Skip to main content
Playground

Batch and multi-key proof of possession

How OpenID4VCI v1.0 and TS3 v1.5 differ when one Key Attestation attests many keys. Drag the sliders, and click any KA, proof, credential or Credential Request to view its JSON. The tokens are really signed, so they decode and verify.

The Wallet Unit Attestation (WUA)

The WIA attests this wallet instance; the KA attests 5 keys in the WSCD and is carried inside the proof(s) below (the proof's key_attestation header). batch_size = 5, so up to 5 credentials; 0 keys unused (wasted, the KA is single-use).

k0k1k2k3k4

Each proof below is the Wallet Unit's PoP (its signature with the attested private key), and it carries the KA inside (the key_attestation header), shown as the green KA tag nested in the proof.

OpenID4VCI v1.0

Single JWT proof carrying the KA, signed by one of the attested keys (kid present). The Issuer issues one credential per key in attested_keys.

Wallet UnitIssuer
1. Credential Request → proof (PoP, KA inside)
JWT proof (PoP k0)KA
2. Issuer verifies the KA (signature, x5c → Trusted List) and the single PoP under the attested key show steps
← 3. Credential Response
PID 1PID 2PID 3PID 4PID 5

KA attests k1 … k4: 4 keys bound without per-key PoP.

5
Credentials
1
WSCD signatures
1
Keys with PoP

TS3 v1.5

Single JWT proof carrying the KA, signed by attested_keys[0] (no kid). The Issuer issues one credential per key in attested_keys.

Wallet UnitIssuer
1. Credential Request → proof (PoP, KA inside)
JWT proof (PoP k0)KA
2. Issuer verifies the KA (signature, x5c → Trusted List) and the single PoP under attested_keys[0] show steps
← 3. Credential Response
PID 1PID 2PID 3PID 4PID 5

KA attests k1 … k4: 4 keys bound without per-key PoP.

5
Credentials
1
WSCD signatures
1
Keys with PoP

With a Key Attestation both profiles send a single proof and produce the batch from attested_keys; they differ only in which key signs it and the kid.