Local WebAuthn PRF experiment

Passkey → Gen6/Substrate Key

This derives deterministic Substrate-compatible key material from the WebAuthn PRF / hmac-secret extension. The passkey private key itself is never exported.

Checking origin…

Testing only. This can print raw Substrate seed material. Anyone who sees that seed can control the derived account. Do not fund this account unless this flow is audited and you fully accept the recovery risk.

1. Diagnostics

Origin—

Secure context—

WebAuthn API—

Polkadot crypto libLoading…

Stored credential—

Default Gen6 SS58 prefix355

2. Settings

Wallet label / derivation label SS58 prefix Substrate crypto type

Same key + same site origin + same credential + same label + same crypto type = same derived account. Changing the label intentionally creates a different account.

3. Register Key's PRF credential

Register once on this exact HTTPS origin. The browser stores only the credential ID locally. The HwKey key keeps the WebAuthn/passkey secret.

No registration yet.

4. Derive Gen6/Substrate account

I understand this can print secret seed material and I am using this for testing.

No derivation yet.

5. Optional signing test

Message to sign

No signature yet.

Passkey → Gen6/Substrate Key

1. Diagnostics

2. Settings

3. Register Key's PRF credential

4. Derive Gen6/Substrate account

5. Optional signing test

Event log