Public keys of different formats are distinguished by their prefix.
Ed25519 keys have no prefix
Public keys for WebAuthn appearing in keysets must be prefixed with "WEBAUTHN-".
The new enum DynKeyPair ranges over Ed25519 keypairs and WebAuthn keypairs. Our client-side function for building commands (mkCommand, mkCommand') have counterparts that accept DynKeyPair instead of Ed25519KeyPair: mkCommandWithDynKeys. The new command generators will perform different signing algorithms and produce different signatures, depending on the type of keypair used. This distinction is only meaningful in tests, because real users will never have a WebAuthn private key. Real users using WebAuthn-signed transactions would be using a web client and an authenticator device that hold the secret key on the user's behalf.
The PR adds a lot of new functions for generating, parsing and printing WebAuthn keys. The functions applying to WebAuthn private keys are only used for testing.
The following repl session demonstrates that "WEBAUTHN-" prefixed keys pass format enforcement and are usable as keyset guards:
[x] PR description contains example output from repl interaction or a snippet from unit test output
[x] Documentation has been updated if new natives or FV properties have been added. To generate new documentation, issue cabal run tests. If they pass locally, docs are generated.
This PR allows WebAuthn keys in keysets.
Public keys of different formats are distinguished by their prefix.
The new enum
DynKeyPair
ranges over Ed25519 keypairs and WebAuthn keypairs. Our client-side function for building commands (mkCommand
,mkCommand'
) have counterparts that acceptDynKeyPair
instead ofEd25519KeyPair
:mkCommandWithDynKeys
. The new command generators will perform different signing algorithms and produce different signatures, depending on the type of keypair used. This distinction is only meaningful in tests, because real users will never have a WebAuthn private key. Real users using WebAuthn-signed transactions would be using a web client and an authenticator device that hold the secret key on the user's behalf.The PR adds a lot of new functions for generating, parsing and printing WebAuthn keys. The functions applying to WebAuthn private keys are only used for testing.
The following repl session demonstrates that "WEBAUTHN-" prefixed keys pass format enforcement and are usable as keyset guards:
PR checklist:
cabal run tests
. If they pass locally, docs are generated.Additionally, please justify why you should or should not do the following: