WebAuthnP256

Utility functions for NIST P256 ECDSA cryptography using the Web Authentication API

Examples

Below are some examples demonstrating common usages of the WebAuthnP256 module:

Creating Credentials

Credentials can be created using WebAuthnP256.createCredential:

import { WebAuthnP256 } from 'ox'
 
const credential = await WebAuthnP256.createCredential({ name: 'Example' })
{
   id: 'oZ48...',
   publicKey: { x: 51421...5123n, y: 12345...6789n },
   raw: PublicKeyCredential {},
 }
 const { metadata, signature } = await WebAuthnP256.sign({
  credentialId: credential.id,
  challenge: '0xdeadbeef',
})

Signing Payloads

Payloads can be signed using WebAuthnP256.sign:

import { WebAuthnP256 } from 'ox'
 
const credential = await WebAuthnP256.createCredential({
  name: 'Example',
})
 
const { metadata, signature } = await WebAuthnP256.sign({ 
  credentialId: credential.id, 
  challenge: '0xdeadbeef', 
})
{
   metadata: {
     authenticatorData: '0x49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d97630500000000',
     clientDataJSON: '{"type":"webauthn.get","challenge":"9jEFijuhEWrM4SOW-tChJbUEHEP44VcjcJ-Bqo1fTM8","origin":"http://localhost:5173","crossOrigin":false}',
     challengeIndex: 23,
     typeIndex: 1,
     userVerificationRequired: true,
   },
   signature: { r: 51231...4215n, s: 12345...6789n },
 }

Verifying Signatures

Signatures can be verified using WebAuthnP256.verify:

import { WebAuthnP256 } from 'ox'
 
const credential = await WebAuthnP256.createCredential({
  name: 'Example',
})
 
const { metadata, signature } = await WebAuthnP256.sign({
  credentialId: credential.id,
  challenge: '0xdeadbeef',
})
 
const result = await WebAuthnP256.verify({ 
  metadata, 
  challenge: '0xdeadbeef', 
  publicKey: credential.publicKey, 
  signature, 
})
true

Functions

Name	Description
`WebAuthnP256.createCredential`	Creates a new WebAuthn P256 Credential, which can be stored and later used for signing.
`WebAuthnP256.getAuthenticatorData`	Gets the authenticator data which contains information about the processing of an authenticator request (ie. from `WebAuthnP256.sign`).
`WebAuthnP256.getClientDataJSON`	Constructs the Client Data in stringified JSON format which represents client data that was passed to `credentials.get()` in `WebAuthnP256.sign`.
`WebAuthnP256.getCredentialCreationOptions`	Returns the creation options for a P256 WebAuthn Credential to be used with the Web Authentication API.
`WebAuthnP256.getCredentialRequestOptions`	Returns the request options to sign a challenge with the Web Authentication API.
`WebAuthnP256.getSignPayload`	Constructs the final digest that was signed and computed by the authenticator. This payload includes the cryptographic `challenge`, as well as authenticator metadata (`authenticatorData` + `clientDataJSON`). This value can be also used with raw P256 verification (such as `P256.verify` or `WebCryptoP256.verify`).
`WebAuthnP256.sign`	Signs a challenge using a stored WebAuthn P256 Credential. If no Credential is provided, a prompt will be displayed for the user to select an existing Credential that was previously registered.
`WebAuthnP256.verify`	Verifies a signature using the Credential's public key and the challenge which was signed.

Errors

Name	Description
`WebAuthnP256.CredentialCreationFailedError`	Thrown when a WebAuthn P256 credential creation fails.
`WebAuthnP256.CredentialRequestFailedError`	Thrown when a WebAuthn P256 credential request fails.

Types

Name	Description
`WebAuthnP256.P256Credential`	A WebAuthn-flavored P256 credential.
`WebAuthnP256.SignMetadata`	Metadata for a WebAuthn P256 signature.