Aadhaar SD-JWT Specifications

This page defines the specifications of Aadhaar SD-JWT

1. Introduction

This document defines the Aadhaar Verifiable Credential (VC) format in accordance with the Selective Disclosure JSON Web Token (SD-JWT) standard (RFC 9901). The credential allows Aadhaar Number Holders (ANHs) to present Aadhaar demographic attributes in a privacy-preserving, cryptographically verifiable, and selectively disclosable format.

The specification is aligned with:

IETF SD-JWT (RFC 9901)
W3C Verifiable Credentials (v1)
OpenID4VP for verifiable presentation

This document covers only the SD-JWT credential structure.

2. High-Level Structure

An SD-JWT Credential is delivered as:

<issuer-signed-sd-jwt> ~ <disclosures...>

Where:

The issuer-signed component contains digests of claims.
The disclosures contain claim plaintexts that the holder chooses to reveal.

3. Protected Header Requirements

The SD-JWT protected header contains:

{
  "alg": "ES256",
  "typ": "vc+sd-jwt",
  "kid": "abcd12354"
}

Whereas

alg
- ES256.
typ
- vc+sd-jwt as per SD-JWT standard.
kid
- References the UIDAI issuer signing key stored in the JWKS endpoint.

4. Issuer-Signed Payload (SD-JWT)

The payload includes:

4.1 Mandatory Fields

Field

Type

Description

iss

string

https://uidai.gov.in

id

string

Unique credential identifier (UUID v4)

iat

number

UNIX timestamp of issuance

exp

number

UNIX timestamp of expiry

status

string

URL to status endpoint

_sd_alg

string

SHA-256

_sd

array

Salted claim digests

cnf

object

Holder-binding JWK

4.2 Holder Binding (`cnf.jwk`)

The credential binds to a public key controlled by the holder (aadhaar app).

Supported key types:

EC P-256

"cnf": {
  "jwk": {
    "kty": "EC",
    "crv": "P-256",
    "x": "<base64url>",
    "y": "<base64url>",
    "kid": "<holder-key-id>",
    "alg": "ES256"
  }
}

5. Claim Encoding and Selective Disclosure

Aadhaar demographic attributes are encoded using salted-hash digests.

5.1 Claim Process

For every claim:

digest = SHA-256( base64url(salt) || base64url(name) || base64url(value) )

The digest is included in _sd.

The corresponding disclosure is:

[name, value, salt]

Example digest list:

"_sd": [
  "Pwb8CAFTk6KYrhJDNzdW37MFZJ-sxaHAf0Q7AGZrwXg",
  "wuj7vq4gOtFPsuhYivf6mHi1O9xcmKhs-TOHDTGlaAM",
  ...
]

6. Aadhaar Claim Set

Claim

Type

Notes

uid

string

Optional — typically NOT disclosed

name

string

Selectively disclosed

dob

string

YYYY-MM-DD or age-derived boolean

gender

string

“M”, “F”, “T”

address

object

Structured, selectively disclosable fields

mobile

boolean

Whether UIDAI has verified mobile

email

boolean

Same for email

age_over_18

boolean

Derived claim

age_over_60

boolean

Derived claim

8. Credential Status

The status field contains a stable URL that returns signed VC status metadata.

https://pehchaan.uidai.gov.in/credentials/status/<credential-id>

Status values:

active
suspended
revoked

Status response is digitally signed.

9. Example SD-JWT Payload (Normalized)

{
  "iss": "https://uidai.gov.in",
  "id": "02bf1830-46e4-4564-b5ca-734280901673",
  "iat": 1711805307,
  "exp": 1711895307,
  "status": "https://pehchaan.uidai.gov.in/credentials/status/02bf1830-46e4-4564-b5ca-734280901673",

  "cnf": {
    "jwk": {
      "kty": "EC",
      "crv": "P-256",
      "x": "<base64url-x>",
      "y": "<base64url-y>",
      "kid": "<holder-key-id>",
      "alg": "ES256"
    }
  },

  "_sd_alg": "SHA-256",
  "_sd": [
    "Pwb8CAFTk6KYrhJDNzdW37MFZJ-sxaHAf0Q7AGZrwXg",
    "wuj7vq4gOtFPsuhYivf6mHi1O9xcmKhs-TOHDTGlaAM",
    ...
  ]
}

PreviousAadhaar MSO Specifications NextApp-to-App Credential Flows

Last updated 3 days ago

hashtag1. Introduction

hashtag2. High-Level Structure

hashtag3. Protected Header Requirements

hashtagWhereas

hashtag4. Issuer-Signed Payload (SD-JWT)

hashtag4.1 Mandatory Fields

hashtag4.2 Holder Binding (cnf.jwk)

hashtag5. Claim Encoding and Selective Disclosure

hashtag5.1 Claim Process

hashtagExample digest list:

hashtag6. Aadhaar Claim Set

hashtag8. Credential Status

hashtag9. Example SD-JWT Payload (Normalized)

1. Introduction

2. High-Level Structure

3. Protected Header Requirements

Whereas

4. Issuer-Signed Payload (SD-JWT)

4.1 Mandatory Fields

4.2 Holder Binding (`cnf.jwk`)

5. Claim Encoding and Selective Disclosure

5.1 Claim Process

Example digest list:

6. Aadhaar Claim Set

8. Credential Status

9. Example SD-JWT Payload (Normalized)