vtc-service 0.3.1

Service for Verifiable Trust Communities
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

use ed25519_dalek::SigningKey;
use multibase::Base;
use rand::Rng;
use tracing::debug;

use vta_sdk::did_key::ed25519_multibase_pubkey;

/// Generate a new `did:key` identity from a random Ed25519 keypair.
///
/// Returns `(did, private_key_multibase)` where:
/// - `did` is `did:key:z6Mk...`
/// - `private_key_multibase` is the seed encoded as multibase Base58BTC (`z...`)
pub fn generate_did_key() -> (String, String) {
    let mut seed = [0u8; 32];
    rand::rng().fill_bytes(&mut seed);

    let signing_key = SigningKey::from_bytes(&seed);
    let public_key = signing_key.verifying_key().to_bytes();

    let multibase_pubkey = ed25519_multibase_pubkey(&public_key);
    let did = format!("did:key:{multibase_pubkey}");
    let private_key_multibase = multibase::encode(Base::Base58Btc, seed);

    debug!(did = %did, "did:key identity generated");

    (did, private_key_multibase)
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_generate_did_key_format() {
        let (did, priv_mb) = generate_did_key();
        assert!(
            did.starts_with("did:key:z6Mk"),
            "DID should start with did:key:z6Mk, got: {did}"
        );
        assert!(
            priv_mb.starts_with('z'),
            "private key multibase should start with 'z'"
        );

        // Decode private key to verify it's 32 bytes
        let (_, seed_bytes) = multibase::decode(&priv_mb).unwrap();
        assert_eq!(seed_bytes.len(), 32);
    }

    #[test]
    fn test_generate_did_key_unique() {
        let (did1, _) = generate_did_key();
        let (did2, _) = generate_did_key();
        assert_ne!(did1, did2);
    }

    #[test]
    fn test_generate_did_key_roundtrip() {
        let (did, priv_mb) = generate_did_key();

        // Re-derive the DID from the private key
        let (_, seed_bytes) = multibase::decode(&priv_mb).unwrap();
        let seed: [u8; 32] = seed_bytes.try_into().unwrap();
        let signing_key = SigningKey::from_bytes(&seed);
        let public_key = signing_key.verifying_key().to_bytes();

        let mut multicodec = Vec::with_capacity(34);
        multicodec.extend_from_slice(&[0xed, 0x01]);
        multicodec.extend_from_slice(&public_key);

        let multibase_pubkey = multibase::encode(Base::Base58Btc, &multicodec);
        let reconstructed_did = format!("did:key:{multibase_pubkey}");
        assert_eq!(did, reconstructed_did);
    }
}