Please visit https://webauthn.io/ to see a demo of how it works. It integrates with the built-in authentication managed by the browser and operating system, and the private keys are stored in a U2F device or -- these days very often -- in a secure enclave inside the computer or phone on which the browser is running. The actual identity is managed through the user's operating system, as it does for many other applications and people rely on every day.
Then please read the basic overview of the Web Authentication API. The challenge normally comes from a server, to be signed using the and it is the server that then validates the signature. During registration, an authenticator can provide attestation about itself, when providing a public key to be saved on the server / blockchain. Then, during authentication, the authenticator signs the challenge using the private key corresponding to the public key.
Research
Please visit https://webauthn.io/ to see a demo of how it works. It integrates with the built-in authentication managed by the browser and operating system, and the private keys are stored in a U2F device or -- these days very often -- in a secure enclave inside the computer or phone on which the browser is running. The actual identity is managed through the user's operating system, as it does for many other applications and people rely on every day.
Then please read the basic overview of the Web Authentication API. The challenge normally comes from a server, to be signed using the and it is the server that then validates the signature. During registration, an authenticator can provide attestation about itself, when providing a public key to be saved on the server / blockchain. Then, during authentication, the authenticator signs the challenge using the private key corresponding to the public key.
Here are more resources about WebAuthn
Implementation
Implement a simple self-contained HTML page, with no external dependencies, that includes a copy of ethers.js locally inline in a Githubissues.