A-SIT Plus Wallet Demonstrator

Wallet App: Valera

Valera, our open source Kotlin compose multiplatform wallet app, can be installed on your mobile phone as follows:

Android

Download our latest APK
Runs on Android 11 and above

iOS

Join our Testflight, by requesting access for your Apple account

Quickstart

Issue Credentials

To load credentials in your app, please use the backend service at the Issuing Service, which should be pre-selected in the app.
Proceeding in the app should open a login page, where you can login directly at the issuing service using Username user and Password password.
Alternatively, you can select "ID Austria" and then use username and password from the list of ID Austria test credentials (or use your national E-ID via eIDAS) to load attribute data.
The browser should redirect you back into the wallet app, where the selected credential is loaded.

Present Credentials

The wallet app can then be used to authenticate at compatible verifiers (see our Relying Party).
This is done either by scanning a login QR code, or by getting invoked directly by clicking a login link.

Guides

Various use cases can be tested with our wallet demonstrator system, as listed below.

		App Wallet		Remote Wallet
		on same device	on different device
Issue Credentials
» via QR	demo user	-	steps	-
» via Browser	demo user, IDA w/o 2nd Factor, IDA with 2nd Factor	steps	-	(implicitly in presentation)
Present Credentials
» remote	to eIDAS2 RP	steps	steps	steps
» remote	to IDA RP	steps	steps	steps
» proximity		-	steps	-
Sign Documents
» Wallet-Centric	ad-hoc certificate	steps	steps	steps
» Wallet-Centric	pre-loaded certificate	steps	steps	-
» RP-Centric		steps	steps	steps

Services

Issuing Service

The Issuing Service (M6) implements OpenID for Verifiable Credential Issuance, converting attributes from the national E-ID of Austria (ID Austria) into wallet credentials. Login at the issuing service with ID Austria test credentials (or use your national E-ID via eIDAS) to generate a QR Code containing a credential offer for your Wallet App. Alternatively, you can login directly at the issuing service using user and password.

Relying Party

The Relying Party implements several use cases from Potential LSP as well as a generic remote authentication flow for wallets. The service generates QR Codes according to OpenID for Verifiable Presentations to start a cross device flow and renders links to start a same device flow. The verifier also links to an "online" or "remote" wallet, where the user can perform authentication directly in the browser, i.e. attribute data are loaded from ID Austria and are converted on-the-fly into wallet credentials.

Technical Details

Open Source: Visit A-SIT Plus Open Source to have a look at the libraries powering the services mentioned above, in particular Signum for cryptography and VC-K for the credentials. Check out our Wallet app Valera and a very simple Relying Party Demonstrator too.

Implemented Specifications: We've implemented the relevant specifications like OID4VCI, OID4VP, SIOPv2, as well as relevant profiles from POTENTIAL and OpenID4VC HAIP. See the VC-K readme for some sample requests and responses.

Certificates: This is the root (IACA) certificate for our verifier and issuer. This is the (old) issuer certificate (M5), and the (new) issuer certificate (M6), and the verifier certificate.

Implemented Credentials: Our wallet system supports various credentials, defined by the EU, or porposed by the POTENTIAL LSP. See our Credential Collection.

EU Credentials

POTENTIAL Credentials

Power of Representation
Certificate of Residence
Health ID
Company Registration
Tax ID

Please note that we try our best, but this is a demonstrator, and thus we can't make guarantees that everything is correct and available all the time.

Changes

Valera has been updated on 2025-04-07 to version 5.5.2, updating OpenID4VCI implementation, fixing the RQES flow and DCQL presentations.
The relying party has been updated on 2025-04-04, supporting DCQL queries and more profiles.
The issuing service has been updated on 2025-04-01.
Fixes from 2025-03-18 include the correct vct for Power of Representation and Company Registration. Please delete and reload those credentials in your app.
Updates from 2025-04-01 include an updated implementation for OpenID4VCI. Please use the issuing service at https://wallet.a-sit.at/m6 in your Valera app, from 5.5.0 onwards.
Updates from 2025-04-04 include fixes for the remote qualified signature flow and DCQL presentations.