https://github.com/nucypher/passkeys-taco-poc

PoC implementing passkeys to TACo encryption authentication
https://github.com/nucypher/passkeys-taco-poc

cryptography encryption-decryption passkeys taco threshold-cryptography web3

Last synced: 9 months ago
JSON representation

PoC implementing passkeys to TACo encryption authentication

• Host: GitHub
• URL: https://github.com/nucypher/passkeys-taco-poc
• Owner: nucypher
• Created: 2025-07-03T07:32:21.000Z (12 months ago)
• Default Branch: main
• Last Pushed: 2025-07-18T09:54:57.000Z (11 months ago)
• Last Synced: 2025-07-18T13:46:13.452Z (11 months ago)
• Topics: cryptography, encryption-decryption, passkeys, taco, threshold-cryptography, web3
• Language: TypeScript
• Homepage:
• Size: 146 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# SimpleWebAuthn Passkeys + TACo PoC

This is a Next.js app that implements passkeys using [SimpleWebAuthn](https://github.com/GoogleChromeLabs/simple-webauthn)

and [TACo](https://github.com/GoogleChromeLabs/taco).

The objective of this POC is to show how to use passkeys for TACo encryptor authentication.

## Usage

Recommended node version: v20.

```bash

npm install

# or

pnpm install

```

Create a new `.env` file with the environment variables required in `.env.template`

file.

```bash

npm run dev

# or

pnpm dev

```

[http://localhost:3000](http://localhost:3000)

## Diagrams

### Passkey registration flow

```mermaid

sequenceDiagram

    participant Authenticator

    participant Client

    participant Server

    participant Database

    Client->>Client: generate ephemeral wallet

    Client->>Server: getRegistrationOptions(eph. wallet address)

    Server->>Server: generate RegistrationOptions
(including custom challenge)

    Server->>Database: save RegistrationOptions
for ephemeral wallet

    Server->>Client: RegistrationOptions

    Client->>Authenticator: startRegistration(RegistrationOptions)

    Authenticator->>Authenticator: Generate Priv/Pub key +
signature (attestation)

    Authenticator->>Client: RegistrationResponse
(credential i.e. pub key + signature)

    Client->>Server: verifyRegistration
(eph. wallet address, RegistrationResponse)

    Server->>Database: getChallenge(eph. wallet address)

    Database->>Server: challenge

    Server->>Server: checkChallenge()

    Server->>Server: verifyRegistration(RegistrationResponse, challenge)

    Server->>Client: VerificationResponse

    Server->>Server: registry eph wallet as encryptor
on GlobalAllowList smartcontract

```

Note that, in the code, the code run by the server is in the `src/lib` directory,

while the code run by the client is in the `src/app` directory.