Merge pull request #39 from rubixchain/gklps/did

gklps · web-flow · commit fb28b070e96f · 2025-07-06T13:25:02.000+05:30
Add Developer Documentation for BIP39-Based DID in Rubix Network
diff --git a/content/did.md b/content/did.md
@@ -4,95 +4,153 @@ geekdocBreadcrumb: false
 aliases: ["/data", "/about/data", "/contributing/data"]
 ---
 
-### DID & its significance
+## Overview
 
- DID (Decentralized identity) is a trust framework in which identifiers such as usernames can be replaced with IDs that are self-owned, independent, and enable data exchange using blockchain technology, providing privacy and secure transactions. Our lives are increasingly linked to apps, devices and services, and we’re often subject to data breaches and privacy loss. Hence, a standards-based decentralized identity system can provide greater privacy and control over your data.  
+Rubix Network supports a lightweight and secure Decentralized Identity (DID) mechanism built using the **BIP39 standard**. This implementation allows users and systems to generate cryptographic identities that are:
 
-Rubix Decentralized Identity (DID) project is an open standard enabling users to create self-owned identities, and use blockchain networks for getting decentralized tamper proof verifiable claims. The claims are 100% on-chain and publicly verifiable.
+- **Self-owned** and **recoverable**
+- **Verifiable** through cryptographic proofs
+- **Tamper-proof** with on-chain claim registration
+- **Privacy-preserving**, with optional selective disclosure
 
-### Key features of Rubix DID
+This guide covers the concepts behind DID, its significance, and how to create, register, and recover a BIP39-based DID on the Rubix Network.
 
-1. Identities are self-created and self-owned allowing more control for user over his data i.e., no Certificate   Authority (CA) is required for generating identity key pairs.
-2. Information is immutable, once it is issued by using cryptographic proofs and object-oriented Distributed File System (DFS).
-3. Real world DFS based on content-based addressing, preserves complete integrity over signed data.
-4. Parallel scalable ledger allows asynchronous claims and verification.
-5. Instant confirmation and finality.
-6. Data confidentiality is preserved by encrypting the signed certificate using patented Non-Linear Secret Sharing (NLSS) method.
-7. Selective disclosure property helps user to choose partial revealing of data for verification.
-8. The information cannot be decrypted without the consent of the issuer and/or the certificate holder.
-9. In Compliance with globally accepted standards like : <br>
-        a. IMS Open Badges<br>
-        b.W3C Verifiable Claims<br>
-        c.W3C Linked Data Signatures<br>
+---
+
+## What is a DID?
+
+A **Decentralized Identifier (DID)** is a cryptographic, globally unique identifier that enables the creation of **self-sovereign identities**. Unlike centralized identities tied to usernames or email addresses, a DID:
+
+- Is **generated by the user** (not issued)
+- **Eliminates third-party trust dependencies**
+- Enables **verifiable claims** without disclosing sensitive data
+
+---
+
+## Why BIP39-Based DID?
+
+Rubix supports multiple DID types, but the recommended and default approach is **BIP39-based DID (Type 4)**. It offers:
+
+- 24-word **mnemonic-based** identity recovery
+- Secure **key pair generation** using `secp256k1` elliptic curve
+- Compatibility with **Hierarchical Deterministic Wallet (HD Wallet)** specs
+- No external Certificate Authorities (CA) required
+
+---
+
+## Verifiable Claims in Rubix
 
-10. Follows digital preservation rules like GDPR, CCPA.
-11. All transactions are on-chain, while also being cost effective.
-12. Light weight infrastructure with support for multi architectural designs.
+Verifiable claims allow identity holders to present cryptographically signed statements (e.g., “User1 graduated from XYZ University”) without relying on centralized servers.
 
