EUDI interoperability
This page displays the latest results of our interop testing with components of the EUDI Wallet Reference Implementation. The Reference Implementation offers:
- Demo EUDI Wallet for iOS and Android
- Issuer services
- Verifier services
What we test
| Category | Tested |
|---|---|
| Credential formats |
|
| Exchange protocols |
|
| Schemas | All schemas included in the version of the EUDI Issuer being tested. The results for PID and mDL are shared below; results of other schemas are highlighted if notable. |
| Flows | Pre-Authorization Code Grant, issuer-initiated, remote presentation |
| Presentation Query Type | Presentation Exchange |
What we don't test
| Category | Not tested |
|---|---|
| Flows | Authorization Code Grant, wallet-initiated flows, proximity flows |
| Presentation Query Type | DCQL |
Components
| Component | Version |
|---|---|
| EUDI Issuer | 0.7.2 |
| EUDI Verifier | 0.5.1 |
| EUDI iOS Wallet | 2025.04.25-Demo |
| EUDI Android Wallet | 2025.04.25-Demo |
| Procivis One Core | 1.56.0 and associated Wallet and Verifier apps |
Results
The following results were obtained on or before 2025.07.16.
| Color | Meaning |
|---|---|
| Working | |
| Issues related to configuration or integration | |
| Implementation mismatch; high priority fixes in progress |
The external components tested here are maintained by third parties and may be updated without notice. Our test results include compatibility adjustments that may become outdated if upstream changes are deployed. We update these test results periodically but cannot guarantee they reflect the current state of all external dependencies.
For flows involving Procivis One as the issuer or verifier and the EUDI wallet, a EUDI-compatible certificate identifier must be used. See the instructions.
PID using SD-JWT VC
| Issuer | Holder | Verifier | Status | Comment |
|---|---|---|---|---|
| EUDI | Procivis One | Procivis One | ||
| EUDI | Procivis One | EUDI | ||
| EUDI | EUDI iOS | Procivis One | ||
| EUDI | EUDI Android | Procivis One | ||
| Procivis One | EUDI iOS | Procivis One | ||
| Procivis One | EUDI Android | Procivis One | ||
| Procivis One | EUDI iOS | EUDI | ||
| Procivis One | Procivis One | EUDI |
PID using mdoc
| Issuer | Holder | Verifier | Status | Comment |
|---|---|---|---|---|
| EUDI | Procivis One | Procivis One | ||
| EUDI | Procivis One | EUDI | ||
| EUDI | EUDI iOS | Procivis One | ||
| EUDI | EUDI Android | Procivis One | ||
| Procivis One | EUDI iOS | Procivis One | ||
| Procivis One | EUDI Android | Procivis One | ||
| Procivis One | EUDI iOS | EUDI | ||
| Procivis One | Procivis One | EUDI |
ISO mDL using mdoc
| Issuer | Holder | Verifier | Status | Comment |
|---|---|---|---|---|
| EUDI | Procivis One | Procivis One | ||
| EUDI | Procivis One | EUDI | ||
| EUDI | EUDI iOS | Procivis One | ||
| EUDI | EUDI Android | Procivis One | ||
| Procivis One | EUDI iOS | Procivis One | ||
| Procivis One | EUDI Android | Procivis One | ||
| Procivis One | EUDI iOS | EUDI | ||
| Procivis One | Procivis One | EUDI |
Revocation
No EUDI revocation components currently exist to test against.
Set it up yourself
- Make sure you test against pinned versions of the components as they are regularly updated. We hope to have deployments of the EUDI components available soon so you can test with them directly.
Configuration
You can use OPENID4VCI_DRAFT13 out-of-the-box to issue EUDI credentials.
Just be sure to provide the needed encryption keys, described in the
configuration docs.
If you are running multiple instances of the Core— for instance, a server instance configured for issuing and verifying and a mobile instance configured only for holding — remember to change each instance as necessary.
For example, if you want to receive EUDI mdocs in a Procivis One wallet and verify them with a Procivis One Desk, be sure to complete all instructions for both the mobile and server instances.
