Lissi Wallet Pro: Getting Started
The Lissi Wallet Pro is the enterprise-grade version of the standard Lissi Wallet. It is specifically engineered to meet the stringent security requirements of institutional high-assurance enterprise environments to roll out high-security use cases.
Core Differentiators
App Hardening: The Lissi Wallet Pro version includes advanced mobile application security layers (e.g., anti-tampering, runtime protection, …) to prevent reverse engineering and unauthorized modifications.
Wallet Attestations: During credential issuance, the Lissi Wallet Pro makes use of cryptographic wallet attestations according to OAuth 2.0 Attestation-Based Client Authentication to prove its integrity towards issuers. This guarantees that credentials are being stored in a legitimate, unmodified, and secure Lissi Wallet Pro environment.
Distribution: Lissi Wallet Pro is distributed privately to users of your organization. (Apple Buisness Manager and Managed Google Play).
Setup
To ensure a complete and secure deployment of the Lissi Wallet Pro within your enterprise environment, administrators must complete the configuration steps outlined in the sections below.
Certificate Information for Wallet Attestations
To verify the integrity of the Lissi Wallet Pro during the OID4VCI issuance flow, the issuer evaluates the wallet attestation according to OAuth 2.0 Attestation-Based Client Authentication.
Setup Note: To use Wallet Attestations, Administrators must configure/update their Lissi Connector Tenant by adding the following certificate to the list of Trusted Wallet Providers. This way it is ensured that the Connector only issues credentials to secured and trusted Lissi Wallet Pro instances.
CODE-----BEGIN CERTIFICATE----- MIIBrjCCAVSgAwIBAgIQNcL/MdnxTtSJHc9l1j+XETAKBggqhkjOPQQDAjAaMRgw FgYDVQQDEw93YWxsZXQubGlzc2kuaW8wHhcNMjYwMzA5MDcyNDEwWhcNMjcwMzA5 MDczNDEwWjAaMRgwFgYDVQQDEw93YWxsZXQubGlzc2kuaW8wWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQ16UmcL8p0B8iQuPkE+UK8QPnEfqPfzqmenC75hpK2glai TGOMTusRcgA73D4WJbslFoywL0b4d8zk78+F4bcGo3wwejAOBgNVHQ8BAf8EBAMC B4AwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYD VR0jBBgwFoAUZK12gZ7KQ7tgdizR91nMuIyYzucwHQYDVR0OBBYEFGStdoGeykO7 YHYs0fdZzLiMmM7nMAoGCCqGSM49BAMCA0gAMEUCIBe3MSOgRt47AXSRbaIcRYSD R4mSv8IC6baI7uBbuxnxAiEAuSwQCr13TkQ8gBjQJw8L8CtwzOSyiOnj+IDzVrTE otg= -----END CERTIFICATE-----
Relying Party Authentication via Trusted List
To protect users from malicious Relying Parties (RPs), the Lissi Wallet Pro supports Relying Party (RP) authentication through Trusted Lists. Your domain will be added to the Lissi Wallet Pro trusted list during the client onboarding process.
By default, the Lissi Wallet Pro does not allow users to interact with untrusted RPs that are not on the trusted domain list and instead shows a warning message.
For development purposes, it is possible to allow the interaction with untrusted Relying Parties (RPs) by enabling the Developer Options within the Settings of the Lissi Wallet Pro:
Open the Lissi Wallet Pro
Navigate to Settings → Licenses
Tap the Version field 7 times
Note: Repeat these steps to disable the developer options.
Lissi Wallet Pro Invocation
For the general setup and integration steps regarding wallet invocation, please follow the standard procedure outlined in the main documentation: Wallet Invocation
⚠️ Important Domain Override
Please use the domains listed in the following table to invoke the Lissi Wallet Pro depending on the environment:
Flow | Test Environment | Production Environment | Example |
|---|---|---|---|
Issuance (VCI) |
| ||
Presentation (VP) |
|