-<br>
+- Claims are **100% on-chain**
+- Can be selectively disclosed and verified
+- Tamper-proof and immutable
+- Aligned with **W3C Verifiable Credentials** and **Linked Data Signatures**
 
-## DID creation
+---
 
-There are two common ways of DID creation in Rubix. The standard way is to generate a BIP39 standard HD master key and one child key (path zero) on curve secp256k1. This is faster , lighter and provides account recovery using mnemonics. The second day provides double layer security with addition of an MPC Non Linear Secret Sharing scheme on top of traditional pki system. This type is recommeneded for systems that require addtional security.
+## DID Creation & Registration Workflow
 
-### Type 4 : BIP39 DID generation and recovery
+### 1. Start Rubix Node
 
-To create a BIP based DID in rubix , use flag -didType 4 in createdid command. A random 24 word mnemonic will be created and used as seed to create BIP master key and child key at path zero. The mnemonic file will be stored in mnemonic.txt inside the DID folder. Please do not share the mnemonics and store them in safe place for recovery. The following command create BIP 39 keypair
+Ensure your Rubix node is up and running on a port (e.g., `20000`):
 
+```bash
+./rubixgoplatform startnode -port <port_number>
 ```
-./rubixgoplatform createdid -didType 4
+
+---
+
+### 2. Create a DID Using BIP39
+
+Open a new terminal tab in the same build directory and run:
+
+```bash
+./rubixgoplatform createdid -didType 4 -port <port_number>
 ```
 
-Inorder to recover DID and key pairs, backup the mnemonickeyfile in a seperate folder and call createdid with -didType 4 -mnemonicKeyFile /pathtomnemonickeyfile. This will create the same master key and key pairs
+**Example:**
 
+```bash
+./rubixgoplatform createdid -didType 4 -port <port_number>
 ```
-./rubixgoplatform createdid -didType 4 -mnemonicKeyFile mnemonic.txt
+
+> This command:
+> - Generates a 24-word mnemonic (`mnemonic.txt`)
+> - Derives a secure key pair
+> - Outputs a unique DID identifier
+
+---
+
+### 3. Backup Mnemonic
+
+After DID creation, navigate to the folder:
+
+```bash
+cd <path_to_node>/Rubix/TestNetDID/<did_generated>
 ```
 
-<!-- {{< expand "Download SDK for Rust" >}}
+Copy and store the `mnemonic.txt` file in a secure offline location.  
+This file is essential for identity recovery.
 
-**Oracle:**
+---
 
-- Network is currently mining in `level 4` - reached on `5 th march 2022`
+### 4. Register the DID
 
-{{< / expand >}} -->
+Once the DID is created, register it on the Rubix network:
 
-### Type 0 : PKI + NLSS DID generation and recovery
+```bash
+./rubixgoplatform registerdid -did <your_did> -port <port_number>
+```
 
-Every node joining the Rubix network must create a DID. There is an option for creation of DID after node setup. A CURL request is called when the user selects this option.
+**Example:**
 
-The creation process is a logic that combines a 256x256 image and a system generated hash value. The image chosen here is a standard image used for all DID creations across the network. The hash value on the other hand, is the hashed value of the peerID of the node, which is in turn generated during node setup by IPFS protocol. The combination of both is a hash value which is then used as a DID for the node.
+```bash
+./rubixgoplatform registerdid -did bafybmicfvpln2j5yfjeokmafjsefz7ykibvtsg2swxmnr6nhvflj6qvo34 -port <port_number>
+```
 
-The DID is further split into two parts, namely [Public Share](https://learn.rubix.net/public-share/) and [Private Share](https://learn.rubix.net/private-share/). These parts are used during various athentication and data transfer scenarios. More about this can be found on the above links.
+---
 
+### 5. Recover the DID (If Needed)
 
-### Inner working of createDID method
+To recover a lost DID using the mnemonic:
 
-- When the createDID method is called along with the input parameter which is your .png file of 256x256
-- This image is converted into binary.
-- An input parameter String is given which can be any string as the user wishes,
-- it can be any detail provided by the user such as name,address,phone number etc.
-- This input string is hashed, then this hash is again hashed multiple times.
-- This hash is embedded with the image binary.
-- This embedded image file is then split to provide DID.png, PrivateShare.png, PublicShare.png and your corresponding DID, using our patented NLSS algorithm
+```bash
+./rubixgoplatform createdid -didType 4 -mnemonicKeyFile /path/to/mnemonic.txt -port <port_number>
+```
 
-### Use Cases
+This regenerates the same DID and key pair.
 
