DiME, the open and trust-based data format building secure Application-based Public-Key Infrastructures (APKIs) in a breeze.

The following official reference implementations are available:

Apart from reference implementation of the DiME data format, there is also an early implementation of a command-line tool to help in generating DiME items. This tool may be used to generate keys and identities for trust trees, or just to assist working with DiME items in general.

Code examples

The following code examples are provided in C#.

Creating an Identity Issuing Request

In order to include an entity in a trust chain, the entity must first create a public-key pair and an Identity Issuing Request (IIR):

var key = Key.Generate(KeyCapability.Sign);
var caps = new List<IdentityCapability> { IdentityCapability.Generic, IdentityCapability.Identify };
var iir = IdentityIssuingRequest.Generate(key, caps);

Here a public-key pair and a list of capabilities to be requested are created. These are then used to create the IIR. The IIR then needs to be sent to the issuing entity for the creation of a new Identity item. Note that the secret (private) key inside key should never leave the entity where it was generated.

Issuing a new Identity item from an IIR

Once an IIR is received from an entity a new Identity item should be generated and issued. This Identity item should be sent back to the requesting entity and later used for authentication purposes, much like a X.509 certificate.

var subjectId = Guid.NewGuid();
var allowedCaps = new List<IdentityCapability> { IdentityCapability.Generic, IdentityCapability.Identify };
var identity = iir.Issue(subjectId, Dime.ValidFor1Year, rootKey, rootIdentity, true, caps);

The iir in the above example would be the Identity Issuing Request received from a requesting entity. The variables rootKey and rootIdentity are the public keypair and Identity item of the issuing entity. The resulting identity contains no sensitive information and may be communicated publicly to be used as part of the authentication of the owning entity.

... more code examples to follow ...

Last updated