Commit f72f209
committed
Introduce Multipaz Pass file format.
The Multipaz `.mpzpass` file format provides a standardized, lightweight
mechanism for the exchange of low-assurance verifiable credentials.
In scenarios where strict cryptographic device-binding introduces unnecessary
friction — such as when a user expects their digital assets to seamlessly
synchronize across their entire ecosystem of devices — this format offers
a pragmatic, portable solution. It is engineered specifically for use cases
where the risk of credential sharing is negligible, such as event and movie
ticketing, transit passes, or generic membership cards.
This format explicitly trades anti-cloning guarantees for portability. Because
the credential data and any associated keys are stored in a highly portable
container, the credential can be trivially copied.
For high-value credentials where cloning or replay attacks are active threat
vectors (e.g., mobile driving licenses or financial instruments), this file
format is inherently unsuitable. In those high-assurance scenarios, issuers
must leverage a robust provisioning protocol like
[OpenID4VCI](https://github.com/openid/OpenID4VCI) to ensure secure delivery
and hardware-backed device-binding at the time of issuance.
This PR has three main components
- Defintion of the format with example files, in the `mpzpass` directory
- Support routines and import/export in the core Multipaz library
- Support in TestApp for generating and importing `.mpzpass` files
Additionally, extend `SimplePresentmentSource` to support more than
one domain for a given credential type. This is needed because if
using this to import a credential with a software-backed key and the
app already has a domain for with and without user authentication (and
the domain is picked according to a setting of whether user
authentication should be used), the software-backed credential (which
never has any user authentication) need to be consulted in both cases.
This PR also fixes problems with the compose TestApp on iOS and it
also makes Credential.replacementForDeleted() internal which it should
have been from the start.
Test: Unit test and manually tested on both Android and iOS.
Signed-off-by: David Zeuthen <zeuthen@google.com>1 parent 9b80ec0 commit f72f209
File tree
39 files changed
+1477
-195
lines changed- mpzpass
- multipaz-dcapi/src/commonTest/kotlin/org/multipaz/presentment
- multipaz/src
- commonMain/kotlin/org/multipaz
- credential
- documenttype
- document
- mdoc/credential
- mpzpass
- presentment
- sdjwt/credential
- securearea/software
- commonTest/kotlin/org/multipaz
- mpzpass
- presentment
- iosMain/swift
- samples
- SwiftTestApp
- IdentityDocumentProviderExtension
- SwiftTestApp
- testapp
- iosApp
- DocumentProviderExtension
- TestApp.xcodeproj
- TestApp
- src
- androidMain
- kotlin/org/multipaz/testapp
- commonMain/kotlin/org/multipaz/testapp
- ui
- iosMain/kotlin/org/multipaz/testapp
39 files changed
+1477
-195
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
| 71 | + | |
| 72 | + | |
| 73 | + | |
| 74 | + | |
| 75 | + | |
| 76 | + | |
| 77 | + | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
| 81 | + | |
| 82 | + | |
| 83 | + | |
| 84 | + | |
| 85 | + | |
| 86 | + | |
| 87 | + | |
| 88 | + | |
| 89 | + | |
| 90 | + | |
| 91 | + | |
| 92 | + | |
| 93 | + | |
