Introduction ◈ Bindings ◈ Documentation & Resources ◈ Getting Started ◈ Example ◈ Roadmap ◈ Contributing
IOTA Identity is a Rust implementation of decentralized digital identity, also known as Self-Sovereign Identity (SSI). It implements the W3C Decentralized Identifiers (DID) and Verifiable Credentials specifications. This library can be used to create, resolve and authenticate digital identities and to create verifiable credentials and presentations in order to share information in a verifiable manner and establish trust in the digital world. It does so while supporting secure storage of cryptographic keys, which can be implemented for your preferred key management system. Many of the individual libraries (Rust crates) are agnostic over the concrete DID method, with the exception of some libraries dedicated to implement the IOTA DID method, which is an implementation of decentralized digital identity on the IOTA and Shimmer networks. Written in stable Rust, IOTA Identity has strong guarantees of memory safety and process integrity while maintaining exceptional performance.
Foreign Function Interface (FFI) Bindings of this Rust library to other programming languages:
- Web Assembly (JavaScript/TypeScript)
We provide a collection of experimental gRPC services
- API References:
- Rust API Reference: Package documentation (cargo docs).
- Wasm API Reference: Wasm Package documentation.
- Identity Documentation Pages: Supplementing documentation with context around identity and simple examples on library usage.
- Examples: Practical code snippets to get you started with the library.
If you want to include IOTA Identity in your project, simply add it as a dependency in your Cargo.toml
:
[dependencies]
identity_iota = { version = "1.3.1" }
To try out the examples, you can also do this:
- Clone the repository, e.g. through
git clone https://github.com/iotaledger/identity.rs
- Start IOTA Sandbox as described in the next section
- Run the example to create a DID using
cargo run --release --example 0_create_did
The following code creates and publishes a new IOTA DID Document to a locally running private network. See the instructions on running your own private network for development.
Cargo.toml
[package]
name = "iota_identity_example"
version = "1.0.0"
edition = "2021"
[dependencies]
identity_iota = { version = "1.3.1", features = ["memstore"] }
iota-sdk = { version = "1.0.2", default-features = true, features = ["tls", "client", "stronghold"] }
tokio = { version = "1", features = ["full"] }
anyhow = "1.0.62"
rand = "0.8.5"
main.rs
use identity_iota::core::ToJson;
use identity_iota::iota::IotaClientExt;
use identity_iota::iota::IotaDocument;
use identity_iota::iota::IotaIdentityClientExt;
use identity_iota::iota::NetworkName;
use identity_iota::storage::JwkDocumentExt;
use identity_iota::storage::JwkMemStore;
use identity_iota::storage::KeyIdMemstore;
use identity_iota::storage::Storage;
use identity_iota::verification::jws::JwsAlgorithm;
use identity_iota::verification::MethodScope;
use iota_sdk::client::api::GetAddressesOptions;
use iota_sdk::client::secret::stronghold::StrongholdSecretManager;
use iota_sdk::client::secret::SecretManager;
use iota_sdk::client::Client;
use iota_sdk::crypto::keys::bip39;
use iota_sdk::types::block::address::Bech32Address;
use iota_sdk::types::block::output::AliasOutput;
use iota_sdk::types::block::output::dto::AliasOutputDto;
use tokio::io::AsyncReadExt;
// The endpoint of the IOTA node to use.
static API_ENDPOINT: &str = "http://localhost";
/// Demonstrates how to create a DID Document and publish it in a new Alias Output.
#[tokio::main]
async fn main() -> anyhow::Result<()> {
// Create a new client to interact with the IOTA ledger.
let client: Client = Client::builder()
.with_primary_node(API_ENDPOINT, None)?
