baseid-didcomm

DIDComm v2 messaging library with support for plaintext and signed messages, Aries-compatible protocols (trust-ping 2.0, issue-credential 3.0, present-proof 3.0), and attachment handling. Enables interoperability with the Canadian Aries ecosystem (BC Wallet, ACA-Py).

Key Features

DIDComm v2 Messages — Full spec-compliant message structure with id, type, from, to, body, threading, and timestamps
Builder Pattern — Ergonomic MessageBuilder for constructing messages with method chaining
Signed Messages — Pack and verify signed JWS envelopes using Ed25519 or P-256 keys
Three Aries Protocols — Trust Ping 2.0, Issue Credential 3.0, Present Proof 3.0
Attachments — Base64, inline JSON, and external link attachment formats
Problem Reports — Standardized error reporting across protocols

Quick Start

use baseid_didcomm::*;
use baseid_didcomm::protocols::trust_ping;

// Build a message using the builder pattern
let msg = Message::build("msg-1", "https://example.org/custom")
    .from("did:key:alice")
    .to("did:key:bob")
    .body(serde_json::json!({"hello": "world"}))
    .thid("thread-1")
    .created_time(1700000000)
    .finalize();

// Trust Ping protocol
let ping = trust_ping::create_ping("did:key:alice", "did:key:bob", true);
let response = trust_ping::handle_ping(&ping, "did:key:bob");
assert!(response.is_some()); // response_requested was true

// Sign and verify messages
let kp = baseid_crypto::KeyPair::generate(baseid_core::types::KeyType::Ed25519)?;
let jws = pack_signed(&ping, &kp, "did:key:alice#key-1")?;
let (recovered, metadata) = verify_signed(&jws, &kp.public)?;
assert_eq!(metadata.signer_kid, "did:key:alice#key-1");

Protocols

Trust Ping 2.0

Connection liveness testing between DID agents:

use baseid_didcomm::protocols::trust_ping;

let ping = trust_ping::create_ping("did:key:alice", "did:key:bob", true);
let pong = trust_ping::handle_ping(&ping, "did:key:bob").unwrap();
// pong.thid links back to ping.id

Issue Credential 3.0

Three-step credential issuance flow (offer, request, issue):

use baseid_didcomm::protocols::issue_credential;

let offer = issue_credential::create_offer(
    "did:key:issuer", "did:key:holder",
    serde_json::json!({"name": "Alice", "degree": "BSc"}),
    attachment,
);
let request = issue_credential::create_request(
    "did:key:holder", "did:key:issuer", &offer.id, attachment,
);
let issue = issue_credential::create_issue(
    "did:key:issuer", "did:key:holder", &offer.id, credential_attachment,
);
// All three messages share the same thread ID (offer.id)

Present Proof 3.0

Credential presentation flow between holder and verifier.

Attachment Types

Variant	Format	Use Case
`AttachmentData::Base64`	Base64-encoded bytes	Binary credentials, images
`AttachmentData::Json`	Inline JSON value	Credential offers, proofs
`AttachmentData::Links`	URL list + optional hash	Large files, external storage

Signed Message Operations

Function	Description
`pack_signed(msg, signer, kid)`	Serialize and sign a message as JWS
`unpack_signed(jws)`	Decode a JWS without verifying (inspect before selecting key)
`verify_signed(jws, verifier)`	Verify signature and return message + `SignedMetadata`

Key Types

Type	Description
`Message`	DIDComm v2 plaintext message with all optional fields
`MessageBuilder`	Fluent builder for constructing messages
`Attachment`	Message attachment with id, media type, and data
`AttachmentData`	Base64, JSON, or Links attachment payload
`SignedMetadata`	Signer key ID and algorithm from a verified JWS

baseid-crypto — Key pairs and JWT signing used by pack/verify
baseid-transport — DIDComm message delivery over HTTP/WebSocket
baseid-issuer-core — Credential issuance (issues credentials sent via DIDComm)
baseid-did — DID resolution for service endpoint discovery