Key Attestation: Cryptographic Key Attestation

Definition

Technical Mechanisms on Mobile Platforms

Modern smartphones include dedicated secure hardware for cryptographic operations. On Android devices, the Android Keystore system provides access to either a Trusted Execution Environment (TEE) or a StrongBox Secure Element. When a key is generated with attestation enabled, the hardware produces a certificate chain that cryptographically proves the key's properties and storage location. This chain is rooted in a manufacturer-provisioned attestation key certified by Google.

On Apple iOS devices, the Secure Enclave processor provides similar capabilities. Apple's DeviceCheck and App Attest services allow applications to generate hardware-bound keys and obtain attestation statements proving the key resides in the Secure Enclave. The attestation includes information about the device, the operating system version, and the application identity.

The attestation certificate typically includes metadata about the key's security level (software-backed, TEE-backed, or StrongBox-backed), whether the key is exportable, the key's intended purpose (signing or encryption), and the application that generated the key. For EUDI Wallets, the highest security levels (StrongBox or Secure Enclave) are required for credential binding keys.

External secure elements, such as embedded SIM (eSIM) based solutions or dedicated smart card chips, provide an additional option for key attestation. Some EUDI Wallet implementations may use these components for even stronger security guarantees, particularly for qualified electronic signature operations.

Role in EUDI Wallet Credential Issuance

During the credential issuance process via OpenID4VCI, the issuer may require key attestation as a prerequisite for issuing high-assurance credentials. The wallet generates a key pair in its secure hardware, obtains the attestation certificate chain, and presents it to the issuer along with the credential request.

The issuer verifies the attestation chain to confirm that the wallet's device key is genuinely hardware-protected. Only after successful attestation verification does the issuer bind the credential to the wallet's public key (typically embedded as the cnf claim in an SD-JWT credential). This ensures that the resulting credential can only be presented by the device that holds the hardware-protected private key.

The eIDAS 2.0 regulation and the EUDI Wallet Architecture and Reference Framework establish requirements for key attestation based on the assurance level of the credential. Person Identification Data (PID) credentials and other high-assurance attestations require hardware-level key attestation, while lower-assurance credentials may accept software-level key protection.

Wallet Secure Cryptographic Device (WSCD)

The WSCD is the architectural component in the EUDI Wallet that performs cryptographic operations in a secure environment. Key attestation proves that a key is managed by a certified WSCD. The EU defines specific certification requirements for WSCDs, drawing from Common Criteria evaluation and other security assessment frameworks.

A WSCD can be implemented as a local component (the device's secure element), a remote component (a cloud-based HSM), or a hybrid combining both. Each approach has different key attestation mechanisms. Local WSCDs use platform-native attestation (Android Keystore or Apple Secure Enclave), while remote WSCDs provide attestation through server-side certificate chains linking to the HSM manufacturer's root certificate.

The choice of WSCD implementation affects the wallet's capabilities. Local WSCDs enable fully offline credential presentation since the key operations happen on-device. Remote WSCDs require network connectivity for signing operations but may offer higher certification levels. The EUDI Wallet framework allows Member States to choose their preferred approach while ensuring interoperability through standardized key attestation formats.

Related Terms