| 94 | + | |
| 95 | + | |
| 96 | + | |
| 97 | + | |
| 98 | + | |
| 99 | + | |
| 100 | + | |
| 101 | + | |
| 102 | + | |
| 103 | + | |
| 104 | + | |
| 105 | + | |
| 106 | + | |
| 107 | + | |
| 108 | + | |
| 109 | + | |
| 110 | + | |
| 111 | + | |
| 112 | + | |
| 113 | + | |
| 114 | + | |
Lines changed: 4 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
142 | 142 | | |
143 | 143 | | |
144 | 144 | | |
145 | | - | |
146 | | - | |
147 | | - | |
148 | | - | |
| 145 | + | |
| 146 | + | |
| 147 | + | |
| 148 | + | |
149 | 149 | | |
150 | 150 | | |
151 | 151 | | |
| |||
Lines changed: 21 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
31 | 31 | | |
32 | 32 | | |
33 | 33 | | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
34 | 37 | | |
35 | 38 | | |
| 39 | + | |
36 | 40 | | |
37 | 41 | | |
38 | 42 | | |
| |||
326 | 330 | | |
327 | 331 | | |
328 | 332 | | |
329 | | - | |
| 333 | + | |
330 | 334 | | |
331 | 335 | | |
332 | 336 | | |
| |||
341 | 345 | | |
342 | 346 | | |
343 | 347 | | |
| 348 | + | |
| 349 | + | |
| 350 | + | |
| 351 | + | |
| 352 | + | |
| 353 | + | |
| 354 | + | |
| 355 | + | |
| 356 | + | |
| 357 | + | |
| 358 | + | |
| 359 | + | |
| 360 | + | |
| 361 | + | |
| 362 | + | |
| 363 | + | |
344 | 364 | | |
345 | 365 | | |
346 | 366 | | |
| |||
Lines changed: 115 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
27 | 27 | | |
28 | 28 | | |
29 | 29 | | |
| 30 | + | |
30 | 31 | | |
| 32 | + | |
31 | 33 | | |
32 | 34 | | |
| 35 | + | |
| 36 | + | |
33 | 37 | | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
34 | 42 | | |
35 | 43 | | |
| 44 | + | |
36 | 45 | | |
37 | 46 | | |
38 | 47 | | |
| |||
262 | 271 | | |
263 | 272 | | |
264 | 273 | | |
| 274 | + | |
| 275 | + | |
| 276 | + | |
| 277 | + | |
| 278 | + | |
| 279 | + | |
| 280 | + | |
| 281 | + | |
| 282 | + | |
| 283 | + | |
| 284 | + | |
| 285 | + | |
| 286 | + | |
| 287 | + | |
| 288 | + | |
| 289 | + | |
| 290 | + | |
| 291 | + | |
| 292 | + | |
| 293 | + | |
| 294 | + | |
| 295 | + | |
| 296 | + | |
| 297 | + | |
| 298 | + | |
| 299 | + | |
| 300 | + | |
| 301 | + | |
| 302 | + | |
| 303 | + | |
| 304 | + | |
| 305 | + | |
| 306 | + | |
| 307 | + | |
| 308 | + | |
| 309 | + | |
| 310 | + | |
| 311 | + | |
| 312 | + | |
| 313 | + | |
| 314 | + | |
| 315 | + | |
| 316 | + | |
| 317 | + | |
| 318 | + | |
| 319 | + | |
| 320 | + | |
| 321 | + | |
| 322 | + | |
| 323 | + | |
| 324 | + | |
| 325 | + | |
| 326 | + | |
| 327 | + | |
| 328 | + | |
| 329 | + | |
| 330 | + | |
| 331 | + | |
| 332 | + | |
| 333 | + | |
| 334 | + | |
| 335 | + | |
| 336 | + | |
| 337 | + | |
| 338 | + | |
| 339 | + | |
| 340 | + | |
| 341 | + | |
| 342 | + | |
| 343 | + | |
| 344 | + | |
| 345 | + | |
| 346 | + | |
| 347 | + | |
| 348 | + | |
| 349 | + | |
| 350 | + | |
| 351 | + | |
| 352 | + | |
| 353 | + | |
| 354 | + | |
| 355 | + | |
| 356 | + | |
| 357 | + | |
| 358 | + | |
| 359 | + | |
| 360 | + | |
| 361 | + | |
| 362 | + | |
| 363 | + | |
| 364 | + | |
| 365 | + | |
| 366 | + | |
| 367 | + | |
| 368 | + | |
| 369 | + | |
| 370 | + | |
| 371 | + | |
| 372 | + | |
| 373 | + | |
| 374 | + | |
| 375 | + | |
| 376 | + | |
| 377 | + | |
| 378 | + | |
| 379 | + | |
265 | 380 | | |
266 | 381 | | |
267 | 382 | | |
| |||
Lines changed: 9 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
0 commit comments