What is SD JWT?

Concept of SD JWT

In an SD-JWT, claims can be hidden, but cryptographically protected against undetected modification. "Claims" here refers to both object properties (name-value pairs) as well as array elements. When issuing the SD-JWT to the Holder, the Issuer includes the cleartext counterparts of all hidden claims, the so-called Disclosures, outside the signed part of the SD-JWT.

The Holder decides which claims to disclose to a particular Verifier and includes the respective Disclosures in the SD-JWT to that Verifier. The Verifier has to verify that all disclosed claim values were part of the original Issuer-signed JWT. The Verifier will not, however, learn any claim values not disclosed in the Disclosures.

concept

This image is the SD-JWT issuerance and presentation flow.

Structure of SD JWT

The SD-JWT is expressed in Base64url characters. The SD-JWT is combination of "JWT", "Disclosure" and optional "Key Binding JWT". It structured as follows:

<Issuer-signed JWT>~<Disclosure 1>~<Disclosure 2>~...~<Disclosure N>~<optional KB-JWT>

The SD-JWT is a string that consists of the following parts, separated by the tilde character "~":

These are the valid SD-JWT:

An SD-JWT without Disclosures and without a KB-JWT:
<Issuer-signed JWT>~

An SD-JWT without Disclosures and with a KB-JWT:
<Issuer-signed JWT>~<KB-JWT>

An SD-JWT with Disclosures and without a KB-JWT:
<Issuer-signed JWT>~<Disclosure 1>~<Disclosure N>~

An SD-JWT with Disclosures and with a KB-JWT:
<Issuer-signed JWT>~<Disclosure 1>~<Disclosure N>~<KB-JWT>

What is Disclosure?

A combination of a salt, a cleartext claim name (present when the claim is a name-value pair and absent when the claim is an array element), and a cleartext claim value, all of which are used to calculate a digest for the respective claim.

An example of Disclosure:

Structure of Disclosure
[{salt}, {key}, {value}]

["d9f23ndk", "age", 27]

What is Key Binding

Ability of the Holder to prove legitimate possession of an SD-JWT by proving control over the same private key during the issuance and presentation. An SD-JWT with Key Binding contains a public key, or a reference to a public key, that matches to the private key controlled by the Holder.