Skip to content

WebAuthnP256

Utility functions for NIST P256 ECDSA cryptography using the Web Authentication API

Examples

Below are some examples demonstrating common usages of the WebAuthnP256 module:

Creating Credentials

Credentials can be created using WebAuthnP256.createCredential:

import { WebAuthnP256 } from 'ox'
 
const credential = await WebAuthnP256.createCredential({ name: 'Example' })
{
id: 'oZ48...',
publicKey: { x: 51421...5123n, y: 12345...6789n },
raw: PublicKeyCredential {},
}
const { metadata, signature } = await WebAuthnP256.sign({ credentialId: credential.id, challenge: '0xdeadbeef', })

Signing Payloads

Payloads can be signed using WebAuthnP256.sign:

import { WebAuthnP256 } from 'ox'
 
const credential = await WebAuthnP256.createCredential({
  name: 'Example',
})
 
const { metadata, signature } = await WebAuthnP256.sign({ 
  credentialId: credential.id, 
  challenge: '0xdeadbeef', 
})
{
metadata: {
authenticatorData: '0x49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d97630500000000',
clientDataJSON: '{"type":"webauthn.get","challenge":"9jEFijuhEWrM4SOW-tChJbUEHEP44VcjcJ-Bqo1fTM8","origin":"http://localhost:5173","crossOrigin":false}',
challengeIndex: 23,
typeIndex: 1,
userVerificationRequired: true,
},
signature: { r: 51231...4215n, s: 12345...6789n },
}

Verifying Signatures

Signatures can be verified using WebAuthnP256.verify:

import { WebAuthnP256 } from 'ox'
 
const credential = await WebAuthnP256.createCredential({
  name: 'Example',
})
 
const { metadata, signature } = await WebAuthnP256.sign({
  credentialId: credential.id,
  challenge: '0xdeadbeef',
})
 
const result = await WebAuthnP256.verify({ 
  metadata, 
  challenge: '0xdeadbeef', 
  publicKey: credential.publicKey, 
  signature, 
})
true

Functions

NameDescription
WebAuthnP256.createCredentialCreates a new WebAuthn P256 Credential, which can be stored and later used for signing.
WebAuthnP256.getAuthenticatorDataGets the authenticator data which contains information about the processing of an authenticator request (ie. from WebAuthnP256.sign).
WebAuthnP256.getClientDataJSONConstructs the Client Data in stringified JSON format which represents client data that was passed to credentials.get() in WebAuthnP256.sign.
WebAuthnP256.getCredentialCreationOptionsReturns the creation options for a P256 WebAuthn Credential to be used with the Web Authentication API.
WebAuthnP256.getCredentialRequestOptionsReturns the request options to sign a challenge with the Web Authentication API.
WebAuthnP256.getSignPayloadConstructs the final digest that was signed and computed by the authenticator. This payload includes the cryptographic challenge, as well as authenticator metadata (authenticatorData + clientDataJSON). This value can be also used with raw P256 verification (such as P256.verify or WebCryptoP256.verify).
WebAuthnP256.signSigns a challenge using a stored WebAuthn P256 Credential. If no Credential is provided, a prompt will be displayed for the user to select an existing Credential that was previously registered.
WebAuthnP256.verifyVerifies a signature using the Credential's public key and the challenge which was signed.

Errors

NameDescription
WebAuthnP256.CredentialCreationFailedErrorThrown when a WebAuthn P256 credential creation fails.
WebAuthnP256.CredentialRequestFailedErrorThrown when a WebAuthn P256 credential request fails.

Types

NameDescription
WebAuthnP256.P256CredentialA WebAuthn-flavored P256 credential.
WebAuthnP256.SignMetadataMetadata for a WebAuthn P256 signature.