IRMA is a distributed, attribute-based authentication technique which is very privacy-friendly. This page provides a short overview on how to start using IRMA. You can find more information on the IRMA project here.
IRMA user token
Users will need an IRMA token to manage their attributes. Currently, there are two user token implementations of IRMA. A smart card version which is no longer maintained, and a much newer and more versatile Android app.
The IRMA app is currently the most up-to-date version of user-side IRMA stuff. The IRMA app is available for download directly from the Google Play store. If you have no access to the Google Play store, or do not wish to get the app from there, you can also find a binary here. Alternatively, you can build the app from the publicly available source code. Be aware that only an install via the app store will automatically update to the newest version.
After installing the app, users can obtain their first credentials through a registration process. After obtaining attributes, users can use them to authenticate to service providers. Several demos can be found on demo.irmacard.org.
More information on installing and using the IRMA app can be found here.
Verifying and Issuing credentials
If you want to verify and/or issue credentials you will need to run one of the following projects.
The API server handles all IRMA-specific cryptographic details of issuing and verifying attributes on behalf of the service or identity provider. It sits between IRMA tokens on the one hand, and authorized service or identity providers on the other hand. It exposes a RESTful JSON API driven by JWTs for authentication. The protocol that the IRMA API server and the IRMA Android app speak is documented here. If you wish to run your own API server you can find the code and instructions here.
IRMA session flow
The following image shows the dataflow between the IRMA software components in a typical IRMA session.
Explanation of the steps:
- The IRMA client (i.e., the service or identity provider wanting to verify or issue attributes) provides
a JWT containing an IRMA session request,
along with success and failure callbacks to
POSTs the JWT to the API server
- The API server replies with an IRMA session token
irma_jsrenders the session token along with the URL to the API server in a QR that the IRMA app scans
- The IRMA app contact the API server, and they perform the actual IRMA session
- The API server informs
irma_jsof the result (in the case of a successful disclosure session, this includes a JWT containing the disclosed attributes)
irma_jsinforms the IRMA client via the callbacks provided in step 1, including the disclosed attributes in verification sessions
The following image shows the relationships between the most important IRMA projects. Legend: Ellipses are Java projects; rectangles are static files; normal arrows mean “depends on”.
irma_configuration: contains credential descriptions, issuer descriptions, and public and possibly private keys of issuers, grouped in scheme managers
credentials_api: library that parses the credential and issuer descriptions from
irma_configuration, and defines some of the semantics of attribute-based credential schemes
credentials_idemix: library containing our Idemix implementation. Also parses the Idemix public and private keys from
irma_api_common: library containing classes that serve as the messages in the IRMA protocol, between the server (
irma_api_server) and client (
irma_api_server: server for issuing and verifying attributes
irma_android_cardemu: the IRMA Android token
Support or Contact
Having trouble with the IRMA usage or development? Contact
irma 'at' privacybydesign.foundation and we’ll help you sort it out.