Crate atproto_plc 

atproto-plc

Rust implementation of did:plc with WASM support for ATProto.

Features

• ✅ Validate did:plc identifiers
• ✅ Parse and validate DID documents
• ✅ Create new did:plc identities
• ✅ Validate operation chains
• ✅ Native Rust and WASM support
• ✅ Recovery mechanism with 72-hour window

Quick Start

Rust

use atproto_plc::{Did, DidBuilder, SigningKey, ServiceEndpoint};

// Validate a DID
let did = Did::parse("did:plc:ewvi7nxzyoun6zhxrhs64oiz")?;

// Create a new DID
let rotation_key = SigningKey::generate_p256();
let signing_key = SigningKey::generate_k256();

let (did, operation, keys) = DidBuilder::new()
    .add_rotation_key(rotation_key)
    .add_verification_method("atproto".into(), signing_key)
    .add_also_known_as("at://alice.example.com".into())
    .add_service(
        "atproto_pds".into(),
        ServiceEndpoint::new(
            "AtprotoPersonalDataServer".into(),
            "https://pds.example.com".into(),
        ),
    )
    .build()?;

println!("Created DID: {}", did);

Specification

This library implements the did:plc specification as defined at: https://web.plc.directory/spec/v0.1/did-plc

DID Format

A did:plc identifier consists of:

• Prefix: “did:plc:”
• Identifier: 24 lowercase base32 characters (alphabet: abcdefghijklmnopqrstuvwxyz234567)

Example: did:plc:ewvi7nxzyoun6zhxrhs64oiz

Key Points

• Rotation Keys: 1-5 keys used to sign operations and recover control
• Verification Methods: Up to 10 keys for authentication and signing
• Recovery Window: 72 hours to recover control with higher-priority rotation keys
• Operation Size: Maximum 7500 bytes per operation (DAG-CBOR encoded)

Security Considerations

Key Management

• Private keys are zeroized from memory when dropped
• Never compare ECDSA signatures directly - they are non-deterministic
• Always use cryptographic verification functions

Operation Signing

• Operations are signed using DAG-CBOR encoding
• Signatures use base64url encoding without padding
• Both P-256 and secp256k1 curves are supported

License

Licensed under either of:

• Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
• MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

Re-exports

pub use builder::BuilderKeys;

pub use builder::DidBuilder;

pub use crypto::SigningKey;

pub use crypto::VerifyingKey;

pub use did::Did;

pub use document::DidDocument;

pub use document::PlcState;

pub use document::Service;

pub use document::ServiceEndpoint;

pub use document::VerificationMethod;

pub use error::PlcError;

pub use error::Result;

pub use operations::Operation;

pub use operations::UnsignedOperation;

pub use validation::OperationChainValidator;

Modules

builder

Builder pattern for creating did:plc identifiers

crypto

Cryptographic operations for signing and verification

did

DID (Decentralized Identifier) types and validation for did:plc

document

DID document structures and parsing

encoding

Encoding utilities for base32, base64url, and DAG-CBOR

error

Error types for atproto-plc operations

operations

Operation types for did:plc (genesis, update, tombstone)

validation

Validation logic for operations and operation chains

Constants

NAME

Library name

VERSION

Library version

Functions

library_info

Get library information