signAndRecover static method

Future<List<PasskeyPublicKey>> signAndRecover(
  1. PasskeyProvider provider,
  2. Uint8List message
)

Asks the passkey to sign message and returns every (up to 4) public key that could have produced the signature. Call twice with different messages and intersect with findCommonPublicKey to identify a previously created passkey wallet whose public key isn't stored locally.

Implementation

static Future<List<PasskeyPublicKey>> signAndRecover(
    PasskeyProvider provider, Uint8List message) async {
  final assertion = await provider.get(message);
  // The signed message is authenticatorData || sha256(clientDataJSON).
  final fullMessage = Uint8List.fromList([
    ...assertion.authenticatorData,
    ...sha256(assertion.clientDataJSON),
  ]);
  final candidates = Secp256.fromSecp256r1()
      .recoverCompressedFromDer(assertion.signature, sha256(fullMessage));
  return candidates.map((pk) => PasskeyPublicKey(pk)).toList();
}