diff --git a/.changeset/wise-mangos-push.md b/.changeset/wise-mangos-push.md new file mode 100644 index 000000000..46ee03dbb --- /dev/null +++ b/.changeset/wise-mangos-push.md @@ -0,0 +1,5 @@ +--- +"@near-js/biometric-ed25519": patch +--- + +Ensure passkey-derived keys are prefixed with ed25519 diff --git a/packages/biometric-ed25519/src/index.ts b/packages/biometric-ed25519/src/index.ts index 28fff0c4d..d0f22dbd6 100644 --- a/packages/biometric-ed25519/src/index.ts +++ b/packages/biometric-ed25519/src/index.ts @@ -3,7 +3,7 @@ import { ed25519 } from '@noble/curves/ed25519'; import { sha256 } from '@noble/hashes/sha256'; import { Buffer } from 'buffer'; import asn1 from 'asn1-parser'; -import { KeyPair } from '@near-js/crypto'; +import { KeyPair, KeyPairEd25519 } from '@near-js/crypto'; import { baseEncode } from '@near-js/utils'; import { validateUsername, @@ -18,7 +18,6 @@ import { } from './utils'; import { Fido2 } from './fido2'; import type { AssertionResponse } from './type'; -import { KeyPairString } from '@near-js/crypto'; const CHALLENGE_TIMEOUT_MS = 90 * 1000; const RP_NAME = 'NEAR_API_JS_WEBAUTHN'; @@ -87,7 +86,7 @@ export const createKey = async (username: string): Promise => { const publicKeyBytes = get64BytePublicKeyFromPEM(publicKey); const secretKey = sha256.create().update(Buffer.from(publicKeyBytes)).digest(); const pubKey = ed25519.getPublicKey(secretKey); - return KeyPair.fromString(baseEncode(new Uint8Array(Buffer.concat([Buffer.from(secretKey), Buffer.from(pubKey)]))) as KeyPairString); + return new KeyPairEd25519(baseEncode(Buffer.concat([Buffer.from(secretKey), Buffer.from(pubKey)]))); }); }; @@ -130,8 +129,8 @@ export const getKeys = async (username: string): Promise<[KeyPair, KeyPair]> => const firstEDPublic = ed25519.getPublicKey(firstEDSecret); const secondEDSecret = sha256.create().update(Buffer.from(correctPKs[1])).digest(); const secondEDPublic = ed25519.getPublicKey(secondEDSecret); - const firstKeyPair = KeyPair.fromString(baseEncode(new Uint8Array(Buffer.concat([Buffer.from(firstEDSecret), Buffer.from(firstEDPublic)]))) as KeyPairString); - const secondKeyPair = KeyPair.fromString(baseEncode(new Uint8Array(Buffer.concat([Buffer.from(secondEDSecret), Buffer.from(secondEDPublic)]))) as KeyPairString); + const firstKeyPair = new KeyPairEd25519(baseEncode(Buffer.concat([Buffer.from(firstEDSecret), Buffer.from(firstEDPublic)]))); + const secondKeyPair = new KeyPairEd25519(baseEncode(Buffer.concat([Buffer.from(secondEDSecret), Buffer.from(secondEDPublic)]))); return [firstKeyPair, secondKeyPair]; }); };