An integrated .NET stack for decentralized identity: DIDs, verifiable credentials, selective disclosure, and hardware-backed cryptography.
Verifiable is a comprehensive .NET library implementing the W3C Decentralized Identifiers and Verifiable Credentials specifications, along with associated protocols from the Decentralized Identity Foundation and the OpenID Foundation. The library provides an integrated stack where cryptographic primitives, serialization, credential management, and hardware security work together cohesively.
The core value proposition is documents that can be distinctly identified, cryptographically signed, linked, timestamped, and selectively disclosed without requiring a central governing party while remaining compatible with regulated ecosystems like eIDAS.
| Library | Purpose | NuGet |
|---|---|---|
| Verifiable | CLI tool for library functionality |  |
| Verifiable.Core | DIDs, verifiable credentials, and data integrity proofs |  |
| Verifiable.Cryptography | Cryptographic primitives: salt generation, memory-safe key handling, hash functions |  |
| Verifiable.JCose | JOSE and COSE structures including SD-JWT and selective disclosure |  |
| Verifiable.OAuth | OAuth 2.0 / OpenID protocol flows: OpenID4VCI, OpenID4VP, HAIP, SIOPv2, OpenID Federation, Shared Signals, AuthZEN |  |
| Verifiable.Json | JSON serialization converters |  |
| Verifiable.Cbor | CBOR serialization for COSE envelopes |  |
| Verifiable.BouncyCastle | Cross-platform cryptography via BouncyCastle |  |
| Verifiable.NSec | High-performance cryptography via NSec |  |
| Verifiable.Microsoft | .NET standard cryptographic functions |  |
| Verifiable.Tpm | Trusted Platform Module integration |  |
| Verifiable.Sidetree | Sidetree protocol implementation |  |
| Verifiable.Jwt | JWT integration |  |
| Verifiable.Security.DataStorage | Secure storage utilities |  |
Decentralized identifiers and credentials. Full implementation of the W3C DID Core and Verifiable Credentials Data Model 2.0 specifications, including data integrity proofs with EdDSA-RDFC-2022, EdDSA-JCS-2022, and ECDSA-SD-2023 cryptosuites.
Selective disclosure. Support for privacy-preserving credential presentation through SD-JWT (RFC 9901), ECDSA-SD-2023 for JSON-LD credentials, and SD-CWT. Wallet operations include minimum disclosure computation, maximum disclosure bounds, and optimal selection algorithms.
Protocol flows. Issuer, verifier, and wallet implementations of OpenID for Verifiable Credential Issuance, OpenID for Verifiable Presentations and the high-assurance interoperability profile, Self-Issued OpenID Provider v2, OAuth 2.0 / OpenID Connect, OpenID Federation, and Shared Signals. See Implemented flows.
Multiple cryptographic backends. Delegate-based architecture allows plugging in BouncyCastle for cross-platform support, NSec for high performance, .NET cryptographic functions, or hardware security modules.
Hardware security. TPM 2.0 integration for hardware-backed key storage, PCR reading, event log parsing, attestations, and other TPM functionality to come. The architecture extends to HSMs and cloud KMS services through the delegate pattern.
Serialization flexibility. Core types remain agnostic to serialization format. JSON support via System.Text.Json and CBOR support via System.Formats.Cbor are provided in separate packages, enabling the same credential logic to work across both formats or any other.
Memory-safe key handling. Sensitive cryptographic material is ring-fenced using dedicated types with support for custom memory allocation through MemoryPool<T>, enabling scenarios like mlocked memory regions.
The library follows data-oriented programming principles where code is separate from immutable data, favoring generic data structures and general-purpose functions implemented as extension methods. Domain types contain raw cryptographic material without encoding artifacts, with encoding handled at serialization boundaries.
Cryptographic operations use a delegate-based extensibility model rather than direct implementations. This allows the same high-level API to work with software keys, TPM-backed keys, HSM keys, or cloud KMS without changing calling code. The SensitiveMemoryPool provides exact-size memory allocation for cryptographic material.
The three-party credential flow (Issuer → Holder → Verifier) is modeled explicitly, with clear separation between what each party knows and computes. Internal computation state is not passed between parties; instead, each party derives what it needs from the credential and proof structures.
The library includes the following protocol flows, each with tests. The test suite is the authoritative list.
- Credential issuance (OpenID4VCI 1.0) — issuer and wallet sides: authorization code and pre-authorized code grants, credential offers (by value and by reference), the credential, deferred, notification, and nonce endpoints, issuer metadata, request and response encryption, holder-binding proof validation (
jwt,attestation, anddi_vpproof types), key attestations, and DPoP-bound credential access tokens. - Credential presentation (OpenID4VP 1.0) — verifier and wallet sides, for cross-device, same-device, and same-device app-to-app interactions. Supports the OpenID4VP client identifier schemes, both
direct_postand encrypteddirect_post.jwtresponses, and DCQL credential queries. - Self-issued identity (SIOPv2 1.0) — the relying-party flow with signed request objects served at
request_uri, encrypted and combinedid_token+vp_tokenresponses, and nonce-replay defense, plus OP-side request validation, provider metadata, and self-issued ID token minting. - High-assurance profile (HAIP 1.0) — the OpenID4VP profile used by EUDI-style deployments: encrypted responses and X.509-based request signing.
- Credential formats in presentation — SD-JWT VC, ISO mdoc (ISO/IEC 18013-5), and SD-CWT, with holder key binding and selective disclosure.
- Verifiable credential data integrity — issuing and verifying credentials with W3C Data Integrity proofs: EdDSA-RDFC-2022, EdDSA-JCS-2022, and ECDSA-SD-2023.
- OAuth 2.0 / OpenID Connect — authorization code with PKCE, pushed authorization requests, signed request objects, DPoP, rich authorization requests with a per-type handler registry, JWT-secured authorization responses, token introspection with JWT responses, token refresh and revocation, dynamic client registration, and server and protected-resource metadata, including the FAPI 2.0 security profile and message signing constraints.
- OpenID Federation 1.0 — entity configurations, trust chain resolution, metadata policy, trust marks, and client registration.
- Shared Signals (SSF, CAEP, RISC) — transmitter and receiver, with push and poll delivery and stream management.
- AuthZEN — access evaluation, single and batch.
Install the packages relevant to your use case:
# Core functionality
dotnet add package Verifiable.Core
# For JSON serialization
dotnet add package Verifiable.Json
# For OAuth / OpenID protocol flows (OpenID4VP, Federation, and others)
dotnet add package Verifiable.OAuth
# For BouncyCastle cryptography (cross-platform)
dotnet add package Verifiable.BouncyCastle
# For TPM integration
dotnet add package Verifiable.TpmThe codebase runs on Windows, Linux, and macOS. Some hardware-specific functionality such as TPM operations may only work on certain platforms.
Press . on the repository page to open the codebase in VS Code web editor for quick exploration.
For secure disclosure of security vulnerabilities, please see the security policy.
Please read the contribution guidelines for technical details.
The TPM.DEV community provides excellent TPM-related study materials and discussions.
- Open issues for bugs, suggestions, or improvements.
- Create pull requests following the contribution guidelines.
- Add tests, especially those using test vectors from other implementations for cross-checking.
- Expand TPM functionality including signing, encryption, and permissions.
- Add more cryptographic and security capabilities.
- Support additional protocols from the Decentralized Identity Foundation.
- Improve threat and privacy modeling using frameworks like LINDDUN.
See the LICENSE file for details.
Note: This is an early version under active development. APIs may change between versions.