sd_jwt

December 17, 2025 · View on GitHub

A Rust implementation of RFC 9901 - Selective Disclosure for JSON Web Tokens (SD-JWT).

SD-JWT allows an issuer to create a JWT where some claims can be selectively disclosed by the holder. This enables privacy-preserving use cases where only necessary information is revealed to verifiers.

Features

RFC 9901 compliant - Full implementation of the SD-JWT specification
Selective disclosure - Mark specific claims as selectively disclosable
Array element disclosure - Support for disclosing individual array elements
Decoy digests - Add decoy digests for enhanced privacy
Key binding - Support for holder key binding with KB-JWT
Multiple hash algorithms - SHA-256, SHA-384, SHA-512

Quick Start

use sd_jwt::{
    issuer::issue_sd_jwt,
    holder::HolderSdJwt,
    verifier::verify_sd_jwt,
    types::SdJwtConfig,
};
use serde_json::json;

// Issuer creates an SD-JWT
let claims = json!({
    "sub": "user123",
    "given_name": "John",
    "family_name": "Doe",
    "email": "john@example.com"
});

let issued = issue_sd_jwt(
    &issuer_private_key,
    "https://issuer.example.com",
    claims,
    &["given_name", "family_name", "email"],  // Selectively disclosable
    &SdJwtConfig::default(),
    None,
    None,
).unwrap();

// Holder creates a presentation (disclosing only given_name)
let holder_jwt = HolderSdJwt::parse(&issued.serialized).unwrap();
let presentation = holder_jwt.create_presentation(&["given_name"]).unwrap();

// Verifier verifies the presentation
let verified = verify_sd_jwt(
    &presentation.serialize(),
    &issuer_public_key,
    "https://issuer.example.com",
).unwrap();

// Only "given_name" is disclosed, other SD claims are hidden
assert_eq!(verified.get("given_name").unwrap(), "John");
assert!(verified.get("email").is_none());

SD-JWT Format

Per RFC 9901, the SD-JWT format uses ~ as the separator:

<Issuer-signed JWT>~<Disclosure 1>~<Disclosure 2>~...~<Disclosure N>~

With Key Binding:

<Issuer-signed JWT>~<Disclosure 1>~...~<Disclosure N>~<KB-JWT>

Modules

issuer - Functions for creating SD-JWTs
holder - Functions for creating presentations with selected disclosures
verifier - Functions for verifying SD-JWT presentations
disclosure - Disclosure data structure and utilities
types - Core types (SdJwt, SdJwtKb, configuration, etc.)

Examples

See the examples/ directory for complete examples:

cargo run --example rfc9901_example

Legacy API

The library also includes the legacy API from the draft-02 implementation for backward compatibility. New code should use the RFC 9901 compliant API.

License

Licensed under either of

Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.