A command line client for managing DIDs, VCs, zCaps, and corresponding cryptographic key pairs, written in Typescript.
Help is available with the --help/-h command line option:
./did -h
./did COMMAND -h
Generate a random Ed25519 key pair (ed25519 is the default type):
./did key create
If you'd like to also generate a secret key seed (to help deterministically
generate the same key pair in the future), pass in the --with-seed flag:
./did key create --with-seed
{
"secretKeySeed": "z1AXVyT6G1Qk3E9cMPkDYY6wVRpZjVGWAZ3TfrAgFZkX6bv",
"keyPair": {
"@context": "https://w3id.org/security/multikey/v1",
"type": "Multikey",
"publicKeyMultibase": "z6MkrLBubwzwEvwmsyEKd2kJ6pt91E6MHdf3EeQMnCsdX2hM",
"secretKeyMultibase": "zruzykbtvWUgV8Tp1LKVEuTmywLEa75qHsvWRVarVhdgHiCgiMYTSDXTavJVh47Cwes4mKgdAY5PTizbRvHXcA7XcLF"
}
}
Generate a deterministic key pair by setting the SECRET_KEY_SEED environment
variable to a multibase-encoded seed (e.g. from @digitalcredentials/bnid):
SECRET_KEY_SEED=z1AXVyT6G1Qk3E9cMPkDYY6wVRpZjVGWAZ3TfrAgFZkX6bv ./did key create
{
"@context": "https://w3id.org/security/multikey/v1",
"type": "Multikey",
"publicKeyMultibase": "z6MkrLBubwzwEvwmsyEKd2kJ6pt91E6MHdf3EeQMnCsdX2hM",
"secretKeyMultibase": "zruzykbtvWUgV8Tp1LKVEuTmywLEa75qHsvWRVarVhdgHiCgiMYTSDXTavJVh47Cwes4mKgdAY5PTizbRvHXcA7XcLF"
}
Specify an explicit key type with --type (defaults to ed25519):
SECRET_KEY_SEED=z1Aaj5A4UCsd... ./did key create --type ed25519
Output is a JSON-LD Multikey document with both the public and secret key in multibase encoding:
{
"@context": "https://w3id.org/security/multikey/v1",
"type": "Multikey",
"publicKeyMultibase": "z6Mk...",
"secretKeyMultibase": "zrv..."
}Generate a random Ed25519 did:key DID (method defaults to key):
./did id create
{
"id": "did:key:z6Mkr...",
"didDocument": { ... }
}
Or pass the method explicitly:
./did id create key
To also include the secret key seed in the output (useful for re-deriving the
same DID later), pass --with-seed:
./did id create --with-seed
{
"id": "did:key:z6MkrLBubwzwEvwmsyEKd2kJ6pt91E6MHdf3EeQMnCsdX2hM",
"secretKeySeed": "z1AXVyT6G1Qk3E9cMPkDYY6wVRpZjVGWAZ3TfrAgFZkX6bv",
"didDocument": {
"@context": [ ... ],
"id": "did:key:z6MkrLBubwzwEvwmsyEKd2kJ6pt91E6MHdf3EeQMnCsdX2hM",
"verificationMethod": [ ... ],
...
}
}
Generate a deterministic DID by setting the SECRET_KEY_SEED environment
variable to a multibase-encoded seed (e.g. from @digitalcredentials/bnid):
SECRET_KEY_SEED=z1AXVyT6G1Qk3E9cMPkDYY6wVRpZjVGWAZ3TfrAgFZkX6bv ./did id create
Save the DID document and key material to local storage with --save
(written to ~/.dids/ by default, or $DIDS_DIR if set):
./did id create --save
DID saved to /home/user/.dids/key/did:key:z6Mkr....json
{
"id": "did:key:z6Mkr...",
"didDocument": { ... }
}
PRs accepted.
If editing the Readme, please conform to the standard-readme specification.
MIT © 2026 Interop Alliance