Wallets

Create wallets and use them to sign and issue Verifiable Credentials to Affinidi Vault users.

Wallet is an essential component that allows you to sign and issue Verifiable Credentials that users can claim and store in their Vault. Each wallet is created with a unique Decentralised Identifier (DID) value that is used to represent a particular subject. It is used to sign the credentials to prevent tampering with information and allow the verifier to validate its authenticity cryptographically.

The Decentralised Identifier (DID) could represent a user, a company, or a device/machine.

Example: did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK.

Supported DID Methods

Every Decentralised Identifier (DID) is prefixed with a DID method that defines the mechanism to resolve and get the associated DID document used for verifying the credential.

The Affinidi Trust Network supports the following DID methods when creating a wallet:

did:key

The did:key method represents individuals.

One of the key benefits of did:key is the implementation of “the right to be forgotten” to stay compliant with privacy policies like GDPR, which is impossible with the methods that rely on blockchains.

It is a scalable DID method that doesn’t require a lot of surrounding infrastructure and blockchains. The challenges with did:key arise when you start looking into concerns like key management, which is why relying solely on did:key for all interactions, especially business, is not advisable.

The Affinidi Vault assigns did:key to users when they register for an account. Read more about the did:key method here .

Example: did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK

did:web

The did:web method represents a host or a fully qualified domain name.

It requires the implementation of TLS/SSL certificate on the domain that hosts the DID document and allows rotation of the verification key while keeping the same DID value, making it more secure.

Additionally, credentials signed by did:web is traceable back to the source, like a website, making this method suitable to represent a business entity that owns the domain, enabling verifiers to validate the credential’s authenticity.

Domain Verification service uses did:web to represent the domain when verifying the domain ownership and display a verified checkmark in the Affinidi Vault consent screen. Read more about the did:web method here .

Example: did:web:mywebsite.com

How to Create a Wallet

To create a wallet, go to the Wallets page under Tools section in the  Affinidi Portal.

  1. Once you are on the Wallets page, click on Create Wallet button.
Wallets page
  1. Select the DID method that will be use to create the Wallet. If you select did:web, you have to provide the domain that support HTTPS protocol.
Create Wallet
  1. Click on Submit and your wallet will be created with the DID information.

Use the generated DID information to sign the Verifiable Credentials with the key from your Decentralised Identifier (DID) and issue the credential to your users.