Comparisons

SD-JWT in PHP?

Yes. k2gl/sd-jwt implements RFC 9901 — Selective Disclosure for JWTs — end to end: issuing with chosen claims disclosable, holder-side presentations that reveal a subset, and verification that recomputes every disclosure digest against the signed payload.

use K2gl\Dsse\PublicKey;
use K2gl\SdJwt\SdJwtVerifier;

$claims = new SdJwtVerifier()
    ->verify($compactSdJwt, PublicKey::fromJwk($issuerJwk))
    ->claims();

Key binding (the holder proving possession) is supported on both the issuing and verifying side; ES256/384/512, EdDSA and RS256+ signatures.

The credential layer

For SD-JWT VC (dc+sd-jwt) — the profile used by OpenID4VC and the EU Digital Identity Wallet — k2gl/sd-jwt-vc adds the vct rules and issuer key discovery. See the digital identity overview and the relying-party guide.

Try it in the browser

Generate a demo SD-JWT with the claims you choose disclosable, then take it apart in the debugger — disclosures, recomputed digests, recreated claims, signature check.