Add command to check validity of a rotation key#47
Merged
johnbillion merged 11 commits intotrunkfrom Jan 20, 2026
Merged
Conversation
Implements issue #41: a new CLI command `fair-tools did rotation-key check` that validates whether a given rotation key is valid for use as a rotation key for a DID. Unlike verification keys (which are checked against the DID document), rotation keys are validated against the latest operation in the DID log. Changes: - Add `checkRotationKey()` function in verify.ts that fetches the DID log and checks if the key is present in the latest operation's rotationKeys - Add `getRotationPublicKeyMultibase()` and `parseRotationPublicKeyOnly()` in keys.ts for parsing rotation key inputs (did:key, multibase, PEM, hex) - Export `parseAsRotationKey()` from signing.ts for key parsing - Create `did-rotation-key-check.ts` CLI command with --did, --key, and --key-file options, mirroring the verification-key check command - Register the command in fair-tools.ts under did rotation-key check - Add comprehensive tests for all new functions Supported key formats (same as issue #42): - did:key format (did:key:zQ3sh...) - Multibase format (zQ3sh...) - Private key from file (PEM, multibase, or hex - derives public key) Exit codes: - 0: Key is valid (present in latest DID log operation) - 1: Key is not valid (not found or DID has no rotation keys) - 2: Error occurred (invalid input, network error, etc.) Closes #41
Contributor
There was a problem hiding this comment.
Pull request overview
This PR implements a new CLI command fair-tools did rotation-key check that validates whether a given rotation key is valid for use with a DID. Unlike verification keys (which are checked against the DID document), rotation keys are validated against the latest operation in the DID log, following the PLC (Public Ledger of Credentials) operation model.
Changes:
- Added
checkRotationKey()function to verify rotation keys against DID log operations - Implemented rotation key parsing functions (
getRotationPublicKeyMultibase(),parseRotationPublicKeyOnly()) supporting multiple key formats (did:key, multibase, PEM, hex) - Created new CLI command with comprehensive error handling and exit codes
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/verify.ts | Added checkRotationKey() function and CheckRotationKeyResult interface to validate rotation keys against DID log |
| src/keys.ts | Implemented rotation key parsing functions with validation, mirroring the verification key pattern |
| src/signing.ts | Exported parseAsRotationKey() function for external use in key parsing |
| src/cli/did-rotation-key-check.ts | New CLI command implementing rotation key validation with --did, --key, and --key-file options |
| src/cli/fair-tools.ts | Registered new rotation-key check command in the command tree |
| test/verify.test.ts | Added basic type-checking tests for checkRotationKey() function |
| test/keys.test.ts | Added comprehensive tests for rotation key parsing functions covering various input formats and error cases |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
|
@johnbillion I've opened a new pull request, #49, to work on those changes. Once the pull request is ready, I'll request review from you. |
…tant Co-authored-by: johnbillion <208434+johnbillion@users.noreply.github.com>
Replace hardcoded 'zQ3sh' with SECP256K1_PUBLIC_MULTIBASE_PREFIX constant
…otation key checking.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements issue #41: a new CLI command
fair-tools did rotation-key checkthat validates whether a given rotation key is valid for use as a rotation
key for a DID.
Unlike verification keys (which are checked against the DID document),
rotation keys are validated against the latest operation in the DID log.
Changes:
checkRotationKey()function in verify.ts that fetches the DID logand checks if the key is present in the latest operation's rotationKeys
getRotationPublicKeyMultibase()andparseRotationPublicKeyOnly()in keys.ts for parsing rotation key inputs (did:key, multibase, PEM, hex)
parseAsRotationKey()from signing.ts for key parsingdid-rotation-key-check.tsCLI command with --did, --key, and--key-file options, mirroring the verification-key check command
Supported key formats (same as issue #42):
Exit codes:
Closes #41