-A DID-oriented blockchain can be used for applications that are currently running on a centralised authentication mechanism. For example, a traditional food delivery app can be transitioned into a DID-oriented authentication system to provide for more user data privacy and security.
+---
 
-### Additional points to be  noted by the developer
+## Summary of Commands
 
-- developer must look into the basics of ipfs protocol.
-- The ipfs version which we follow is 0.6.0.
-- Going through this doc will give you an idea about the working of the protocol.
-<https://docs.ipfs.io/>
-- You can find more about DID in our White Paper (Page 3)
- <https://github.com/rubixchain/rubixnetwork/blob/master/RubiX_WhitePaper_R1.7.pdf>
+| Task             | Command Example |
+|------------------|------------------|
+| Start Node       | `./rubixgoplatform startnode -port <port>` |
+| Create DID       | `./rubixgoplatform createdid -didType 4 -port <port>` |
+| Register DID     | `./rubixgoplatform registerdid -did <your_did> -port <port>` |
+| Recover DID      | `./rubixgoplatform createdid -didType 4 -mnemonicKeyFile /path/to/mnemonic.txt -port <port>` |
 
-### Other possibilities
 
-The creation logic could be improved or made more effecient and still provide a similar level of functionality.
+---
+
+## Standards Compliance
+
+Rubix DID implementation is aligned with:
 
-<blockquote class="Rubix-tweet"><p lang="en" dir="ltr">Crypto, public chains will transform the access management enormously for the better. In Rubix, every node/user gets #DID automatically assigned,can build verifiable claims around it,build DNS, build alternatives to #SAML & much more</p>&mdash; Rubix (@rubixchain) <a href="https://twitter.com/RubixChain/status/1484763352966447104">January 22, 2022</a></blockquote> <script async src="https://platform.Rubix.com/widgets.js" charset="utf-8"></script>
+- W3C Verifiable Credentials
+- W3C Linked Data Signatures
+- IMS Open Badges
+- GDPR & CCPA regulations
+
+---
 
