Add native proof providers so mobile consoles can prove possession of the installed app/device state without exposing reusable secrets to web content.
Provider behavior:
-
Add a consoleProof provider to both native console implementations.
-
Generate an asymmetric key pair on device.
-
Store the private key as non-exportable where possible: Android Keystore
-
Expose provider actions to web content:
- initialize / report provider availability
- create or load key
- return public key as JWK
- sign a challenge payload
- optionally delete key for “forget this device”
-
Do not expose the private key or raw secret to JavaScript.
-
Include provider version and supported algorithms, initially ES256 unless implementation constraints require otherwise.
Acceptance criteria:
- Android can generate and persist a key across app restarts.
- Public key can be returned to web content.
- Challenge payload can be signed by native code.
- Private key cannot be read by web content.
- Existing older native shells continue to fall back to Web Crypto/localStorage behavior until updated.
Add native proof providers so mobile consoles can prove possession of the installed app/device state without exposing reusable secrets to web content.
Provider behavior:
Add a consoleProof provider to both native console implementations.
Generate an asymmetric key pair on device.
Store the private key as non-exportable where possible: Android Keystore
Expose provider actions to web content:
Do not expose the private key or raw secret to JavaScript.
Include provider version and supported algorithms, initially ES256 unless implementation constraints require otherwise.
Acceptance criteria: