Crate ssi_sd_jwt

Crate ssi_sd_jwt 

Source
Expand description

Selective Disclosure for JWTs (SD-JWT).

§Usage

Contrarily to regular JWTs or JWSs that can be verified directly after being decoded, SD-JWTs claims need to be revealed before being validated. The standard path looks like this:

┌───────┐                     ┌──────────────┐                            ┌───────────────┐
│       │                     │              │                            │               │
│ SdJwt │ ─► SdJwt::decode ─► │ DecodedSdJwt │ ─► DecodedSdJwt::reveal ─► │ RevealedSdJwt │
│       │                     │              │                            │               │
└───────┘                     └──────────────┘                            └───────────────┘

The base SD-JWT type is SdJwt (or SdJwtBuf if you want to own the SD-JWT). The SdJwt::decode function decodes the SD-JWT header, payload and disclosures into a DecodedSdJwt. At this point the payload claims are still concealed and cannot be validated. The DecodedSdJwt::reveal function uses the disclosures to reveal the disclosed claims and discard the non-disclosed claims. The result is a RevealedSdJwt containing the revealed JWT, and a set of JSON pointers (JsonPointerBuf) mapping each revealed claim to its disclosure. The RevealedSdJwt::verify function can then be used to verify the JWT as usual.

Alternatively, if you don’t care about the byproducts of decoding and revealing the claims, a SdJwt::decode_reveal_verify function is provided to decode, reveal and verify the claims directly.

Modules§

json_pointer

Macros§

disclosure
Creates a static disclosure.
json_pointer
sd_jwt
Creates a new static SD-JWT reference from a string literal.

Structs§

DecodedDisclosure
Decoded disclosure.
DecodedSdJwt
Decoded SD-JWT.
Disclosure
Encoded disclosure.
DisclosureBuf
Owned disclosure.
Disclosures
Iterator over the disclosures of an SD-JWT.
InvalidDisclosure
Invalid SD-JWT disclosure.
InvalidSdJwt
Invalid SD-JWT error.
JsonPointer
JSON Pointer.
JsonPointerBuf
JSON Pointer buffer.
PartsRef
SD-JWT components to be presented for decoding and validation whether coming from a compact representation, enveloping JWT, etc.
RevealedSdJwt
Revealed SD-JWT.
SdJwt
SD-JWT in compact form.
SdJwtBuf
Owned SD-JWT.
SdJwtPayload
Undisclosed SD-JWT payload.

Enums§

ConcealError
Error that can occur during concealing.
DecodeError
Errors in the decode pathway
DisclosureDescription
Disclosure description.
RevealError
Reveal error.
SdAlg
Elements of the _sd_alg claim

Traits§

ConcealJwtClaims
JWT claims concealing methods.