One of the challenges when developing encryption systems for Swift Protocol has been figuring out how to decrypt data using a user's Keplr (or other) wallet. After hours of research, I landed on a relatively new solution: Passkeys.
What is a Passkey?
At WWDC22, Apple introduced the concept of Passkeys as a rebrand of the existing FIDO standard. This was adopted by most web browsers and operating systems over the next year, and we're not at a point where most systems support passkeys.
Passkeys are built on top of the Webauthn standard. When used with a mobile device (iOS, Android) they're stored in the device's keychain, which means they can be unlocked using biometrics.
The LargeBlob Extension
More modern systems have access to a Webauthn extension called LargeBlob, which allows you to store a significant amount of text within a passkey. This text can only be decrypted when the passkey is unlocked (i.e. through biometrics).
In essence, this means that we can store data within a biometric-secured environment facilitated by hardware APIs. This is huge.
Storing a key in LargeBlob
For Swift Protocol, this means we can store a private key in the Passkey. It goes somewhere along these lines:
Register passkey
Generate a new RSA keypair
Store the private key in LargeBlob
Whenever we need to decrypt data, we do this:
Authenticate passkey
Read LargeBlob, import private key
Decrypt the data
To facilitate this, I put together a simple NPM package, @swiftprotocol/auth.
Registering/authenticating users
Webauthn requires apps to provide a challenge to users attempting to register or authenticate passkeys. The "challenge" string needs to be entirely random to protect your users from repeat attacks. You'll need a server for this.
Once you have this challenge, you can call register(username, challenge). This'll return a credential that you'll need to store alongside a unique identifier for your user to be able to recognize your users. Fortunately, because we're working with web3, we already have a unique identifier, the user's address.
When you need to verify the identity of a user, call authenticate([credentialId], challenge). The returned signature will need to be sent to your server so that it can verify that it is legitimate. There are methods in the package to allow this: verifyRegistration and verifyAuthentication.
To write text to the user's LargeBlob, just call writeBlob([credentialId], challenge, blob). Your blob should be in text format, the API will handle converting it to a Uint8array.
Remarks
In my opinion, this could be the future of user authentication if the FIDO alliance members play their cards right. I'm excited and looking forward to future developments to the Webauthn standard.
One of the challenges when developing encryption systems for Swift Protocol has been figuring out how to decrypt data using a user's Keplr (or other) wallet. After hours of research, I landed on a relatively new solution: Passkeys.
What is a Passkey?
At WWDC22, Apple introduced the concept of Passkeys as a rebrand of the existing FIDO standard. This was adopted by most web browsers and operating systems over the next year, and we're not at a point where most systems support passkeys.
Passkeys are built on top of the Webauthn standard. When used with a mobile device (iOS, Android) they're stored in the device's keychain, which means they can be unlocked using biometrics.
The LargeBlob Extension
More modern systems have access to a Webauthn extension called LargeBlob, which allows you to store a significant amount of text within a passkey. This text can only be decrypted when the passkey is unlocked (i.e. through biometrics).
In essence, this means that we can store data within a biometric-secured environment facilitated by hardware APIs. This is huge.
Storing a key in LargeBlob
For Swift Protocol, this means we can store a private key in the Passkey. It goes somewhere along these lines:
Register passkey
Generate a new RSA keypair
Store the private key in LargeBlob
Whenever we need to decrypt data, we do this:
Authenticate passkey
Read LargeBlob, import private key
Decrypt the data
To facilitate this, I put together a simple NPM package, @swiftprotocol/auth.
Registering/authenticating users
Webauthn requires apps to provide a challenge to users attempting to register or authenticate passkeys. The "challenge" string needs to be entirely random to protect your users from repeat attacks. You'll need a server for this.
Once you have this challenge, you can call register(username, challenge). This'll return a credential that you'll need to store alongside a unique identifier for your user to be able to recognize your users. Fortunately, because we're working with web3, we already have a unique identifier, the user's address.
When you need to verify the identity of a user, call authenticate([credentialId], challenge). The returned signature will need to be sent to your server so that it can verify that it is legitimate. There are methods in the package to allow this: verifyRegistration and verifyAuthentication.
To write text to the user's LargeBlob, just call writeBlob([credentialId], challenge, blob). Your blob should be in text format, the API will handle converting it to a Uint8array.
Remarks
In my opinion, this could be the future of user authentication if the FIDO alliance members play their cards right. I'm excited and looking forward to future developments to the Webauthn standard.
One of the challenges when developing encryption systems for Swift Protocol has been figuring out how to decrypt data using a user's Keplr (or other) wallet. After hours of research, I landed on a relatively new solution: Passkeys.
What is a Passkey?
At WWDC22, Apple introduced the concept of Passkeys as a rebrand of the existing FIDO standard. This was adopted by most web browsers and operating systems over the next year, and we're not at a point where most systems support passkeys.
Passkeys are built on top of the Webauthn standard. When used with a mobile device (iOS, Android) they're stored in the device's keychain, which means they can be unlocked using biometrics.
The LargeBlob Extension
More modern systems have access to a Webauthn extension called LargeBlob, which allows you to store a significant amount of text within a passkey. This text can only be decrypted when the passkey is unlocked (i.e. through biometrics).
In essence, this means that we can store data within a biometric-secured environment facilitated by hardware APIs. This is huge.
Storing a key in LargeBlob
For Swift Protocol, this means we can store a private key in the Passkey. It goes somewhere along these lines:
Register passkey
Generate a new RSA keypair
Store the private key in LargeBlob
Whenever we need to decrypt data, we do this:
Authenticate passkey
Read LargeBlob, import private key
Decrypt the data
To facilitate this, I put together a simple NPM package, @swiftprotocol/auth.
