What is a Wallet Unit Attestation?
A Wallet Unit Attestation (WUA) is how a Wallet Provider vouches, to an Issuer or a Verifier, for two things about a user's wallet:
- that the wallet instance is genuine and in good standing, and
- that the keys it will bind a credential to are held in secure hardware (a WSCD, Wallet Secure Cryptographic Device).
Following EU ARF 2.9.0 and its Topic C discussion, the WUA is made of two parts:
| Part | What it attests | Media type |
|---|---|---|
| WIA (Wallet Instance Attestation) | The wallet instance itself | oauth-client-attestation+jwt |
| KA (Key Attestation) | The public keys held in the WSCD | key-attestation+jwt |
WUA = WIA ( the wallet instance ) + KA ( the keys in the WSCD )
During issuance, the Wallet Unit sends a key proof of possession (openid4vci-proof+jwt) that signs with an attested private key and carries the KA inside its header, so proof of possession and key attestation travel together. The Issuer verifies both, then binds the credential to that key.
This playground lets you build and decode each of these, and see precisely where OpenID4VCI v1.0 and TS3 v1.5 (the EUDI profile) diverge.
Everything here is generated in your browser for teaching. The sample certificates are self-signed (subject O=iGrant.io), not trust anchors, and the keys are freshly generated each visit. The tokens are really signed with ES256 so they decode and verify against the embedded keys, but nothing here is normative.
Where to go next
- Why a WUA?: the problem it solves, and the attacks it defeats.
- Wallet Instance Attestation: the WIA, decoded.
- Key Attestation: drag the number of attested keys, flip the profile.
- Proof of possession: the proof JWT that PoPs a key.
- Batch issuance: one KA, many keys, with live counters.
- OpenID4VCI vs TS3: the differences that matter.
- How the Issuer verifies: the checks, step by step.