Core WebAuthn protocol verification library (ES256, ML-DSA-65, ML-DSA-65-ES256 composite)

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for connorpeters from gravatar.com connorpeters

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Locke Identity Networks Inc.
  • Tags passkey , webauthn , fido2 , post-quantum , mldsa
  • Requires: Python >=3.10
  • Provides-Extra: pq , dev
Classifiers
Report project as malware

Project description

open-passkey

Core WebAuthn/FIDO2 protocol verification for Python. No HTTP, no sessions, no framework dependencies -- pure cryptographic verification of registration and authentication ceremonies.

Install

pip install open-passkey

For post-quantum algorithm support (ML-DSA-65, ML-DSA-65-ES256 composite):

pip install open-passkey[pq]

This installs liboqs-python, which requires the liboqs C library on your system.

Usage

from open_passkey import verify_registration, verify_authentication

# Registration ceremony
result = verify_registration(
    rp_id="example.com",
    expected_challenge="<base64url>",
    expected_origin="https://example.com",
    client_data_json="<base64url>",
    attestation_object="<base64url>",
)
print(result.credential_id, result.public_key_cose)

# Authentication ceremony
result = verify_authentication(
    rp_id="example.com",
    expected_challenge="<base64url>",
    expected_origin="https://example.com",
    stored_public_key_cose="<base64url>",
    stored_sign_count=0,
    client_data_json="<base64url>",
    authenticator_data="<base64url>",
    signature="<base64url>",
)
print(result.sign_count)

All binary inputs and outputs are base64url-encoded strings (no padding).

API

Functions

  • verify_registration(rp_id, expected_challenge, expected_origin, client_data_json, attestation_object, require_user_verification=False) -> RegistrationResult
  • verify_authentication(rp_id, expected_challenge, expected_origin, stored_public_key_cose, stored_sign_count, client_data_json, authenticator_data, signature, require_user_verification=False) -> AuthenticationResult

Dataclasses

  • RegistrationResult -- credential_id, public_key_cose, sign_count, rp_id_hash, flags, backup_eligible, backup_state, attestation_format
  • AuthenticationResult -- sign_count, flags, backup_eligible, backup_state

Errors (all subclass WebAuthnError)

ChallengeMismatchError, OriginMismatchError, RPIDMismatchError, SignatureInvalidError, UnsupportedAlgorithmError, UnsupportedAttestationFormatError, InvalidAttestationStatementError, SignCountRollbackError, UserPresenceRequiredError, UserVerificationRequiredError, InvalidBackupStateError

Algorithms

Algorithm COSE alg Notes
ES256 (ECDSA P-256) -7 Classical, all browsers
ML-DSA-65 -49 Post-quantum (FIPS 204), requires liboqs
ML-DSA-65-ES256 composite -52 Hybrid PQ, requires liboqs

Attestation

Supports none and packed (self-attestation and full x5c chain).

Dependencies

  • cryptography>=41.0
  • cbor2>=5.4
  • Optional: liboqs-python>=0.14 (for ML-DSA-65; requires liboqs C library)

Testing

pytest tests/

Related Packages

  • open-passkey-server -- framework-agnostic server logic built on this library
  • open-passkey-flask, open-passkey-fastapi, open-passkey-django -- framework bindings
  • @open-passkey/sdk (npm) -- browser SDK

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for connorpeters from gravatar.com connorpeters

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Locke Identity Networks Inc.
  • Tags passkey , webauthn , fido2 , post-quantum , mldsa
  • Requires: Python >=3.10
  • Provides-Extra: pq , dev
Classifiers

Release history Release notifications | RSS feed

This version

0.1.4

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

open_passkey-0.1.4.tar.gz (9.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

open_passkey-0.1.4-py3-none-any.whl (11.0 kB view details)

Uploaded Python 3

File details

Details for the file open_passkey-0.1.4.tar.gz.

File metadata

  • Download URL: open_passkey-0.1.4.tar.gz
  • Upload date:
  • Size: 9.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for open_passkey-0.1.4.tar.gz
Algorithm Hash digest
SHA256 15a703e782d032836ce8d6eec91d3f40f3831b040aa88f248f224e991f849942
MD5 5ec5a3150f9e3f08130aa57dc75a3a4a
BLAKE2b-256 00e5af1af002e1b890426aabe0b59327c64462cf300d18daa556940eb448bc55

See more details on using hashes here.

File details

Details for the file open_passkey-0.1.4-py3-none-any.whl.

File metadata

  • Download URL: open_passkey-0.1.4-py3-none-any.whl
  • Upload date:
  • Size: 11.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for open_passkey-0.1.4-py3-none-any.whl
Algorithm Hash digest
SHA256 d76a008d6314a3baa2a6116cdb0af1eca848ceb4cbe552193ba0ae897d9e8127
MD5 b2ef3f777a3977b6b9aaca50efef9df7
BLAKE2b-256 6f33936f5ce23c5184af9a232eaff6af759396cbec4076d6aac681b3fbbc429e

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page