Crate sd_jwt

Crate sd_jwt 

Source
Expand description

§sd_jwt

sd_jwt is a Rust implementation of RFC 9901 - Selective Disclosure for JSON Web Tokens (SD-JWT).

§Overview

SD-JWT allows an issuer to create a JWT where some claims can be selectively disclosed by the holder. This enables privacy-preserving use cases where only necessary information is revealed to verifiers.

§Example

use sd_jwt::{issuer::issue_sd_jwt, holder::HolderSdJwt, verifier::verify_sd_jwt};
use sd_jwt::types::SdJwtConfig;
use serde_json::json;

// Issuer creates an SD-JWT
let claims = json!({
    "sub": "user123",
    "given_name": "John",
    "family_name": "Doe"
});

let issued = issue_sd_jwt(
    &issuer_key,
    "https://issuer.example.com",
    claims,
    &["given_name", "family_name"],  // Selectively disclosable claims
    &SdJwtConfig::default(),
    None,
    None,
).unwrap();

// Holder creates a presentation
let holder_jwt = HolderSdJwt::parse(&issued.serialized).unwrap();
let presentation = holder_jwt.create_presentation(&["given_name"]).unwrap();

// Verifier verifies the presentation
let verified = verify_sd_jwt(
    &presentation.serialize(),
    &issuer_public_key,
    "https://issuer.example.com",
).unwrap();

Re-exports§

pub use disclosure::Disclosure;
pub use holder::HolderSdJwt;
pub use issuer::issue_sd_jwt;
pub use issuer::IssuedSdJwt;
pub use types::SdJwt;
pub use types::SdJwtConfig;
pub use types::SdJwtKb;
pub use verifier::verify_presentation;
pub use verifier::verify_sd_jwt;

Modules§

disclosure
Disclosure handling for SD-JWT RFC 9901
holder
Holder functionality for SD-JWT RFC 9901
issuer
Issuer functionality for SD-JWT RFC 9901
types
Core types and structures for SD-JWT RFC 9901
verifier
Verifier functionality for SD-JWT RFC 9901

Enums§

SDError
Errors that can occur during SD-JWT operations

Functions§

create_sd_jwt
Returns a Value, sd-jwt as serialized string, SVC value, and svc as serialized string.
create_sd_jwt_release
Returns the sd-jwt-release value and serialized string.
generate_salt
Returns a random base64 encoded String which can be used as salt.
get_public_key
Returns a JWK object from a PEM file content.
verify
Verifies the given sd-jwt-release and returns the verified claims as serde_json::Value.