I notice that DIDs on ceramic are using PKH methodology.

But when I check VCs issued to my DID on ceramic say from Krebit or GitCoin passport, it’s using DID:KEY method (as classified by W3C).

Can someone explain the difference?

The reason I ask is that I thought these methodologies weren’t compatible.

So Ceramic uses DID:3ID (now PKH) yet credentials issued to my DID are in KEY format, I’m just trying to understand how all of this works as I think I’m a little lost.

ELI5 anyone?

hey OP, welcome to the forum. lemme know if this makes sense:

  • DID:PKH - a DID method generated from and tied to a wallet (public key hash)
  • did-session: a library from Ceramic that allows developers to ask permissions for certain capabilities on an user’s behalf (e.g. read/write access to your Post data model) for a certain timeframe. this creates the familiar experience of authorization + sessions but completely in a decentralized way. the default expiration is one week but they can technically expire indefinitely in the future.
  • DID:KEY - a temporary DID that expires at the end of the session. it’s controlled by the wallet’s DID:PKH. this is why you’re seeing VCs tied to DID:KEY


  • Sign-In With Ethereum (or Solana or any other chain) - a spec that shows a clear, human readable message to the user about what they’re giving permissions for
  • 3ID - a DID method that is more powerful - multiple accounts across chains, key rotation & revocation - but in need of more attention around small security flaws (a malicious browser extension could intercept the seed) and UX like sign-in specs or wallet modals. we are planning revamping it later this year. DID:PKH has broad adoption, so i’d stick with that unless you have an essential multi-account use case that 3ID solves.

btw can you share the doc pages you read that didn’t answer the question? would love to clear that up for future folks