The usage of a Key Binding JWT (KB-JWT) is a key element as it needs to be tied to a specific SD-JWT when its payload includes a hash of the SD-JWT in its sd_hash claim.
At the same time it needs prove possession of of the private key of the associated key pair.
To enforce this a Key Binding JWT (KB-JWT) signature must be verified by the same public key included (or referenced) in the SD-JWT.
The actual 0.8.0 documentation misses to provide such signature requirement, thus there's need to explicitly describe and require such key-binding detail.
peppelinux
commented
1 month ago
The usage of a Key Binding JWT (KB-JWT) is a key element as it needs to be tied to a specific SD-JWT when its payload includes a hash of the SD-JWT in its sd_hash claim.
At the same time it needs prove possession of of the private key of the associated key pair. To enforce this a Key Binding JWT (KB-JWT) signature must be verified by the same public key included (or referenced) in the SD-JWT.
The actual 0.8.0 documentation misses to provide such signature requirement, thus there's need to explicitly describe and require such key-binding detail.