-If you have questions or feedback, please DM us at [@rubixchain](http://twitter.com/rubixChain).
+## Closing Thoughts
+
+The BIP39-based DID on Rubix is a **privacy-first**, **developer-friendly**, and **production-ready** identity primitive. It aligns with the principles of self-sovereignty, transparency, and decentralization empowering developers to build trust into the very fabric of their applications.
+
+> Ready to integrate decentralized identity into your app?  
+> Start with `./rubixgoplatform createdid -didType 4 -port <port_number>` today.
+
+---
diff --git a/content/did_old.md b/content/did_old.md
@@ -0,0 +1,98 @@
+---
+title: Decentralized IDentity NLSS
+geekdocBreadcrumb: false
+aliases: ["/dataID", "/about/dataID", "/contributing/dataID"]
+---
+
+### DID & its significance
+
+ DID (Decentralized identity) is a trust framework in which identifiers such as usernames can be replaced with IDs that are self-owned, independent, and enable data exchange using blockchain technology, providing privacy and secure transactions. Our lives are increasingly linked to apps, devices and services, and we’re often subject to data breaches and privacy loss. Hence, a standards-based decentralized identity system can provide greater privacy and control over your data.  
+
+Rubix Decentralized Identity (DID) project is an open standard enabling users to create self-owned identities, and use blockchain networks for getting decentralized tamper proof verifiable claims. The claims are 100% on-chain and publicly verifiable.
+
+### Key features of Rubix DID
+
+1. Identities are self-created and self-owned allowing more control for user over his data i.e., no Certificate   Authority (CA) is required for generating identity key pairs.
+2. Information is immutable, once it is issued by using cryptographic proofs and object-oriented Distributed File System (DFS).
+3. Real world DFS based on content-based addressing, preserves complete integrity over signed data.
+4. Parallel scalable ledger allows asynchronous claims and verification.
+5. Instant confirmation and finality.
+6. Data confidentiality is preserved by encrypting the signed certificate using patented Non-Linear Secret Sharing (NLSS) method.
+7. Selective disclosure property helps user to choose partial revealing of data for verification.
+8. The information cannot be decrypted without the consent of the issuer and/or the certificate holder.
+9. In Compliance with globally accepted standards like : <br>
+        a. IMS Open Badges<br>
+        b.W3C Verifiable Claims<br>
+        c.W3C Linked Data Signatures<br>
+
+10. Follows digital preservation rules like GDPR, CCPA.
+11. All transactions are on-chain, while also being cost effective.
+12. Light weight infrastructure with support for multi architectural designs.
+
+<br>
+
+## DID creation
+
+There are two common ways of DID creation in Rubix. The standard way is to generate a BIP39 standard HD master key and one child key (path zero) on curve secp256k1. This is faster , lighter and provides account recovery using mnemonics. The second day provides double layer security with addition of an MPC Non Linear Secret Sharing scheme on top of traditional pki system. This type is recommeneded for systems that require addtional security.
+
+### Type 4 : BIP39 DID generation and recovery
+
+To create a BIP based DID in rubix , use flag -didType 4 in createdid command. A random 24 word mnemonic will be created and used as seed to create BIP master key and child key at path zero. The mnemonic file will be stored in mnemonic.txt inside the DID folder. Please do not share the mnemonics and store them in safe place for recovery. The following command create BIP 39 keypair
+
+```
+./rubixgoplatform createdid -didType 4
+```
+
+Inorder to recover DID and key pairs, backup the mnemonickeyfile in a seperate folder and call createdid with -didType 4 -mnemonicKeyFile /pathtomnemonickeyfile. This will create the same master key and key pairs
+
+```
+./rubixgoplatform createdid -didType 4 -mnemonicKeyFile mnemonic.txt
+```
+
+<!-- {{< expand "Download SDK for Rust" >}}
+
+**Oracle:**
+
+- Network is currently mining in `level 4` - reached on `5 th march 2022`
+
+{{< / expand >}} -->
+
+### Type 0 : PKI + NLSS DID generation and recovery
+
+Every node joining the Rubix network must create a DID. There is an option for creation of DID after node setup. A CURL request is called when the user selects this option.
+
+The creation process is a logic that combines a 256x256 image and a system generated hash value. The image chosen here is a standard image used for all DID creations across the network. The hash value on the other hand, is the hashed value of the peerID of the node, which is in turn generated during node setup by IPFS protocol. The combination of both is a hash value which is then used as a DID for the node.
+
+The DID is further split into two parts, namely [Public Share](https://learn.rubix.net/public-share/) and [Private Share](https://learn.rubix.net/private-share/). These parts are used during various athentication and data transfer scenarios. More about this can be found on the above links.
+
+
+### Inner working of createDID method
+
+- When the createDID method is called along with the input parameter which is your .png file of 256x256
+- This image is converted into binary.
+- An input parameter String is given which can be any string as the user wishes,
+- it can be any detail provided by the user such as name,address,phone number etc.
+- This input string is hashed, then this hash is again hashed multiple times.
+- This hash is embedded with the image binary.
+- This embedded image file is then split to provide DID.png, PrivateShare.png, PublicShare.png and your corresponding DID, using our patented NLSS algorithm
+
+### Use Cases
+
+A DID-oriented blockchain can be used for applications that are currently running on a centralised authentication mechanism. For example, a traditional food delivery app can be transitioned into a DID-oriented authentication system to provide for more user data privacy and security.
+
+### Additional points to be  noted by the developer
+
+- developer must look into the basics of ipfs protocol.
+- The ipfs version which we follow is 0.6.0.
+- Going through this doc will give you an idea about the working of the protocol.
+<https://docs.ipfs.io/>
+- You can find more about DID in our White Paper (Page 3)
+ <https://github.com/rubixchain/rubixnetwork/blob/master/RubiX_WhitePaper_R1.7.pdf>
+
+### Other possibilities
+
+The creation logic could be improved or made more effecient and still provide a similar level of functionality.
+
+<blockquote class="Rubix-tweet"><p lang="en" dir="ltr">Crypto, public chains will transform the access management enormously for the better. In Rubix, every node/user gets #DID automatically assigned,can build verifiable claims around it,build DNS, build alternatives to #SAML & much more</p>&mdash; Rubix (@rubixchain) <a href="https://twitter.com/RubixChain/status/1484763352966447104">January 22, 2022</a></blockquote> <script async src="https://platform.Rubix.com/widgets.js" charset="utf-8"></script>
+
+If you have questions or feedback, please DM us at [@rubixchain](http://twitter.com/rubixChain).
