identity/com.midnight.kuira.core.identity.sigil/Ed25519PrfSigilProvider

Ed25519PrfSigilProvider

@Singleton
class Ed25519PrfSigilProvider @Inject constructor : SigilIdentityProvider

Default SigilIdentityProvider — derives the sigil DID from PRF(passkey, SIGIL_SALT) → Ed25519 keypair → did:key:z6Mk….

Why Ed25519 + did:key:

  • W3C did:key is the format already exercised by the wallet; consumers treat the DID as an opaque string, so staying in-spec costs us nothing while keeping the option open for future interop (W3C verifiable credentials, did-resolver libraries, midnightOS Passkeys).

  • Ed25519's 32-byte seed maps 1:1 to a valid keypair with no validity loops, no scalar bias — unlike P-256 from a raw PRF output, which would need rejection sampling.

  • The Ed25519 private key is derivable on demand (re-running this flow re-authenticates the passkey), so if a future use case needs a sigil-controlled signing key without a Credential Manager round-trip we have one ready. For now the private half is wiped immediately after we extract the public key.

Determinism: (passkey, SIGIL_SALT) → PRF → Ed25519 seed → pubkey → did:key is deterministic at every step. Same passkey on any device, any Kuira ecosystem app sharing the relying party, lands on the same DID. Verified architecturally; locked down by Ed25519PrfSigilProviderTest.

Constructors

Link copied to clipboard
@Inject
constructor()

Properties

Link copied to clipboard
open override val prfSalt: ByteArray

The 32-byte PRF salt this provider uses for its ceremony.

Functions

Link copied to clipboard
open override fun deriveFromPrfOutput(prfOutput: ByteArray): String

Pure derivation — 32-byte PRF output is consumed as the Ed25519 seed, the corresponding public key is encoded as did:key:z6Mk….

Link copied to clipboard
open suspend override fun deriveSigilDid(activity: Activity, passkeyManager: PasskeyManager): SigilDerivation

Convenience one-shot: runs a PRF ceremony with prfSalt, derives the DID, returns it plus the credential ID from the assertion.