.finish()
.await?;
// Create a new Stronghold.
let stronghold = StrongholdSecretManager::builder()
.password("secure_password".to_owned())
.build("./example-strong.hodl")?;
// Generate a mnemonic and store it in the Stronghold.
let random: [u8; 32] = rand::random();
let mnemonic =
bip39::wordlist::encode(random.as_ref(), &bip39::wordlist::ENGLISH).map_err(|err| anyhow::anyhow!("{err:?}"))?;
stronghold.store_mnemonic(mnemonic).await?;
// Create a new secret manager backed by the Stronghold.
let secret_manager: SecretManager = SecretManager::Stronghold(stronghold);
// Get the Bech32 human-readable part (HRP) of the network.
let network_name: NetworkName = client.network_name().await?;
// Get an address from the secret manager.
let address: Bech32Address = secret_manager
.generate_ed25519_addresses(
GetAddressesOptions::default()
.with_range(0..1)
.with_bech32_hrp((&network_name).try_into()?),
)
.await?[0];
println!("Your wallet address is: {}", address);
println!("Please request funds from http://localhost/faucet/, wait for a couple of seconds and then press Enter.");
tokio::io::stdin().read_u8().await?;
// Create a new DID document with a placeholder DID.
// The DID will be derived from the Alias Id of the Alias Output after publishing.
let mut document: IotaDocument = IotaDocument::new(&network_name);
// Insert a new Ed25519 verification method in the DID document.
let storage: Storage<JwkMemStore, KeyIdMemstore> = Storage::new(JwkMemStore::new(), KeyIdMemstore::new());
document
.generate_method(
&storage,
JwkMemStore::ED25519_KEY_TYPE,
JwsAlgorithm::EdDSA,
None,
MethodScope::VerificationMethod,
)
.await?;
// Construct an Alias Output containing the DID document, with the wallet address
// set as both the state controller and governor.
let alias_output: AliasOutput = client.new_did_output(address.into(), document, None).await?;
println!("Alias Output: {}", AliasOutputDto::from(&alias_output).to_json_pretty()?);
// Publish the Alias Output and get the published DID document.
let document: IotaDocument = client.publish_did_output(&secret_manager, alias_output).await?;
println!("Published DID document: {:#}", document);
Ok(())
}
Example output
{
"doc": {
"id": "did:iota:tst:0xa947df036e78c2eada8b16e019d517c9e38d4b19cb0c1fa066e752c3074b715d",
"verificationMethod": [
{
"id": "did:iota:tst:0xa947df036e78c2eada8b16e019d517c9e38d4b19cb0c1fa066e752c3074b715d#9KdQCWcvR8kmGPLFOYnTzypsDWsoUIvR",
"controller": "did:iota:tst:0xa947df036e78c2eada8b16e019d517c9e38d4b19cb0c1fa066e752c3074b715d",
"type": "JsonWebKey",
"publicKeyJwk": {
"kty": "OKP",
"alg": "EdDSA",
"kid": "9KdQCWcvR8kmGPLFOYnTzypsDWsoUIvR",
"crv": "Ed25519",
"x": "JJoYoeFWU7jWvdQmOKDvM4nZJ2cUbP9yhWZzFgd044I"
}
}
]
},
"meta": {
"created": "2023-08-29T14:47:26Z",
"updated": "2023-08-29T14:47:26Z",
"governorAddress": "tst1qqd7kyu8xadzx9vutznu72336npqpj92jtp27uyu2tj2sa5hx6n3k0vrzwv",
"stateControllerAddress": "tst1qqd7kyu8xadzx9vutznu72336npqpj92jtp27uyu2tj2sa5hx6n3k0vrzwv"
}
}
For detailed development progress, see the IOTA Identity development kanban board.
We would love to have you help us with the development of IOTA Identity. Each and every contribution is greatly valued!
Please review the contribution and workflow sections in the IOTA Wiki.
To contribute directly to the repository, simply fork the project, push your changes to your fork and create a pull request to get them included!
The best place to get involved in discussions about this library or to look for support at is the #identity
channel on the IOTA Discord. You can also ask questions on our Stack Exchange.