X.509
cryptographyFull Name: X.509 Certificate Standard
Definition
X.509 is an ITU-T standard (also published as ISO/IEC 9594-8) that defines the format and validation rules for public key certificates and certificate revocation lists (CRLs) within a Public Key Infrastructure (PKI). First published in 1988 and currently at version 3, X.509 certificates bind a public key to a distinguished name (identity) through a digital signature from a Certificate Authority (CA), creating a verifiable assertion that a specific public key belongs to a specific entity. X.509 certificates are ubiquitous in internet security: they power TLS/HTTPS (securing web connections), S/MIME (securing email), code signing (verifying software authenticity), and document signing (creating legally binding digital signatures). In the EUDI Wallet ecosystem, X.509 certificates form the trust infrastructure backbone: credential issuer certificates identify and authenticate the entities that sign verifiable credentials, TLS certificates protect all network communications between wallet components, wallet provider certificates authenticate the entities that issue Wallet Instance Attestations, and the EU Trusted Lists reference X.509 certificate chains to establish the authoritative list of authorized ecosystem participants. The EUDI Wallet trust model extends the traditional web PKI with the EU Trusted Lists as a sovereign trust anchor, creating a dual-validation architecture where trust requires both a valid X.509 certificate chain and a corresponding entry in the EU Trusted Lists.
X.509 Certificate Structure and EUDI Wallet Usage
An X.509 v3 certificate contains several fields that are critical for EUDI Wallet trust validation. The Subject field identifies the certificate holder (for example, the credential issuer organization), while the Issuer field identifies the Certificate Authority that signed the certificate. The Subject Public Key Info contains the public key that corresponds to the private key used for credential signing. The Validity period specifies the certificate's not-before and not-after dates. The Serial Number uniquely identifies the certificate within the issuing CA's namespace. Extensions, unique to v3 certificates, carry additional information such as Key Usage (specifying what the key can be used for), Subject Alternative Name (additional identities), and Authority Information Access (where to check certificate status).
In the EUDI Wallet context, several X.509 extensions are particularly important. The Key Usage extension must indicate that the certificate is authorized for digital signature operations (for credential signing certificates) or key encipherment (for TLS certificates). The Extended Key Usage extension can specify more granular purposes, such as identifying a certificate specifically for EUDI Wallet credential issuance. Custom extensions may be defined by the EUDI Wallet specification to carry metadata about the issuer's authorization (such as which credential types they are authorized to issue), linking the X.509 certificate directly to the EUDI Wallet trust framework.
The certificate chain (also called the certification path) connects the end-entity certificate (the credential issuer's signing certificate) to a trust anchor (a root certificate) through one or more intermediate certificates. When a verifier validates a credential, they must verify the entire chain: each certificate's signature is checked against the issuing certificate's public key, each certificate's validity period is confirmed, and each certificate's revocation status is checked. The root certificate at the top of the chain must be listed in the EU Trusted Lists for the EUDI Wallet trust validation to succeed, providing the sovereign trust anchor that distinguishes the EUDI Wallet PKI from the general web PKI.
X.509 and the EU Trusted Lists: Dual Trust Validation
The EUDI Wallet's trust model introduces a dual-validation approach that combines traditional X.509 PKI validation with EU Trusted List verification. In standard web PKI, trust is established by validating a certificate chain up to a root certificate that is pre-installed in the browser or operating system's trust store. This model relies on Certificate Authorities (CAs) as trust anchors, with trust decisions delegated to the CA industry. The EUDI Wallet adds a sovereign layer on top: even if a credential issuer has a valid X.509 certificate chain from a trusted CA, the credential is only trusted if the issuer also appears in the EU Trusted Lists with active authorization for the specific credential type.
This dual validation addresses a fundamental limitation of traditional web PKI for identity infrastructure. In web PKI, any trusted CA can issue a certificate for any domain, creating a risk that a compromised or malicious CA could issue fraudulent certificates. For the EUDI Wallet, where certificates certify the authority to issue identity credentials affecting millions of citizens, this risk is unacceptable. The EU Trusted Lists provide an additional authorization layer that is controlled by national supervisory bodies under eIDAS, ensuring that only entities that have been formally authorized and certified can participate in the credential ecosystem.
The practical implementation of dual validation means that EUDI Wallet verifiers must perform two checks when validating a credential. First, standard X.509 chain validation (checking signatures, validity periods, revocation status, and key usage constraints) ensures the cryptographic integrity of the trust chain. Second, a lookup against the EU Trusted Lists (checking that the issuer's root certificate is listed, the issuer has an active qualified status, and the issuer is authorized for the specific credential type) ensures the regulatory authorization of the issuer. Both checks must pass for the credential to be trusted, providing defense-in-depth against both PKI-level attacks and unauthorized credential issuance.
Certificate Lifecycle Management for EUDI Wallet Infrastructure
Managing X.509 certificates across the EUDI Wallet ecosystem requires careful lifecycle planning. Credential issuer certificates have defined validity periods (typically 1-3 years for end-entity certificates), and issuers must plan certificate renewal well before expiration. When a certificate is renewed, the new certificate must be registered with the EU Trusted Lists and distributed to verifiers who may cache trust information. Credentials signed with the old certificate remain valid as long as the old certificate was valid at the time of signing, though verifiers must support historical certificate validation to verify these credentials.
Certificate revocation is a critical operation that must be handled efficiently in the EUDI Wallet ecosystem. If a credential issuer's private key is compromised, the corresponding certificate must be revoked immediately through Certificate Revocation Lists (CRLs) or the Online Certificate Status Protocol (OCSP). The EU Trusted Lists must also be updated to reflect the revocation. Verifiers must check revocation status during credential validation, and the EUDI Wallet infrastructure must ensure that revocation information propagates quickly enough to prevent compromised certificates from being used to issue fraudulent credentials during the revocation window.
The transition to post-quantum cryptography will significantly impact X.509 certificate management in the EUDI Wallet ecosystem. Current X.509 certificates use algorithms (RSA, ECDSA) that are vulnerable to quantum computing attacks. Post-quantum certificate algorithms (such as CRYSTALS-Dilithium, which has been standardized by NIST as ML-DSA) will produce larger certificates and signatures, requiring changes to certificate processing, storage, and transmission throughout the ecosystem. The EUDI Wallet specification will need to define a migration timeline and hybrid certificate approach that maintains backward compatibility while introducing quantum-resistant algorithms, a challenge that the entire X.509 ecosystem will face in the coming years.