This project is an mdoc/mDL (mobile driving license) verification compliant with ISO/IEC 18013-5:2021.
mdoc
: Provides mdoc data model and verification functionalityapple_hpke
,preview_hpke
,openid4vp
: Offer session encryption capabilities for each protocoldocument
: Define the element identifiers for each doctype and namespace.server
: Example server demonstrating how to use the verifier
- See cmd/script/main.go
- The apple's sample data can be downlowed from https://developer.apple.com/wallet/get-started-with-verify-with-wallet/
owf wallet (prevew) |
owf wallet (oid4vp) |
Apple wallet (sample data) |
Apple wallet (iOS simulator) |
EUDI wallet | |
---|---|---|---|---|---|
Interface for communicating with wallets | Identity Credential API | Identity Credential API | Verify with Wallet API | Verify with Wallet API | OID4VP |
Encryption | HPKE | No encryption | HPKE | HPKE | JOSE |
Reader authenticator | - | - | Verify with the Marchant Key is managed by developer center. (The sample data is fixed) |
Verify with the Marchant Key is managed by developer center. (iOS simulator returns mock data) |
client_id_schema = x509_san_dns (Create root certification and embeded in the wallet) |
Verification of issuer certification | Unknown where issuer's certificate or root certificate is located. | Unknown where issuer's certificate or root certificate is located. | Can be verified by trusting the certificate of the issuer attached to the sample. | The mock data was broken. | Unknown where issuer's certificate or root certificate is located. Also, the certificate has expired. |
Verification of mso | ok | ok | ok | ok | ok |
Verification of device signature | ok | ok | ok | The mock data was broken. | ok |
Check digest | ok | ok | ok | ok | ok |
- This sample server expects an environment capable of using the Identity Credentials API.
- The way of the preparation is described in HOWTO: Try the Prototype API in Chrome Android
- Clone, build and install the
appholder
from openwallet-foundation-labs/identity-credential
- Run the app on the iOS simulator kokukuma/TestWalletAPI
- Clone this repository; eu-digital-identity-wallet/eudi-app-android-wallet-ui
- copy root certificate to the wallet
cp ${this repository}/internal/cryptoroot/pem/rootCert.pem ${eudi-app-android-wallet-ui}/resporesources-logic/src/main/res/raw/eudi_pid_issuer_ut.pem
- Build and install the app.
- Install ngrok and set up the authentication token:
$ ngrok config add-authtoken (token)
$ ngrok config edit
version: "2"
authtoken: (token)
tunnels:
fido-server:
addr: 8080
proto: http
subdomain: (server-sub-domain)
web-client:
addr: 8081
proto: http
subdomain: (client-sub-domain)
- Environment
export SERVER_DOMAIN="(server-sub-domain) "
- Launch ngrok on your laptop
make ngrok
- Start the server
make run
- access to the (client-sub-domain)