield-slash.svg" /> <a href="https://no-id-example.identinet.io/">https://no-id-example.identinet.io/</a>
<img style="height: 1em" alt="DID document available" src="./public/icons/shield-plus.svg" /> <a href="https://id-example.identinet.io/">https://id-example.identinet.io/</a> - only a DID is avaible, no credentials.
<img style="height: 1em" alt="DID document and credentials available" src="./public/icons/shield-plus.svg" /> <a href="https://id-plus-example.identinet.io/">https://id-plus-example.identinet.io/</a>
<img style="height: 1em" alt="DID document and credentials available but broken" src="./public/icons/shield-xmark.svg" /> <a href="https://broken-example.identinet.io/">https://broken-example.identinet.io/</a>

How it Works

The extension ..

displays the W3C DID Document that is associated with the visited website, i.e. the DID did:web:<domainname> who's document is stored at https://<domainname>/.well-known/did.json.
retrieves, verifies, and displays a publicly stored W3C Verifiable Presentation that might contain multiple credentials. It's expected that DID did:web:<domainname> issued the presentation and that it's publicly available at https://<domainname>/.well-known/presentation.json.

Create DID and Credentials for Domain

Requirements:

didkit CLI
Website that's hosted at a custom domain name, e.g. example.com
jq

Create did:web DID and issue sample credential:

Generate a key: didkit key generate ed25519 > key.jwk
Generate a DID did:web:<domainname>:

DOMAINNAME="<your domainname>"
DID_WEB="did:web:${DOMAINNAME}"
KEY_ID=$(didkit key to did -k key.jwk | sed -ne 's/^did:key://p')
cat <<EOF | yq > did.json
{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://w3id.org/security/suites/ed25519-2020/v1",
    {
      "publicKeyJwk": {
        "@id": "https://w3id.org/security#publicKeyJwk",
        "@type": "@json"
      }
    }
  ],
  "id": "${DID_WEB}",
  "verificationMethod": [
    {
      "id": "${DID_WEB}#${KEY_ID}",
      "type": "Ed25519VerificationKey2020",
      "controller": "${DID_WEB}",
      "publicKeyJwk": $(yq e 'del(.d)' key.jwk)
    }
  ],
  "authentication": [
    "${DID_WEB}#${KEY_ID}"
  ],
  "assertionMethod": [
    "${DID_WEB}#${KEY_ID}"
  ]
}
EOF

Store and publish did.json in the web server's root directory at path /.well-known/did.json
Verify that the DID is publicly resolveable: didkit did-resolve "${DID_WEB}"
Issue sample credential:

cat > credential.json <<EOF
{
  "@context": ["https://www.w3.org/2018/credentials/v1", "https://w3id.org/security/suites/ed25519-2020/v1"],
  "type": ["VerifiableCredential"],
  "issuer": "${DID_WEB}",
  "issuanceDate": "$(date -u +"%Y-%m-%dT%H:%M:%SZ")",
  "credentialSubject": {
    "id": "${DID_WEB}"
  }
}
EOF

VERIFICATION_METHOD=$(jq -r '.assertionMethod[0]' < did.json)
didkit credential issue -t Ed25519Signature2020 -k key.jwk -p assertionMethod -v "${VERIFICATION_METHOD}" < credential.json > credential_signed.json
didkit credential verify < credential_signed.json

Verify credential: didkit vc-verify-credential < credential_signed.json
Issue presentation:

cat > presentation.json <<EOF
{
  "@context": ["https://www.w3.org/2018/credentials/v1", "https://w3id.org/security/suites/ed25519-2020/v1"],
  "type": ["VerifiablePresentation"],
  "holder": "${DID_WEB}",
  "verifiableCredential": [
$(cat credential_signed.json)
  ]
}
EOF

VERIFICATION_METHOD=$(jq -r '.authentication[0]' < did.json)
didkit presentation issue -t Ed25519Signature2020 -k key.jwk -p authentication -C "${DOMAINNAME}" -d "${DOMAINNAME}" -v "${VERIFICATION_METHOD}" < presentation.json > presentation_signed.json
didkit presentation verify < presentation_signed.json

Verify presentation: didkit vc-verify-presentation < presentation_signed.json
Store and publish presentation_signed.json in the web server's root directory at path /.well-known/presentation.json

Development

Requirements

just - Task runner like make
nu - Versatile shell (developed on version 0.80.0)
watchexec - File watcher
NodeJS - (version 20)
Google Chrome or Firefox

Dependencies for running the test websites locally:

mkcert - Locally-trusted development certificates
- Perform these steps manually:
- Install local CA: mkcert -install
- If needed, manually add the CA to Firefox and Chrome
caddy - HTTP server
htmlq - Like jq, but for HTML

Steps to start development

Install node modules: just deps
Start extension builder: just build-watch
- Firefox build directory: .build_firefox
- Chrome build directory: .build_chrome
Install browser plugin temporarily:
- Firefox:
  - Open about:debugging and select "This Firefox"
  - Click on "Load Temporary Add-on..." and select manifest.json in the Firefox build directory
  - See more detailed instructions
- Chrome:
  - Open chrome://extensions/
  - Click on "Load unpacked" and select the Chrome build directory
  - See more detailed instructions
Start website test server: just run-websites
- Then visit id-plus.localhost:8443
Start preview server: just run-preview
Start development
- For better debugging, read the Firefox Extension Workshop
Manually reload extension by clicking reload (Firefox) or update (Chrome) to include changes