DiME 1.2.5

dotnet add package DiME --version 1.2.5
NuGet\Install-Package DiME -Version 1.2.5
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="DiME" Version="1.2.5" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add DiME --version 1.2.5
#r "nuget: DiME, 1.2.5"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install DiME as a Cake Addin
#addin nuget:?package=DiME&version=1.2.5

// Install DiME as a Cake Tool
#tool nuget:?package=DiME&version=1.2.5

DiME C#/.NET reference implementation

DiME (Data Integrity Message Envelope) is a powerful universal data format built for secure and integrity-protected communication between entities in a trusted network. It is built with modern thinking and ease of use throughout. Although it can be used with X.509 certificates, it has built-in public key-based entity identification through a trusted chain. This makes it equally suitable as an alternative to certificate-based PKIs.

Potential use cases for DiME include:

  • IoT networks for distributing sensitive data, including collected sensor data, operation instructions, patches, and firmware updates
  • Automatic processing where audit trails and results logging are crucial
  • Peer-to-peer messaging where each response gets linked using secure cryptographic bonds
  • Distribution of sensitive information and records within large networks
  • Establishing application-based networks with trusted entities

The strength of DiME is its modular format, where applications and networks can pick and mix to suit their specific needs. At the same time, it removes the need to build complicated mechanisms for authenticating senders and validating data payloads.

More information can be found on the official documentation page: docs

Code examples

Here are a few simple examples of how to use DiME. Note that there are many more features available. Refer to the official documentation for further details.

Key generation example

Creating a public-key pair to use for creating Identity Issuing Requests (IIRs), signing messages, or issuing other identities:

var key = Key.Generate(KeyCapability.Sign);

Self-issuing example

Create a self-issued, or root, identity with the capability to issue other identities:

var subjectId = Guid.NewGuid();
var key = Key.Generate(KeyCapability.Sign);            
var caps = new List<IdentityCapability> { IdentityCapability.Generic, IdentityCapability.Issue };
var iir = IdentityIssuingRequest.Generate(key, caps);
var root = iir.SelfIssue(subjectId, Dime.ValidFor1Year * 10, key, "example-system");

Issue an identity from the root Identity

Issue a new identity from a root identity (the one created above):

var subjectId = Guid.NewGuid();
var key = Key.Generate(KeyCapability.Sign);
var caps = new List<IdentityCapability> { IdentityCapability.Generic, IdentityCapability.Identify };
var iir = IdentityIssuingRequest.Generate(key, caps);
var client = iir.Issue(subjectId, Dime.ValidFor1Year, key, root, true, caps);

This will create a trust chain. Typically, the IIR is generated on the client side and sent to the server to request a new identity. The generated key should be kept on the client side and stored securely. The key is needed when generating and verifying messages.

In the above example, the client would ask for an identity with Generic and Identify capabilities. Generally, Identify should be given when the client has been authenticated, and only Generic would be used when authentication is not done. This is system and application-specific.

Verify the trust of an identity

Verify the trust of a client's identity using a local key ring:

Dime.KeyRing.Put(root);
client.Verify();

Verify the trust of a client's identity from a specified identity:

client.Verify(root);

Note that the above example has the same effect as the previous example. However, specifying which identity to verify may be helpful in more complex trust structures.

Claims

DiME uses the notion of claims. A claim is a fact or piece of information about the item or the owner of the item. The Item class has methods that allow accessing and setting claims. These include GetClaim, PutClaim, and RemoveClaim.

To get a claim:

client.GetClaim<Guid>(Claim.Sub); // Will return the subject id of the client item

To set a claim:

client.PutClaim<Guid>(Claim.Sub, "5e52c1e0-a185-4422-a4fa-4f1870a15464"); // Will set the subject id of the client item

Message Example

Creating a signed message with a payload:

var payload = Encoding.UTF8.GetBytes("Racecar is racecar backwards.");
var message = new Message(client.GetClaim<Guid>(Claim.Sub), root.GetClaim<Guid>(Claim.Sub), Dime.ValidFor1Minute);
message.SetPayload(payload);
message.Sign(key);
var exported = message.Export();

The message is signed with a previously created key associated with the issuer (sender). Finally, the message is exported to a DiME-encoded string that can be sent to the audience (receiver).

End-to-end encrypted message example

Creating a signed message with an end-to-end encrypted payload:

var localKey = Key.Generate(KeyCapability.Exchange);
var message = new Message(client.GetClaim<Guid>(Claim.Sub), root.GetClaim<Guid>(Claim.Sub), Dime.ValidFor1Minute);
message.SetPayload(Encoding.UTF8.GetBytes("Racecar is racecar backwards."), localKey, remoteKey);
message.Sign(key);
var exported = message.Export();

The remoteKey used in the example has to be distributed earlier. Notice that localKey is generated with the key type Exchange.

Linking a received message to a response message

Linking messages together so that it is possible to verify that a response is actually for a particular message received earlier:

var receivedMessage = Item.Import<Message>(exportedMessageReceived);
var responseMessage = new Message(receivedMessage.GetClaim<Guid>(Claim.Iss), client.GetClaim<Guid>(Claim.Sub), Dime.ValidFor1Minute);
responseMessage.SetPayload(Encoding.UTF8.GetBytes("Racecar is racecar backwards."));
responseMessage.AddItemLink(receivedMessage);
responseMessage.Sign(Commons.AudienceKey);
var exportedMessageResponse = responseMessage.Export();

Generating thumbprints

Generating a thumbprint from a DiME identity that has been imported:

var identity = Item.Import<Identity>(exportedIdentity);
var thumbprint = identity.GenerateThumbprint()

Generating a thumbprint from a DiME envelope (exported DiME item):

var thumbprint = Item.Thumbprint(exportedIdentity));

Thumbprints can be used to quickly verify if the DiME item has changed or if it is the item that was expected. A thumbprint is a cryptographic hash of the whole DiME item.

Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Additional computed target framework(s)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.2.5 80 2/7/2024
1.2.4 274 2/3/2023
1.2.3 314 11/13/2022
1.2.2 350 10/25/2022
1.2.1 327 10/24/2022
1.2.0 359 10/21/2022
1.1.0 367 10/17/2022
1.0.5 415 6/11/2022
1.0.4 412 5/4/2022
1.0.3 396 3/29/2022
1.0.2 383 3/11/2022
1.0.1 383 2/24/2022
1.0.0 379 2/19/2022