Valera is a single-codebase Compose Multiplatform Identity Wallet for iOS and Android. It lets you load, store and present W3C Verifiable Credentials — your PID, driving licence, health insurance card and more — straight from your phone, powered end-to-end by VC-K.
It is the holder side of a complete, self-contained EUDIW playground:
🪪 Issuer → 📲 Valera (this app) → ✅ Relying Party
Provision credentials from the demo issuer, keep them in your wallet, and present them to the demo verifier — all speaking the same emerging eIDAS 2 / EUDIW protocols.
| ⛔️ Not for production — read before you tap |
|---|
| Valera is a Technology Demonstrator and testbed. Do not load real identity data into it. See Limitations. |
Valera tracks the emerging eIDAS 2 technical specification — a regulation that is still very much a moving target when it comes to technical details. Even so, it already interoperates with the EU reference issuing service and EU verifier, and lets you experience first-hand what an EU Digital Identity Wallet (EUDIW) can look and feel like.
The headline release — built on a major jump to VC-K 6.0.0:
- 🌐 Digital Credentials API, leveled up — the OS-native browser handover now negotiates requests carrying multiple protocols at once, and iOS joins the party with native ISO/IEC 18013-7 Annex C support.
- 📥 Issuance over the DC API — get credentials issued directly through the browser's Digital Credentials API (preliminary OpenID4VCI #476 spec), no redirect dance required.
- 🔁 Smarter credential refresh — refresh prompts now show which credential they're about, and you can mute the prompt for a single credential instead of all-or-nothing.
- 🔐 Hardware-backed key attestation updated to the VC-K 6.0 / TS3 WUA 1.5 APIs.
- 🍎 iOS 18.6 baseline — the minimum target moves from 16.0 to 18.6 (iOS 18 is the oldest version still receiving security updates).
- 🤝 Verified to interop with the demo issuer and relying party.
Valera fetches credentials from wallet-issuer.a-sit.plus in a range of formats — even beyond what the upcoming EUDIW targets — and presents them to verifiers over multiple transports.
Get credentials (issuance)
- 📜 OpenID4VCI issuance (authorization code & pre-authorized code flows)
- 🌐 Browser-native issuance via the Digital Credentials API
- 🔄 Refresh credentials when they expire, with per-credential prompts
- 🛡️ Hardware-backed holder keys, biometric/passcode-gated, with WUA key attestation
Show credentials (presentation)
- 🪪 OpenID4VP with both SD-JWT VC and ISO mDoc presentation
- 🧮 DCQL and Presentation Exchange queries — verifiers pick exactly which attributes to request, you consent per attribute
- 📡 Proximity presentation to a verifier over Bluetooth Low Energy and NFC (ISO/IEC 18013-5)
- 🌐 Digital Credentials API presentation, including ISO 18013-7 Annex C (now on iOS too)
- 🔎 Built-in technical detail view to inspect a credential's claims, validity and status — great for debugging interop
- ✅ Freshness & status indicators backed by token status lists
Supported credentials
| Credential | SD-JWT VC | ISO mDoc |
|---|---|---|
| Person Identification Data (PID) | ✅ | ✅ |
| Mobile Driving Licence (mDL) | ✅ | ✅ |
| European Health Insurance Card (EHIC) | ✅ | |
| Age Verification | ✅ | ✅ |
| Power of Representation (PoR) | ✅ | |
| Certificate of Residence (CoR) | ✅ | |
| Tax ID | ✅ | |
| e-Prescription | ✅ |
Unknown schemes degrade gracefully via a fallback scheme, so even credentials Valera doesn't natively model can still be loaded and inspected. For full schema details, head over to the credentials collection repo.
Valera is developed in lockstep with two companion reference services, so the whole issue → hold → present loop stays interoperable:
| What it is | Try it | |
|---|---|---|
| 🪪 Issuing Backend | A Spring Boot OpenID4VCI issuer (also issuance over the DC API) that mints wallet-ready PID, mDL, EHIC, Age Verification, PoR, CoR and Tax ID credentials as JWT VC, SD-JWT VC and ISO mDoc. | wallet-issuer.a-sit.plus · repo |
| ✅ Relying Party | A Spring Boot OpenID4VP verifier that requests and validates presentations over QR, deep link and the DC API, with freely configurable DCQL / Presentation Exchange queries. | wallet-rp.a-sit.plus · repo |
The demo relying party in particular lets you freely define how and which details of a credential are requested — the best way to explore verifiable presentation in all its (technical) glory.
Valera is a testbed and technology demonstrator, not a shippable wallet. Concretely:
⚠️ Never load real identity data. Treat everything in the app as throwaway test data.- 🧪 The demo issuer issues synthetic credentials — many claim values are random or placeholder, and the demo services use ephemeral, self-signed keys that change on restart. Nothing here is a trust anchor.
- 🎯 The specs are a moving target. eIDAS 2 / EUDIW, OpenID4VCI, OpenID4VP, HAIP and the DC API are still evolving; interop can and will break between drafts. Valera follows the latest drafts, not a frozen, certified profile.
- 🚧 No production hardening. It is not security-audited, not certified, and makes no guarantees around privacy, key management or data protection for real-world use.
- 📦 Limited scope. Only the credentials and transports listed above are supported.
It is, however, an excellent sandbox — actively used in teaching at TU Graz's Institute of Information Security.
Valera is designed with distinctly different goals in mind than the EU reference implementation. Most prominently, we follow a KMP-first approach. In a nutshell, this means that given the choice between using two platform-native libraries and glue code to get a job done and investing the blood, sweat and tears it takes to conceive a proper KMP solution, we go the distance and invest in the KMP solution.
In the end, this (at times) tiresome approach brings a couple of advantages to the table:
- Consistency across platforms
- Shared UI tests
- Common, consistent, and thoroughly tested VC-K-powered business logic across
- Issuer
- Verifier
- iOS App
- Android App
- As an immediate consequence: far less margin for mistakes
- Unified cryptographic functionality integrated with platform-native biometric and passcode-base authentication based on Signum.
This much tighter integration of all moving parts across all parts of back-end and front-end opens up makes experimenting with new features much easier compared to having multiple discrete codebases. As a consequence, introducing new credentials (and testing issuing, and presenting them) must only be done once. It is even possible to introduce new cryptographic algorithms or alter any part of certain workflows and propagate such changes with very little friction across back-end and front-end. As such, Valera, VC-K and Signum make for an ideal sandbox — a property actively used in teaching at TU Graz's Institute of Information Security.
Valera, the issuing service and the demo service provider are under active development and are updated in tandem with each other. Outside contributions are welcome (see CONTRIBUTING.MD)!
To set up this project locally see DEVELOPMENT.md.
 Co‑Funded by the European Union |
This project has received funding from the European Union’s Digital Europe Programme (DIGITAL), Project 101102655 — POTENTIAL. |
|---|
The Apache License does not apply to the logos, (including the A-SIT logo) and the project/module name(s), as these are the sole property of A-SIT/A-SIT Plus GmbH and may not be used in derivative works without explicit permission!