This app was created by Animo Solutions in the context of the SPRIN-D Funke ‘EUDI Wallet Prototypes’. It serves as a prototype for future wallet providers and can be tested/used with our playground environment. For more information on the project reach out to [email protected].
During the project an identity wallet and a test relying party was delivered.
The identity wallet contains the following features, you can see the full flow without running the app in the Figma design:
General App
- 🟢 Onboard user
- 🟢 Set up PIN
- 🟢 Set up biometrics
- 🟢 History
- 🟠 About the app
- 🟢 Authentication using biometrics or PIN
Credential Management
- 🟢 Credential detail
- 🟢 Delete QEAA
- 🟢 Transaction history
- 🔴 SD-JWT VC Type Metadata
- 🟠 Revocation SD-JWT VC
- 🔴 Revocation Mdoc
Obtain PID from PID provider
- 🟢 SD JWT VC using OpenID4VCI
- 🟢 Mdoc using OpenID4VCI
- 🟢 C option
- 🔴 C' option
- 🟢 B' option temporarily disabled
Obtain (Q)EAAs from issuer
- 🟢 SD-JWT VC using OpenID4VCI
- 🟢 mDOC using OpenID4VCI
- 🔴 PID presentation during (Q)EAA issuance
- 🔴 Batch issuance and single use credentials
- 🔴 Authorization code flow
- 🔴 Client attestations
Present attestations remotely
- 🟢 PID SD-JWT VC using OpenID4VP
- 🟢 PID mDOC using OpenID4VP
- 🟢 QEAA SD JWT VC using OpenID4VP
- 🔴 QEAA Mdoc using OpenID4VP
- 🟠 Combined presentations
- 🟢 Cross-device QR flow
- 🟢 Same-device flow
- 🔴 New VP query language
Present attestations in-person
- Android
- 🟢 Android-Android over NFC for device engagement
- 🔴 SD-JWT VC using OpenID4VP over BLE
- 🔴 mDOC over BLE
- iOS
- 🔴 SD-JWT VC using OpenID4VP over BLE
- 🔴 mDOC over BLE
HSM
- 🟢 On device HSM
- 🔴 Cloud-backed HSM
Other
- 🔴 Trust establishment using OpenID Federation Draft 34
- 🔴 HAIP compliance
- 🔴 WCAG 2.1 compliance
- 🔴 AI-based oversharing detection
- 🟢 Issue QEAAs
- 🟢 Verify PID
- 🔴 Verify mixed PID-QEAA requests
The identity wallet contains the following temporary features for development and testing:
- Switch between C and B' PID flow
- Using a simulated eID test card
- Reset wallet
Impression of the EasyPID Wallet
The prototype app is currently pusblished privately to select parties. If you're a tester for the SPRIN-D Funke project, you should have received the details on installing the app (either directly or via the guidebook). If not, please reach out to us at [email protected].
Here's some resources and tips that might be helpful while testing the app.
- Make sure you are have access to the BDR PID issuer which is behind a firewall
- Have an eID card ready
- Have the test relying party ready
- The test relying party enables you to select a credential type and request type to verify the PID credential.
- It will display a QR code as well as relevant information,
This app requires devices with:
- Android 8+
- Hardware Security Module (HSM)
- Biometric support (e.g., fingerprint sensor, face recognition)
Android devices without these features will not be able to run the app.
Compatible with iPhone 5s and later models. This app requires devices with:
- iOS 14+
- The very first screen has an option to switch between the C and B' flow for testing purposes. It is located on the left side besides the continue button.
- There is an option to reset the wallet during testing. It is located in the menu, which you can find on the home page.
The EasyPID wallet is part of a larger monorepo. The EasyPID app is located in the apps/easypid directory.
This is the actual EasyPID application. It is built using Expo and React Native.
The app uses file-based routing starting in the src/app directory. Each file in this directory is a route within the app.
E.g. 'src/app/authenticate.tsx' is the entry point for the authentication screen.
Initially when the app is opened, the src/app/(app)/_layout.tsx is rendered. This is the main layout for the app. If the wallet is not unlocked, the user is redirected to the onboarding (on first launch) or authentication screen (on return).
The agent contains the digital identity related wallet functionality. It uses an Credo agent instance to manage the wallet.
Aries Askar is used for cryptographic operations and encrypted storage of the wallet data.
Expo Secure Environment is used to provide support for cryptographic operations using the device's secure environment (HSM, SE, etc.) hidden behind biometric authentication.
Some relevant links:
- Handling invitations - this is the entry point for most interactions in the app that need to use the agent. E.g receiving and sharing credentials
The secure store package located in packages/secure-store contains logic for secure unlocking and initializing of the wallet. It uses React Native Keychain under the hood, which integrates with the device's secure APIs for storing sensitive data.
It also contains the logic for deriving the wallet's master key from the user PIN (using KDF). Whenver the wallet is opened, the PIN is required to unlock the wallet.
Alternatively, the derive PIN can be stored in the device's keychcain, allowing the user to retrieve the master key from the keychain and unlock the wallet directly.
Relevant links:
- Secure Unlock Provider - the main entry point for secure unlocking and initialization of the wallet
The app pacakge and ui pacakge contain the underlying app UI and screens logic. This code is shared between our existing Paradym Wallet also located in this repository. This allows us to reuse base elements, while still providing custom screens and UI elements in each of the applications.
The C flow supported in the Pardaym Wallet is mostly implemetned in Credo, the underlying identity framework we use.
For the B' flow, more custom work was needed and this is implemented in the following files:
The crypto for the B' flow is implemented using Aries Askar.
The following section lists the software components used to create the EasyPID wallet. The heavy lifting is done by Credo. The most notable dependencies consumed by Credo are the OpenId4Vc Mdoc and SdJwt libraries. Other notable dependencies include the Animo Expo Secure Environment, which provides support for cryptographic operations using the device's secure environment (HSM, SE, etc.) hidden behind biometric authentication, and Animo Ausweis Sdk for automatic setup and configuration of the Ausweis SDK for iOS and Android in Expo apps.
The following standards and specifications were implemented.
- 🟢 OpenID for Verifiable Credential Issuance - ID 1 / Draft 13
- 🟢OpenID for Verifiable Presentations - Draft 20
- 🟢 SD-JWT VC - Draft 3
- 🟢 Self-Issued OpenID Provider V2 - Draft 13
- 🟢 ISO 18013-5
- 🟡 ISO/IEC TS 18013-7 DTS Ballot Text
- Missing JWT Secured Authorization Response Mode
- 🟡 High Assurance Interop Profile - Draft 0
- Missing verifier_attestation,
haip://scheme and wallet attestation
- Missing verifier_attestation,
- 🟠 OpenID Federation - Draft 34
- Redeployed test relying party to add a "Open in Wallet" button for same device flow (commit)