Skip to content

Defined APV values for ECDH-ES #628

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
GarethCOliver wants to merge 3 commits into from
Closed

Defined APV values for ECDH-ES #628

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a0e77e4
Defined APV values for ECDH-ES
GarethCOliver Jun 4, 2025
279e864
Update openid-4-verifiable-presentations-1_0.md
GarethCOliver Jun 5, 2025
b8151c5
Update openid-4-verifiable-presentations-1_0.md
GarethCOliver Jun 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions openid-4-verifiable-presentations-1_0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1410,6 +1410,30 @@ into the key derivation process that is used to derive the content encryption ke

Note: For encryption, implementers have a variety of options available through JOSE, including the use of Hybrid Public Key Encryption (HPKE) as detailed in [@I-D.ietf-jose-hpke-encrypt].

### ECDH-ES APU/APV Values
When performing Reponse Encryption where the `alg` is ECDH-ES the `apv` MUST be set by the Wallet and validated by the Verifier. The value to set is is the base64url encodig of the sha-256 hash of the bytes of several fields concatanated. The fields to be concatanated is based on the response mode:

- When response mode is `direct_post.jwt` the `client_id`, `nonce`, `jwkThumbprint` and `responseUri`
- When response mode is `dc_api.jwt` the `origin`, `nonce` and `jwkThumbprint`

where

- `client_id` is the `client_id` request parameter
- `nonce` is the `nonce` request parameter
- `jwkThumbprint` is the base64url encoded JWK SHA-256 Thumbprint (as defined in [@!RFC7638]) of the Verifier's public key used to encrypt the response
- `responseUri` is either the `redirect_uri` or the `response_uri` request parameter,
- `origin` is the string representing the Origin of the request as described in (#dc_api). MUST NOT be prefixed with `origin:`

(TODO: Add two examples of the apv values, one for `direct_post.jwt` and another for `dc_api.jwt`).

The fields MUST be concatenated in the order specified here before being hashed, and base64url encoded. To validate the `apv` the Verifier MUST construct the same value and compare it to the `apv` included in the protected header. If the `apv` value fails validation the Verifier MUST stop processing and discard the response.

These values are the same as those required to perform verification of the credential presentations. This binds the encryption to the presentation and allows the verifier to terminate processing early when the presentation is not meant for them.

Note that because the `apv` is attached, this does not allow the encryption to fail closed (i.e. be unable to decrypt when the presentation is not meant for them), but the same approach could be taken when such an algorithm is supported.

There are no requirements on the `apu` value so the Wallet may use any value (including leaving it empty).

### Response Mode "direct_post.jwt" {#direct_post_jwt}

This specification also defines a new Response Mode `direct_post.jwt`, which allows for encryption to be used on top of the Response Mode `direct_post` defined in (#response_mode_post). The mechanisms described in (#response_mode_post) apply unless specified otherwise in this section.
Expand Down