Requirements

In the Authentication section, you'll find step-by-step instructions on how to:

• Obtain your API key
• Prepare and register your certificate or credential
• Sign your declarations properly

Two Supported Authentication Models in Liccium

Model 1: Verifiable Credential (VC)–based Authentication

1. The declaring party generates a key pair (typically EC, e.g. P-256 or Ed25519).
2. Liccium (or another trust service) issues a Verifiable Credential (VC) bound to the DID (e.g. did) and the public key.
3. The declaring party signs declaration metadata with the private key.

Model 2: Qualified Certificate (QCert)–based Authentication

1. The declaring party receives a Qualified Electronic Seal Certificate (QCert, X.509) from a EU-trusted provider (QTSP).
2. The declaring party includes the certificate as x5c header in the signature of the declaration metadata.
3. The declaration is signed with the QCert's private key.

Summary

• VC-based declarations → EC key pairs (e.g. P-256 or Ed25519)
• QCert-based declarations → RSA key pairs → did uses RSA keys (to match QCert public key)