WebAuthnP256
Utility functions for NIST P256 ECDSA cryptography using the Web Authentication API
Examples
Below are some examples demonstrating common usages of the WebAuthnP256
module:
Creating Credentials
Credentials can be created using WebAuthnP256.createCredential
:
import { WebAuthnP256 } from 'ox'
const credential = await WebAuthnP256.createCredential({ name: 'Example' })
{ id: 'oZ48...', publicKey: { x: 51421...5123n, y: 12345...6789n }, raw: PublicKeyCredential {}, } const { metadata, signature } = await WebAuthnP256.sign({
credentialId: credential.id,
challenge: '0xdeadbeef',
})
Signing Payloads
Payloads can be signed using WebAuthnP256.sign
:
import { WebAuthnP256 } from 'ox'
const credential = await WebAuthnP256.createCredential({
name: 'Example',
})
const { metadata, signature } = await WebAuthnP256.sign({
credentialId: credential.id,
challenge: '0xdeadbeef',
})
{ metadata: { authenticatorData: '0x49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d97630500000000', clientDataJSON: '{"type":"webauthn.get","challenge":"9jEFijuhEWrM4SOW-tChJbUEHEP44VcjcJ-Bqo1fTM8","origin":"http://localhost:5173","crossOrigin":false}', challengeIndex: 23, typeIndex: 1, userVerificationRequired: true, }, signature: { r: 51231...4215n, s: 12345...6789n }, }
Verifying Signatures
Signatures can be verified using WebAuthnP256.verify
:
import { WebAuthnP256 } from 'ox'
const credential = await WebAuthnP256.createCredential({
name: 'Example',
})
const { metadata, signature } = await WebAuthnP256.sign({
credentialId: credential.id,
challenge: '0xdeadbeef',
})
const result = await WebAuthnP256.verify({
metadata,
challenge: '0xdeadbeef',
publicKey: credential.publicKey,
signature,
})
true
Functions
Name | Description |
---|---|
WebAuthnP256.createCredential | Creates a new WebAuthn P256 Credential, which can be stored and later used for signing. |
WebAuthnP256.getAuthenticatorData | Gets the authenticator data which contains information about the processing of an authenticator request (ie. from WebAuthnP256.sign ). |
WebAuthnP256.getClientDataJSON | Constructs the Client Data in stringified JSON format which represents client data that was passed to credentials.get() in WebAuthnP256.sign . |
WebAuthnP256.getCredentialCreationOptions | Returns the creation options for a P256 WebAuthn Credential to be used with the Web Authentication API. |
WebAuthnP256.getCredentialRequestOptions | Returns the request options to sign a challenge with the Web Authentication API. |
WebAuthnP256.getSignPayload | Constructs the final digest that was signed and computed by the authenticator. This payload includes the cryptographic challenge , as well as authenticator metadata (authenticatorData + clientDataJSON ). This value can be also used with raw P256 verification (such as P256.verify or WebCryptoP256.verify ). |
WebAuthnP256.sign | Signs a challenge using a stored WebAuthn P256 Credential. If no Credential is provided, a prompt will be displayed for the user to select an existing Credential that was previously registered. |
WebAuthnP256.verify | Verifies a signature using the Credential's public key and the challenge which was signed. |
Errors
Name | Description |
---|---|
WebAuthnP256.CredentialCreationFailedError | Thrown when a WebAuthn P256 credential creation fails. |
WebAuthnP256.CredentialRequestFailedError | Thrown when a WebAuthn P256 credential request fails. |
Types
Name | Description |
---|---|
WebAuthnP256.P256Credential | A WebAuthn-flavored P256 credential. |
WebAuthnP256.SignMetadata | Metadata for a WebAuthn P256 signature. |