authenticateWithPrf
suspend fun authenticateWithPrf(activity: Activity, challenge: ByteArray, prfSalt: ByteArray, prfSaltSecond: ByteArray? = null): PrfAssertionResult
Authenticates with PRF extension — produces a deterministic secret from the passkey.
Same passkey + same salt = same 32-byte secret on any device. Used for deriving encryption keys for cloud backup (zero-words recovery).
Return
PrfAssertionResult with the assertion data AND the 32-byte PRF output
Parameters
activity
Activity context for the CredentialManager system UI
challenge
Challenge bytes for the assertion
prfSalt
Salt for the PRF evaluation (purpose-bound, e.g. SHA-256("kuira:backup:v1"))
Throws
if PRF is not supported or authentication fails