Registering/authenticating users
Webauthn requires apps to provide a challenge to users attempting to register or authenticate passkeys. The "challenge" string needs to be entirely random to protect your users from repeat attacks. You'll need a server for this.
Once you have this challenge, you can call register(username, challenge). This'll return a credential that you'll need to store alongside a unique identifier for your user to be able to recognize your users. Fortunately, because we're working with web3, we already have a unique identifier, the user's address.
When you need to verify the identity of a user, call authenticate([credentialId], challenge). The returned signature will need to be sent to your server so that it can verify that it is legitimate. There are methods in the package to allow this: verifyRegistration and verifyAuthentication.
To write text to the user's LargeBlob, just call writeBlob([credentialId], challenge, blob). Your blob should be in text format, the API will handle converting it to a Uint8array.
Remarks
In my opinion, this could be the future of user authentication if the FIDO alliance members play their cards right. I'm excited and looking forward to future developments to the Webauthn standard.
One of the challenges when developing encryption systems for Swift Protocol has been figuring out how to decrypt data using a user's Keplr (or other) wallet. After hours of research, I landed on a relatively new solution: Passkeys.
What is a Passkey?
At WWDC22, Apple introduced the concept of Passkeys as a rebrand of the existing FIDO standard. This was adopted by most web browsers and operating systems over the next year, and we're not at a point where most systems support passkeys.
Passkeys are built on top of the Webauthn standard. When used with a mobile device (iOS, Android) they're stored in the device's keychain, which means they can be unlocked using biometrics.
The LargeBlob Extension
More modern systems have access to a Webauthn extension called LargeBlob, which allows you to store a significant amount of text within a passkey. This text can only be decrypted when the passkey is unlocked (i.e. through biometrics).
In essence, this means that we can store data within a biometric-secured environment facilitated by hardware APIs. This is huge.
Storing a key in LargeBlob
For Swift Protocol, this means we can store a private key in the Passkey. It goes somewhere along these lines:
Register passkey
Generate a new RSA keypair
Store the private key in LargeBlob
Whenever we need to decrypt data, we do this:
Authenticate passkey
Read LargeBlob, import private key
Decrypt the data
To facilitate this, I put together a simple NPM package, @swiftprotocol/auth.
Registering/authenticating users
Webauthn requires apps to provide a challenge to users attempting to register or authenticate passkeys. The "challenge" string needs to be entirely random to protect your users from repeat attacks. You'll need a server for this.
Once you have this challenge, you can call register(username, challenge). This'll return a credential that you'll need to store alongside a unique identifier for your user to be able to recognize your users. Fortunately, because we're working with web3, we already have a unique identifier, the user's address.
When you need to verify the identity of a user, call authenticate([credentialId], challenge). The returned signature will need to be sent to your server so that it can verify that it is legitimate. There are methods in the package to allow this: verifyRegistration and verifyAuthentication.
To write text to the user's LargeBlob, just call writeBlob([credentialId], challenge, blob). Your blob should be in text format, the API will handle converting it to a Uint8array.
Remarks
In my opinion, this could be the future of user authentication if the FIDO alliance members play their cards right. I'm excited and looking forward to future developments to the Webauthn standard.
One of the challenges when developing encryption systems for Swift Protocol has been figuring out how to decrypt data using a user's Keplr (or other) wallet. After hours of research, I landed on a relatively new solution: Passkeys.
What is a Passkey?
At WWDC22, Apple introduced the concept of Passkeys as a rebrand of the existing FIDO standard. This was adopted by most web browsers and operating systems over the next year, and we're not at a point where most systems support passkeys.
Passkeys are built on top of the Webauthn standard. When used with a mobile device (iOS, Android) they're stored in the device's keychain, which means they can be unlocked using biometrics.
The LargeBlob Extension
More modern systems have access to a Webauthn extension called LargeBlob, which allows you to store a significant amount of text within a passkey. This text can only be decrypted when the passkey is unlocked (i.e. through biometrics).
In essence, this means that we can store data within a biometric-secured environment facilitated by hardware APIs. This is huge.
Storing a key in LargeBlob
For Swift Protocol, this means we can store a private key in the Passkey. It goes somewhere along these lines:
Register passkey
Generate a new RSA keypair
Store the private key in LargeBlob
Whenever we need to decrypt data, we do this:
Authenticate passkey
Read LargeBlob, import private key
Decrypt the data
To facilitate this, I put together a simple NPM package, @swiftprotocol/auth.
Registering/authenticating users
Webauthn requires apps to provide a challenge to users attempting to register or authenticate passkeys. The "challenge" string needs to be entirely random to protect your users from repeat attacks. You'll need a server for this.
Once you have this challenge, you can call register(username, challenge). This'll return a credential that you'll need to store alongside a unique identifier for your user to be able to recognize your users. Fortunately, because we're working with web3, we already have a unique identifier, the user's address.
When you need to verify the identity of a user, call authenticate([credentialId], challenge). The returned signature will need to be sent to your server so that it can verify that it is legitimate. There are methods in the package to allow this: verifyRegistration and verifyAuthentication.
To write text to the user's LargeBlob, just call writeBlob([credentialId], challenge, blob). Your blob should be in text format, the API will handle converting it to a Uint8array.
Remarks
In my opinion, this could be the future of user authentication if the FIDO alliance members play their cards right. I'm excited and looking forward to future developments to the Webauthn standard.
Product
September 7, 2023
Can you link a Cosmos wallet to a passkey?
Product
September 7, 2023
Can you link a Cosmos wallet to a passkey?
Product
September 7, 2023
Can you link a Cosmos wallet to a passkey?
Product
September 7, 2023
Can you link a Cosmos wallet to a passkey?
Product
September 7, 2023
Can you link a Cosmos wallet to a passkey?