SD-JWT VC primitives
Low-level building blocks exported from @owlid/sdk. Most apps use OwlVerifier, OwlIssuer, or OwlWallet instead — reach for these primitives only when you need direct control over key material or the SD-JWT VC wire format.
All of it is pure TypeScript (@noble/ed25519 + @noble/hashes) — no WASM, no native binaries. Output is standard SD-JWT VC, accepted by any conformant verifier.
KeyPair
A holder signing key (Ed25519). The wallet keeps the 32-byte seed PRF-wrapped by the passkey — see Holder integration.
PublicKey
SdJwtVc
Parsed view of an SD-JWT VC string (<JWT>~<disclosure>~…~<KB-JWT>).
To build a presentation from a parsed credential, use presentSdJwtVc (below).
presentSdJwtVc(sdJwtVc, holderKeyHex, disclose, binding)
The per-credential presentation primitive: select disclosures and bind them to the verifier with a key-binding JWT. Synchronous — returns the presentation string.
For multi-credential vp_token assembly (OpenID4VP DCQL), use OwlWallet instead.
verifySdJwt(presentation, issuerPublicKeyHex, requireKb, audience?, nonce?)
Offline verification of a presentation against a known issuer key. The hosted OwlVerifier.verify() does this plus did:web resolution and revocation checks — use verifySdJwt only for offline / self-contained checks where you already trust the issuer key.