sd_ hash
Registry Context
`sd_hash` is a required claim in a Key Binding JWT that binds the KB-JWT to the presented SD-JWT, including the selected disclosures.
Technical Summary
Its value is the base64url-encoded digest of the US-ASCII bytes of the encoded SD-JWT: the Issuer-signed JWT followed by `~`, then each selected Disclosure followed by `~`. The disclosure hash algorithm identified by `_sd_alg`, or its defined default, is used.
When Used
In an SD-JWT+KB presentation to bind the holder's Key Binding JWT to the particular SD-JWT and disclosures presented.
Normative Requirements
Key Binding JWT producer
RFC 9901 - Section 4.3.1
Compute `sd_hash` over the US-ASCII bytes of the encoded SD-JWT: the Issuer-signed JWT followed by a tilde and zero or more selected Disclosures, each followed by a tilde..
Condition: When computing `sd_hash`.
The sd_hash value MUST be computed over the US-ASCII bytes of the encoded SD-JWT
RFC 9901 - Section 4.3.1
Base64url-encode the digest bytes to form the `sd_hash` value..
Condition: When computing `sd_hash`.
The bytes of the digest MUST then be base64url encoded.
RFC 9901 - Section 4.3.1
Use the same hash algorithm for `sd_hash` as is used for the Disclosures..
Condition: When computing `sd_hash`.
The same hash algorithm as for the Disclosures MUST be used
RFC 9901 - Section 4.3
Include `sd_hash` in the Key Binding JWT payload as the base64url-encoded hash over the Issuer-signed JWT and selected Disclosures..
Condition: When producing a Key Binding JWT.
sd_hash: REQUIRED. The base64url-encoded hash value over the Issuer-signed JWT and the selected Disclosures
Verifier
RFC 9901 - Section 7.3
Calculate the digest over the Issuer-signed JWT and Disclosures and verify that it matches the Key Binding JWT's `sd_hash` value..
Condition: When Key Binding is required.
Verifiers MUST follow the following steps (or equivalent): ... Calculate the digest ... and verify that it matches the value of the sd_hash claim
RFC 9901 - Section 7.3
Abort processing when verification of `sd_hash` fails..
Condition: When the calculated digest does not match `sd_hash`.
If any step fails, the presentation is not valid and processing MUST be aborted.
Validation Guidance
Verify that the Key Binding JWT payload contains `sd_hash` and that its value is valid base64url-encoded data.
Recompute the digest from the US-ASCII bytes of the encoded SD-JWT, preserving the required tilde delimiters and including exactly the disclosures selected for presentation, then compare it with `sd_hash`.
Confirm that the hash algorithm used for `sd_hash` is the disclosure hash algorithm identified by `_sd_alg`, or its defined default.
Reject the presentation and abort processing if the calculated digest does not match `sd_hash`.
Security Notes
RFC 9901 - Section 9.5
Without required Key Binding, an attacker who obtains an SD-JWT can replay it, and an attacker can attempt to strip the KB-JWT before presentation.
Reference
Details
- Entry Id
sd_hash - Claim Name
sd_hash - Claim Description
Digest of the SD-JWT to which the KB-JWT is tied- Change Controller
IETF- Reference
RFC9901 - Section 4.3