sign method
Signs data (the challenge, i.e. blake2b(intentMessage)) with the
passkey and returns the serialized PasskeyAuthenticator BCS bytes
(without the outer passkey flag).
Implementation
Future<Uint8List> sign(Uint8List data) async {
final assertion = await provider.get(data, credentialId);
final clientDataJson = utf8.decode(assertion.clientDataJSON);
// Low-S–normalized 64-byte compact secp256r1 signature.
final normalized =
Secp256.fromSecp256r1().derToNormalizedCompact(assertion.signature);
if (normalized.length != PASSKEY_SIGNATURE_SIZE ||
publicKey.length != PASSKEY_PUBLIC_KEY_SIZE) {
throw ArgumentError('Invalid signature or public key length');
}
// userSignature = flag(secp256r1) || sig || pubkey.
final userSignature = Uint8List(1 + normalized.length + publicKey.length);
userSignature[0] = SIGNATURE_SCHEME_TO_FLAG.Secp256r1;
userSignature.setAll(1, normalized);
userSignature.setAll(1 + normalized.length, publicKey);
return Uint8List.fromList(SuiBcs.PasskeyAuthenticator.serialize({
'authenticatorData': assertion.authenticatorData,
'clientDataJson': clientDataJson,
'userSignature': userSignature,
}).toBytes());
}