Skip to main content

Key Attestation schema (key-attestation+jwt)

The Key Attestation (KA) is a JWT with media type key-attestation+jwt (registered in OpenID4VCI v1.0 IANA Appendix G.6.2). Its claims are defined in Appendix D, Key Attestations. The KA attests one or more keys held in the same key storage component (the WSCD), so the Issuer can trust the keys a credential will be bound to.

JOSE header

FieldStatusNotes
typREQUIREDMUST be key-attestation+jwt.
algREQUIREDAsymmetric signature algorithm (e.g. ES256).
x5c / kid(one of)Key identification for the attestation issuer (the Wallet Provider).

Payload claims

ClaimStatusMeaning
issOPTIONALIssuer of the Key Attestation, when present.
iatREQUIREDTime the KA was issued.
expOPTIONALExpiry; required when the KA is not bound to a proof's freshness.
attested_keysREQUIREDNon-empty array of attested public keys (JWK, RFC 7517) from the same key storage component.
key_storageOPTIONALArray of strings asserting the attack-potential resistance of the key storage component (values in Appendix D.2).
user_authenticationOPTIONALArray of strings asserting the resistance of the user-authentication methods guarding the keys.
key_storage_statusOPTIONALStatus information (e.g. token status list) for the attested keys.
nonceOPTIONALServer-provided nonce, when the KA is requested fresh.

OpenID4VCI vs TS3

OpenID4VCI v1.0 and the EUDI TS3 v1.5 profile differ in the KA. Switch tabs to compare the decoded token the playground signs for each.

Header (key-attestation+jwt):

{
  "typ": "key-attestation+jwt",
  "alg": "ES256",
  "x5c": ["MIIB4DCC... (Wallet Provider certificate)"]
}

Payload:

{
  "iss": "https://wallet-provider.igrant.io",
  "iat": 1780737559,
  "exp": 1788513559,
  "key_storage": ["iso_18045_moderate"],
  "user_authentication": ["iso_18045_moderate"],
  "attested_keys": [
    {"kid": "k0", "kty": "EC", "crv": "P-256", "x": "...", "y": "..."},
    {"kid": "k1", "kty": "EC", "crv": "P-256", "x": "...", "y": "..."}
  ]
}