Create and Publish Your Own did:web


mhrsntrk / July 27, 2022

If you are reading this post, I assume you are already heard of Self-Sovereign Identity (SSI) concept and Decentralized Identifier (DID). In this post, I will show you how to create a DID and publish it using one of the most basic DID method available, did:web.

Before diving into technical details. Let's refresh our knowledge about DIDs.

  • DID is a globally unique identifier made up of a string of letters and numbers
  • DID is created and owned by the user
  • DID allows the owner to prove cryptographic control over it
  • DID comes with a private key and a public key that are also made up of a long string of letters and numbers
  • DID enables private and secure connections between two parties and can be verified anywhere at any time

You can watch the video below to have a better understanding of the cryptography making DIDs possible. Public Key Cryptography

Create a DID Document

Before we start, you can take a look at the did:web method standard.

You can create a did:web manually by creating a public-private key pair and creating a JSON-LD file. But, it is good to use a tool for making things easier. For this post, I will use didkit from SpruceID, but there are also lots of other tools available on the market today.

1. Install didkit CLI

  • didkit implemented using Rust, so first we need to install Rust first. You can follow the official instructions to install Rust on your machine.
  • After you successfully install Rust, we can install the didkit-cli using the below command.
cargo install didkit-cli

2. Generate a key pair

  • You can use the command below to generate a fresh pair of Ed25519 key pair and store it locally.
didkit generate-ed25519-key > issuer_key.jwk

In later steps we will link the public key to our DID and it will be used for signing credentials, so keep your keys safe otherwise you cannot issue new credentials.

3. Generate a did:key document using the generated keys

  • You can use the command below to generate a did:key document using previously generated Ed25519 key pair and store it locally.
did=$(didkit key-to-did key -k issuer_key.jwk)
printf 'DID: %s\n\n' "$did"
didkit did-resolve `didkit key-to-did key -k issuer_key.jwk` > issuer_key_did_doc.json
  • The command will print the DID, i.e. did:key:z6MkwJBFYK8vTVGeiMsLzcqbSRXW4aTg4PozGbekWtQNUnnW
  • If you navigate to your home directory and open issuer_key_did_doc.json file, you will some content similar to the below example.
  "@context": "",
  "id": "did:key:z6MkwJBFYK8vTVGeiMsLzcqbSRXW4aTg4PozGbekWtQNUnnW",
  "verificationMethod": [
      "id": "did:key:z6MkwJBFYK8vTVGeiMsLzcqbSRXW4aTg4PozGbekWtQNUnnW#z6MkwJBFYK8vTVGeiMsLzcqbSRXW4aTg4PozGbekWtQNUnnW", 
      "type": "Ed25519VerificationKey2018",
      "controller": "did:key:z6MkwJBFYK8vTVGeiMsLzcqbSRXW4aTg4PozGbekWtQNUnnW",
      "publicKeyJwk": {
        "kty": "OKP",
        "crv": "Ed25519",
        "x": "-kMHp5nohaFOK5E9Jch4ErdgwMFYFUc4Lt_wYlAGy8s"
  "authentication": [
  "assertionMethod": [

4. Change the document from did:key to did:web

  • You need to open the file using a text editor.
  • Change every instance of did:key:z6MkwJBFYK8vT... to did:web:<>, without the https:// prefix.
  • Change the key names from #z6MkwJBFYK8vT... to #owner.
  • Save the file.

Publish the DID Document

Publishing the DID document mostly depends on your platform, but basically you have to store the file under https://<>/.well-known/did.json path. For the websites build with React, you only need to place the DID document under Public > .well-known > did.json.


1. Test using didkit

  • You can resolve a DID document using the below command.
didkit did-resolve did:web:<>

2. Test using web browser

  • You can navigate to https://<>/.well-known/did.json to view your DID document.

3. Test using my DID resolver tool

  • You can use my tool to resolve your DID document. You can access the tool using this link.