Skip to content

Add Native Console Proof Providers for Android #62

Description

@ebariaux

Add native proof providers so mobile consoles can prove possession of the installed app/device state without exposing reusable secrets to web content.

Provider behavior:

  • Add a consoleProof provider to both native console implementations.

  • Generate an asymmetric key pair on device.

  • Store the private key as non-exportable where possible: Android Keystore

  • Expose provider actions to web content:

    • initialize / report provider availability
    • create or load key
    • return public key as JWK
    • sign a challenge payload
    • optionally delete key for “forget this device”
  • Do not expose the private key or raw secret to JavaScript.

  • Include provider version and supported algorithms, initially ES256 unless implementation constraints require otherwise.

Acceptance criteria:

  • Android can generate and persist a key across app restarts.
  • Public key can be returned to web content.
  • Challenge payload can be signed by native code.
  • Private key cannot be read by web content.
  • Existing older native shells continue to fall back to Web Crypto/localStorage behavior until updated.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions