multipaz/org.multipaz.provisioning/AbstractDocumentProvisioningHandler/createKeyBoundCredentials

createKeyBoundCredentials

abstract suspend fun createKeyBoundCredentials(document: Document, credentialMetadata: CredentialMetadata, createKeySettings: CreateKeySettings): List<SecureAreaBoundCredential>

Creates a set of pending key-bound credentials.

Provisioning will call Credential.certify method on these credentials once the data comes from the issuer. When pending credentials are created, it is very important that their keys are created with appropriate settings, as this is what anchors the whole security model of Digital Credential ecosystem. Parameter createKeySettings should be seen as providing the minimal requirements. In particular, CreateKeySettings.algorithm should and CreateKeySettings.nonce must be honored. In some cases, implementations may want or need to use custom and/or SecureArea-specific CreateKeySettings to have better control over key properties.

TODO: propagate more metadata about issuer key requirements through CredentialMetadata.

It is up to the implementation to determine the number of credentials to create, but it should generally not exceed issuer limit given in CredentialMetadata.maxBatchSize.

Return

a list of pending key-bound credentials

Parameters

document

Document for which credentials are being issued

credentialMetadata

information about credentials being issued

createKeySettings

suggested settings for the key to which credentials are bound

Generated by Dokka
© 2026 Copyright