Skip to content

Define usage of HPKE and info structure to be used. #703

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
GarethCOliver wants to merge 2 commits into
base: main
Choose a base branch
from
+67 −2
Open

Define usage of HPKE and info structure to be used. #703

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a01f090
Define usage of HPKE and `info` structure to be used.
GarethCOliver Mar 3, 2026
c8362ec
Remove jwk hash from session_info
GarethCOliver Mar 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 67 additions & 2 deletions 1.1/openid-4-verifiable-presentations-1_1.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1419,7 +1419,71 @@ While this shows the payload of the above encrypted Authorization Response examp
Note that for the ECDH JWE algorithms (from Section 4.6 of [@!RFC7518]), the `apu` and `apv` values are inputs
into the key derivation process that is used to derive the content encryption key. Regardless of the algorithm used, the values are always part of the AEAD tag computation so will still be bound to the encrypted response.

Note: For encryption, implementers have a variety of options available through JOSE, including the use of Hybrid Public Key Encryption (HPKE) as detailed in [@I-D.ietf-jose-hpke-encrypt].
### Encryption using HPKE
Hybrid Public Key Encryption MAY be used by specifying the `alg` value according to [@I-D.ietf-jose-hpke-encrypt]. When it is, a `session_info` structure is calculated by the Wallet and the Verifier independently and included as mutually known private information. This is to ensure that encryption fails closed when the session information needed for verification of the credential is invalid.

When the response mode is `direct_post.jwt` the encoding is as follows:

```example
session_info = ASCII("OpenID4VP si") ||
BYTE(255) ||
ASCII(clientId) ||
BYTE(255) ||
ASCII(nonce) ||
BYTE(255) ||
ASCII(responseUri)
```

Where:

- ASCII("OpenID4VP si"): A fixed ASCII string identifying this session_info structure.
- BYTE(255): In each occurence is a separator byte (0xFF) used to delimit fields.
- ASCII(clientId): The `client_id` request parameter. If applicable, this includes the Client Identifier Prefix.
- ASCII(nonce): The `nonce` request parameter.
- ASCII(responseUri): The `redirect_uri` or `response_uri` request parameter, depending on which is present, as determined by the Response Mode.

The following is a non-normative example of the `session_info` structure for `direct_post.jwt` response mode:

```example
"OpenID4VP si\xffx509_san_dns:example.com\xffexc7gBkxjx1rdc9udRrveKvSsJIq80avlXeLHhGwqtA\xffhttps://example.com/response"
```

The corresponding hexadecimal representation is:

```
4f70656e4944345650207369ff783530395f73616e5f646e733a6578616d706c652e636f6dff6578633767426b786a7831726463397564527276654b7653734a4971383061766c58654c48684777717441ff68747470733a2f2f6578616d706c652e636f6d2f726573706f6e7365
```

When the response mode is `dc_api.jwt` the encoding is as follows:

```example
session_info = ASCII("OpenID4VPDCAPI si") ||
BYTE(255) ||
ASCII(origin) ||
BYTE(255) ||
ASCII(nonce) ||
```

Where:

- ASCII("OpenID4VPDCAPI si"): A fixed ASCII string identifying this session_info structure.
- BYTE(255): In each occurence is a separator byte (0xFF) used to delimit fields.
- ASCII(origin): The ASCII string representing the Origin of the request as described in (#dc_api_request). It MUST NOT be prefixed with origin:.
- ASCII(nonce): The `nonce` request parameter.

The following is a non-normative example of the `session_info` structure for `dc_api.jwt` response mode:

```example
"OpenID4VPDCAPI si\xffhttps://example.com\xffexc7gBkxjx1rdc9udRrveKvSsJIq80avlXeLHhGwqtA"
```

The corresponding hexadecimal representation is:

```
4f70656e49443456504443415049207369ff68747470733a2f2f6578616d706c652e636f6dff6578633767426b786a7831726463397564527276654b7653734a4971383061766c58654c48684777717441
```

The `session_info` structure's bytes are used as the value of the `info` parameter when using Integrated Encryption as the Key Management Mode. If the `recipient_structure` is being used then it is used as the value of the `recipient_extra_info` parameter instead.

### Response Mode "direct_post.jwt" {#direct_post_jwt}

Expand Down Expand Up @@ -3562,4 +3626,5 @@ The technology described in this specification was made available from contribut

-01

* Clarify that `encrypted_response_enc_values_supported` applies only if JWE content encryption algorithm is used; e.g., it does not apply to JOSE HPKE
* Add usage of HPKE an specfication for the `info` parameter.
* Clarify that `encrypted_response_enc_values_supported` applies only if JWE content encryption algorithm is used; e.g., it does not apply to JOSE HPKE