WebAuthnP256

Utility functions for NIST P256 ECDSA cryptography using the Web Authentication API

Examples

Below are some examples demonstrating common usages of the WebAuthnP256 module:

Creating Credentials

Credentials can be created using WebAuthnP256.createCredential:

import { WebAuthnP256 } from 'ox'
 
const credential = await WebAuthnP256.createCredential({ name: 'Example' })
{
   id: 'oZ48...',
   publicKey: { x: 51421...5123n, y: 12345...6789n },
   raw: PublicKeyCredential {},
 }
 const { metadata, signature } = await WebAuthnP256.sign({
  credentialId: credential.id,
  challenge: '0xdeadbeef',
})

Signing Payloads

Payloads can be signed using WebAuthnP256.sign:

import { WebAuthnP256 } from 'ox'
 
const credential = await WebAuthnP256.createCredential({
  name: 'Example',
})
 
const { metadata, signature } = await WebAuthnP256.sign({ 
  credentialId: credential.id, 
  challenge: '0xdeadbeef', 
})
{
   metadata: {
     authenticatorData: '0x49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d97630500000000',
     clientDataJSON: '{"type":"webauthn.get","challenge":"9jEFijuhEWrM4SOW-tChJbUEHEP44VcjcJ-Bqo1fTM8","origin":"http://localhost:5173","crossOrigin":false}',
     challengeIndex: 23,
     typeIndex: 1,
     userVerificationRequired: true,
   },
   signature: { r: 51231...4215n, s: 12345...6789n },
 }

Verifying Signatures

Signatures can be verified using WebAuthnP256.verify:

import { WebAuthnP256 } from 'ox'
 
const credential = await WebAuthnP256.createCredential({
  name: 'Example',
})
 
const { metadata, signature } = await WebAuthnP256.sign({
  credentialId: credential.id,
  challenge: '0xdeadbeef',
})
 
const result = await WebAuthnP256.verify({ 
  metadata, 
  challenge: '0xdeadbeef', 
  publicKey: credential.publicKey, 
  signature, 
})
true

Functions

Name	Description
`WebAuthnP256.createCredential`	Creates a new WebAuthn P256 Credential, which can be stored and later used for signing.
`WebAuthnP256.sign`	Signs a challenge using a stored WebAuthn P256 Credential. If no Credential is provided, a prompt will be displayed for the user to select an existing Credential that was previously registered.
`WebAuthnP256.verify`	Verifies a signature using the Credential's public key and the challenge which was signed.

Types

Name	Description
`WebAuthnP256.AttestationConveyancePreference`
`WebAuthnP256.AuthenticatorAttachment`
`WebAuthnP256.AuthenticatorTransport`
`WebAuthnP256.BufferSource`
`WebAuthnP256.COSEAlgorithmIdentifier`
`WebAuthnP256.CredentialMediationRequirement`
`WebAuthnP256.LargeBlobSupport`
`WebAuthnP256.P256Credential`	A WebAuthn-flavored P256 credential.
`WebAuthnP256.PrfExtension`
`WebAuthnP256.PublicKeyCredential`
`WebAuthnP256.PublicKeyCredentialType`
`WebAuthnP256.ResidentKeyRequirement`
`WebAuthnP256.SignMetadata`	Metadata for a WebAuthn P256 signature.
`WebAuthnP256.UserVerificationRequirement`