Small Grant: Passkey Holder

Project Name: “Passkey Holder” for Sia (Working Title)
Project Lead: Oleh N.

Project Description

The “Passkey Holder” (TBD) browser extension will provide users with a decentralized approach to store and manage their passkeys on the Sia network, seamlessly integrating with the WebAuthn API on web pages to ensure reliable handling of authentication requests. This approach will significantly enhance user autonomy and control over authentication data, aligning with principles of user-centric data management.

Popular password and passkey management solutions, such as iCloud Keychain and Google Password Manager, present a critical limitation by not allowing users to export their passkeys. Users of these platform-specific solutions often find themselves tied to their vendor-specific platforms, facing significant challenges if they decide to switch platforms. The “Passkey Holder” will address this problem by providing true portability and decentralized storage of authentication credentials.

Users will be able to seamlessly link the extension to their renterd node through a simple configuration process within the extension’s interface. Once connected, the extension will initiate automatic passkey synchronization, ensuring up-to-date credential access across all devices. This architecture will allow users to install the extension on any compatible browser across their devices, ensuring seamless access to all their passkeys through supported browsers.

Security is a top priority. Passkey registration data will be encrypted on the user’s device before being stored on the Sia network, ensuring enhanced user control over credentials. The result will be not only enhanced privacy but also greater freedom in managing digital keys, leading to a more personalized and secure authentication process. Ultimately, this strategy will empower users with improved data privacy and true ownership of their authentication credentials, prioritizing user autonomy and security.

How does the projected outcome serve the Foundation’s mission of user-owned data?

The project’s decentralized passkey storage on the Sia network will directly embody the foundation’s commitment to user-centric data control. By enabling users to independently manage their credentials across various platforms, it will break the confines of vendor-specific ecosystems, aligning with the foundation’s vision of returning data sovereignty to individuals. This implementation will not only ensure accessibility and confidentiality but also address current security challenges in the digital identity space.

As WebAuthn gains prominence, the integration of passkey storage within the Sia network, combined with its implementation in popular browsers, will introduce the concept of decentralized data storage to a wide audience. This approach will support the foundation’s goal of making decentralized storage accessible and practical for everyday use.

In its essence, by facilitating user-controlled digital identities, the project will exemplify the foundation’s vision of a decentralized, user-empowered digital landscape. It will advance digital autonomy and security, directly supporting the foundation’s goal of promoting user-owned data.

Budget Justification

The project author is requesting a grant of $9,000 to support a full-time commitment as the lead developer of the “Passkey Holder” browser extension. This funding should be allocated in three equal monthly payments over the 3-month timeline to ensure consistent financial support, allowing the author to fully dedicate time and effort to the meticulous development and implementation of the project.

Project Goals

  • Create a fully-functional extension compatible with Chrome and Firefox browsers that will seamlessly intercept and process WebAuthn events, ensuring a smooth user experience.

  • Design and deploy a robust mechanism for securely storing passkeys on the Sia network, leveraging the decentralized nature of Sia to enhance data protection and user control.

  • Develop an efficient synchronization system that will ensure passkeys are consistently and securely updated across all user browsers, maintaining data integrity and availability.

Potential Risks

The WebAuthn specification is complex.
Ensuring consistent functionality across diverse websites may present challenges due to variations in how different sites implement WebAuthn. There may be a possibility of encountering yet-undiscovered technical obstacles that may impede the “Passkey Holder” from correctly processing WebAuthn mechanisms on certain websites.

Will all of your project’s code be open-source?

Yes!

Where code will be accessible for review?

Do you agree to submit monthly progress reports?

Yes.

Contact info

Email: [email protected]
Discord: new0ne

Thanks for your proposal to The Sia Foundation Grants Program. After review, the committee has decided to approve this proposal! They do have some notes to pass along though:

  • They recommend a switch to either building on top of S5, or supporting multiple backends like S5, IPFS, and renterd. Dealing with a routing layer and building accounts will be better served by including these services.

Regardless, congratulations on your approval. We’ll reach out to the provided email address to begin onboarding. Onboarding can take up to a couple of weeks, so be prepared to adjust your timelines slightly as we go through the process.

Dear Steve and Sia Foundation Grants Committee,

I am deeply grateful for your resolute backing of this project. Your trust is immensely valuable to me and is incredibly motivating.

Thank you for your insights on S5 and multiple backend support. I value these recommendations and keep these ideas in mind as I develop the solution to unleash the project’s potential.

With enthusiasm and gratitude,
Oleh.

September 2024 | Passkey Holder Progress Report:

  • Developed a simple browser extension for intercepting calls to navigator.credentials.create() and navigator.credentials.get() in the WebAuthn API.
  • Built support for cryptographic signature algorithms: ES256 and RS256.
  • Created minimum viable mechanisms for generating new credentials and handling authentication requests.
  • Implemented fallback to native WebAuthn flow when the user cancels the custom process.

Link to repo worked on this month:

Goal for the next month:

  • Begin the full migration of the Passkey Holder project from Node.js server environment to client-side browser environment.

Progress Report Video:

Hi @new0ne thanks for the report! Please correct me if I’m missing something, but I only see the readme and license at your linked repo. Please ensure all your work is open source and visible to the Foundation during the duration of your grant.

Hi Steve!