For verifying you will want to adjust the configuration to implement the EUDI URL scheme.
Create an entry of OID4VP specifically for EUDI, using their URL scheme. Use the example below:
verificationProtocol:
OPENID4VP_DRAFT25_EUDI:
display:
en: "OpenID4VP draft 25 (EUDI)"
order: 8
type: "OPENID4VP_DRAFT25"
params:
public:
useRequestUri: true
urlScheme: eudi-openid4vp // Set the URL scheme
verifier: // Needed for verifiers
supportedClientIdSchemes: [redirect_uri, verifier_attestation, did, x509_san_dns]
defaultClientIdScheme: x509_san_dns
holder:
supportedClientIdSchemes: [redirect_uri, verifier_attestation, did, x509_san_dns] // Needed for wallets
redirectUri:
enabled: true
allowedSchemes: ["https"]
When you create a proof request for EUDI credentials you will use this verification protocol. The URL scheme is used to parse the request and the certificate is used to verify the signature on the request. The wallet will automatically choose the EUDI protocol based on the URL scheme in the configuration.
Certificate
When using Procivis One to interact with the EUDI Wallet, you will want to use a certificate that is signed by the EUDI infrastructure.
Get a EUDI signed certificate and private key:
- Use the EUDI issuing service to issue a PID in the mdoc format to the EUDI Wallet.
- Go to Relying Party Registration and scan the QR code with the EUDI Wallet.
- Fill out the form, making sure that:
- The selected country is
UT - The DNS name matches your Desk deployment (do not provide a protocol scheme or a wildcard domain)
- The selected country is
- Submit, then download. You should have a
.p12file that contains both the signed certificate and the key.
Import the key
-
Extract the key from the
.p12file. You can use, for example,opensslto do this:openssl pkcs12 -in downloaded_certificate.p12 -nocerts -nodes -out private_key.pem- You will be prompted to input the password you assigned when requesting the certificate.
-
Convert the key to JWK representation.
-
Use the POST method on the
/api/key/v1endpoint to import the key, including the key in thestorageParamsargument:{
"keyType": "ECDSA",
"keyParams": {},
"name": "EXAMPLE KEY IMPORT",
"storageType": "INTERNAL",
"storageParams": {
"jwk": {
"kty": "EC",
"crv": "P-256",
"x": "iyAqsLUPs5zgdEiWIMsGof_02aUyPe5QNGGSaS5BVsk",
"y": "xQxYKD5ghVhogF8ubCH7eCKac9DPsxgTfKYrY4eYouU",
"d": "...",
"alg": "ES256",
"use": "sig"
}
}
} -
Store the ID of the newly created key to use in the next step.
Add the certificate to your system
- Extract the certificate from the
.p12file. You can use, for example,opensslto do this:openssl pkcs12 -in downloaded_certificate.p12 -nokeys -out certificate.pem
- Upload the certificate using the Desk:
- Create a new "Identifier" of type "Certificate" and upload the
.pemfile. - Select the key you imported in Step 2.
- Create a new "Identifier" of type "Certificate" and upload the
Now when you use Procivis One to interact with the EUDI Wallet, you will appear as a "Trusted" issuer and verifier.
Schemas
The EUDI Issuer provides several predefined schemas including PID and mDL. In order to issue, hold, or verify these credentials you need to provide the system with the schemas. These need to be recreated using the usual credential schema creation workflow.
If you are using the Procivis One Wallet or Verifier apps, the schemas are already loaded and you do not need to import them.
Issuance
When issuing with the Procivis One:
- Make sure you use the right schema
- Make sure you use the certificate created above
When issuing with the EUDI Issuer:
- Select "Pre-Authorization Code Grant" in the "Grants" selector.
Verification
When issuing with Procivis One:
- Make sure you use the certificate created above
When verifying with the EUDI Verifier:
-
Select "Presentation Exchange" in the "Presentation Query Type"
-
Select "Get" in the "Request URI Method"
Roadmap
- The EUDI trust management concept is rapidly evolving. We are following developments closely.