sign method

Future<Uint8List> sign(
  1. Uint8List data
)

Signs data (the challenge, i.e. blake2b(intentMessage)) with the passkey and returns the serialized PasskeyAuthenticator BCS bytes (without the outer passkey flag).

Implementation

Future<Uint8List> sign(Uint8List data) async {
  final assertion = await provider.get(data, credentialId);
  final clientDataJson = utf8.decode(assertion.clientDataJSON);

  // Low-S–normalized 64-byte compact secp256r1 signature.
  final normalized =
      Secp256.fromSecp256r1().derToNormalizedCompact(assertion.signature);
  if (normalized.length != PASSKEY_SIGNATURE_SIZE ||
      publicKey.length != PASSKEY_PUBLIC_KEY_SIZE) {
    throw ArgumentError('Invalid signature or public key length');
  }

  // userSignature = flag(secp256r1) || sig || pubkey.
  final userSignature = Uint8List(1 + normalized.length + publicKey.length);
  userSignature[0] = SIGNATURE_SCHEME_TO_FLAG.Secp256r1;
  userSignature.setAll(1, normalized);
  userSignature.setAll(1 + normalized.length, publicKey);

  return Uint8List.fromList(SuiBcs.PasskeyAuthenticator.serialize({
    'authenticatorData': assertion.authenticatorData,
    'clientDataJson': clientDataJson,
    'userSignature': userSignature,
  }).toBytes());
}