I apologize for this oversight and the hiccup on my end.
The repository has been updated. You should see all the files now.

1 Like

October 2024 | “Nydia: Passkey Holder” Progress Report:

  • The wait is over! The search is complete – Nydia is here! It’s official – the extension finally got its name: ‘Nydia: Passkey Holder’! :mechanical_arm::biting_lip:

  • The project switched from a Node.js to a browser environment :pinched_fingers:

  • The entire registration and authentication process now happens with just a one single button press: “Create Passkey” or “Use Passkey:tada:

  • I try to keep my reports focused and succinct, steering clear of dense technicalities. For anyone interested in additional insights, check out the latest Pull Request on GitHub. But I recommend following a video walkthrough for better clarity :ok_hand:

Link to repo worked on this month:

Goals for the next month:

  • Improve the architecture of credential storage to provide users with easy access to their credentials from the extension’s menu. These changes will also involve the designing and developing a user interface for managing Passkeys :card_index_dividers:
  • Pioneer the renterd integration :jigsaw:

Progress Report Video:

November 2024 | “Nydia: Passkey Holder” Progress Report:

With trembling excitement and great joy, I’m thrilled to present Nydia: Passkey Holder v0.1.0! :tada:

The highlight of this major version is the integration with renterd for storing passkeys in the Sia network. Now users can create backups of their passkeys in decentralized storage while maintaining complete control over their data. All tests were run on the latest version of renterd v1.1.0-beta.6

Another fundamental milestone has been reached: I’m proudly announcing that the project has succeeded in getting rid of all production Node.js dependencies! :sponge:

This required:

  • base64url library replaced with custom implementation using browser APIs;

  • cbor replaced with dedicated CBOR implementation specialized for WebAuthn;

  • removed Node.js polyfills (buffer, process, util, stream) by rewriting code to use browser APIs.

Removing these dependencies significantly reduced the bundle size.

Other important improvements:

In addition to these architectural improvements and new renterd feature, significant enhancements were made to WebAuthn support. Added DER SubjectPublicKeyInfo support for public key retrieval.

Previously, the authenticator only supported public key extraction through CBOR attestationObject/authenticatorData decoding. Now it also supports the getPublicKey() method, which returns DER-encoded X.509 SubjectPublicKeyInfo.

This change allows the authenticator to work with Relying Parties that expect to obtain the credential’s public key through either method:

  • CBOR attestationObject/authenticatorData decoding
  • getPublicKey() method returning DER SubjectPublicKeyInfo

Link to repo worked on this month:

Goal for the next month:

  • Unfortunately, the ‘Synced’ status in the app is not currently accurate. While users can upload their passkeys to Sia with one single click, there is no automatic synchronisation, which also prevents automatically restoring the passkey, meaning everything must be done manually. I plan to focus on fixing this issue next month.

Progress Report Video:

Hello,

Thank you for your progress report!

Regards,
Kino on behalf of the Sia Foundation and Grants Committee

December 2024 | “Nydia: Passkey Holder” FINAL Progress Report:

That’s it, that’s all :leaves:

What progress was made on your grant this month?

Nydia has been updated to version 1.0.0-alpha.1 with the following key updates:

  • Two-way passkey synchronization: backup and restore your passkeys from Sia with one button press - ‘Sync Passkeys’ :sparkles:

  • Cross-browser support: welcome Firefox family! :fox_face:

Provide an overall summary of everything achieved during this grant.

Developed a fast and lightweight browser extension for Chrome and Firefox with decentralized passkey storage on the Sia network, enabling seamless two-way synchronization across different browsers and operating systems.

If there was any work you weren’t able to complete?

During the development of the extension, architecture became the cornerstone priority, while rapid feature delivery took a back seat. This is why Nydia has its own implementation of CBOR and base64url, however, it lacks certain functionality that was envisioned by the project’s author. A key planned enhancement is the encryption of passkeys before they are sent to the Sia network - this feature awaits on the horizon :yellow_circle:

Current limitations and opportunities

In the final report, this section is titled ‘What are you most proud of about your work on this grant?’, however I renamed it to ‘Current limitations and opportunities’ to better reflect the content that combines honest acknowledgment of current limitations with an optimistic view of future development.

At the current stage of development, Nydia is compatible with many popular websites and services. Successfully tested and confirmed compatibility with:

  • Social platforms (Discord, Twitter, Facebook)
  • Technology companies (Adobe, Microsoft, GitHub)
  • Online retailers (Amazon)
  • Payment systems (PayPal)
  • Business services (Docusign)
  • Gaming and entertainment services (Sony)
  • Domain name registrar (Namecheap)
  • Email services (ForwardEmail)
  • Travel & Hospitality (Air New Zealand, World of Hyatt)

Each of these services supports the full cycle of passkey operations through Nydia, including registration, authentication, and backup to Sia.

The list of supported websites is constantly being updated due to the rapid adoption of WebAuthn standard and passwordless authentication with passkeys.

However, it’s important to note that some platforms, such as Google and LinkedIn, are currently not supported by Nydia due to their specific WebAuthn implementations.

Despite the current limitations, I remain optimistic and hope that over time these technical challenges will be resolved, allowing Nydia to achieve full compatibility with more websites and services that offer signing in with passkeys.

Link to repo worked on this month:

Progress Report Video: