From 942fbdbb55f97490cf207622fdecfd488ad2503b Mon Sep 17 00:00:00 2001 From: Abhinav Garg Date: Fri, 7 Feb 2025 11:22:49 -0500 Subject: [PATCH 1/5] Minor change to data serving doc to clarify query patterns difference --- .../content/guides/developer/getting-started/data-serving.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/content/guides/developer/getting-started/data-serving.mdx b/docs/content/guides/developer/getting-started/data-serving.mdx index 6351dd04795b9..c2d63ebfb5531 100644 --- a/docs/content/guides/developer/getting-started/data-serving.mdx +++ b/docs/content/guides/developer/getting-started/data-serving.mdx @@ -128,8 +128,8 @@ You can use the high-level criteria mentioned in the following table to determin | Dimension | gRPC API | GraphQL RPC with Indexer 2.0 | | -------- | ------- | ------- | | Type of application or data consumer. | Ideal for Web3 exchanges, defi market maker apps, other defi protocols or apps with ultra low-latency needs. | Ideal for webapp builders or builders with slightly relaxed latency needs. | -| Query patterns. | Okay to read data from different endpoints separately and combine on the client-side; faster serialization, parsing, and validation due to binary format. | Need easier decoupling of the client with the ability to combine different types of data in fewer calls; data will be consistent across the underlying queries, including for paginated results. | -| Retention period requirements. | Default retention period will be two weeks with actual configuration dependent on the Full node operator and their needs and goals; see history-related note after the table. | Default retention period in Postgres database will be 4 weeks with actual configuration depending on your or a RPC provider or Data indexer operator's needs; see history-related note after the table. | +| Query patterns. | Okay to read data from different endpoints separately and combine on the client-side; faster serialization, parsing, and validation due to binary format. | Allows easier decoupling of the client with the ability to combine data from different tables in a single request; returns consistent data from different tables across similar checkpoints, including for paginated results. | +| Retention period requirements. | Default retention period will be two weeks with actual configuration dependent on the Full node operator and their needs and goals; see history-related note after the table. | Default retention period in Postgres database will be four weeks with actual configuration depending on your or a RPC provider or Data indexer operator's needs; see history-related note after the table. | | Streaming needs. | Will include a streaming or subscription API before beta release. | Subscription API is planned but will be available after GA. | | Incremental costs. | Little to no incremental costs if already using Full node JSON-RPC. | Somewhat significant incremental costs if already using Full node JSON-RPC and if retention period and query patterns differences are insignificant. | From e812104847d9ed71a114f49726745dfef2314a2b Mon Sep 17 00:00:00 2001 From: Abhinav Garg Date: Thu, 27 Feb 2025 15:36:47 -0500 Subject: [PATCH 2/5] Add a public doc for passkeys for testnet launch --- docs/content/concepts/cryptography.mdx | 8 ++- .../concepts/cryptography/passkeys.mdx | 60 +++++++++++++++++++ docs/content/sidebars/concepts.js | 1 + 3 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 docs/content/concepts/cryptography/passkeys.mdx diff --git a/docs/content/concepts/cryptography.mdx b/docs/content/concepts/cryptography.mdx index 158d3a3c516fe..db578f2ce55a2 100644 --- a/docs/content/concepts/cryptography.mdx +++ b/docs/content/concepts/cryptography.mdx @@ -14,10 +14,16 @@ Go to [Transaction Authentication](./cryptography/transaction-auth.mdx). ## zkLogin -zkLogin is a Sui primitive that enables you to send transactions from a Sui address using an OAuth credential, without publicly linking the two. zkLogin provides a description of the primitive and how to implement it. +zkLogin is a Sui primitive that enables you to send transactions from a Sui address using an OAuth credential, without publicly linking the two. Go to [zkLogin](./cryptography/zklogin.mdx). +## Passkeys + +Passkeys is a Sui primitive that enables you to sign-in to apps and send transactions to Sui using a private key securely stored on a authenticator. It uses the WebAuthn standard. + +To to [Passkeys](./cryptography/passkeys.mdx). + ## Related links - [Cryptography guides](../guides/developer/cryptography.mdx): See the cryptography guides for instruction on applying these concepts. \ No newline at end of file diff --git a/docs/content/concepts/cryptography/passkeys.mdx b/docs/content/concepts/cryptography/passkeys.mdx new file mode 100644 index 0000000000000..93e3d78b6c499 --- /dev/null +++ b/docs/content/concepts/cryptography/passkeys.mdx @@ -0,0 +1,60 @@ +--- +title: Passkeys +description: Passkeys is a Sui primitive that enables you to sign-in to apps and send transactions to Sui using a private key securely stored on a authenticator. It uses the WebAuthn standard. +--- + +Passkeys provide a secure and user-friendly alternative for submitting transactions to Sui. Built on the **WebAuthn standard**, passkeys let users authenticate and sign transactions using: + +- Hardware security keys, such as YubiKeys) +- Mobile devices, such as smartphones and tablets +- Platform-based authenticators, such as Face ID and Touch ID + +Passkeys simplify authentication by removing the need to manage seed phrases or private keys manually. Instead, they rely on device-based authentication and cloud synchronization, allowing seamless, phishing-resistant access across multiple devices. + +By integrating passkeys, Sui improves security and accessibility, making it easier for users to manage their accounts without compromising decentralization or cryptographic security. + +Refer to [Typescript SDK support](https://sdk.mystenlabs.com/typescript/cryptography/passkey) on how to add passkey support to your application. Also feel free to refer to [SIP-9](https://github.com/sui-foundation/sips/blob/main/sips/sip-9.md) for product specification. + +:::info +Passkeys is available in beta in Sui Devnet and Testnet. The Mainnet release is yet to be scheduled. +::: + +## Benefits of using passkeys + +**Sign transactions seamlessly** + +Users can sign transactions in Sui using passkeys, where the passkey private key stays securely stored within the authenticator, reducing the risk of key extraction attacks. + +**Authenticate across devices** + +Users can approve transactions on their mobile phones by scanning a QR code from a desktop browser. Cloud-synchronized passkeys (such as those stored in Apple iCloud or Google Password Manager) let users authenticate across multiple devices without manual key transfers. + +**Use hardware security keys** + +Users can sign transactions with external security keys, such as YubiKeys, to add an extra layer of protection against phishing and unauthorized access. + +**Authenticate with platform-based security** + +Users can sign transactions directly on devices with built-in authenticators (such as Face ID on iPhones or Windows Hello on Windows PCs). This approach lets users sign transactions natively without needing an external security key. + +**Recover access and secure accounts with multi-signature authentication** + +Cloud-synced passkeys help users recover access if they lose a device. + +## Limitations of passkeys + +**Passkey functionality varies by authenticator** + +Some security keys do not support biometric authentication, requiring users to enter a PIN instead. Also since WebAuthn does not provide access to private keys, users must store their passkeys securely or enable cloud synchronization for recovery. + +**Cloud synchronization introduces potential risks** + +Cloud-synced passkeys improve accessibility but also create risks if a cloud provider is compromised or if a user loses access to their cloud account. Users who prefer full self-custody can rely on hardware-based passkeys that do not use cloud synchronization. + +**Passkeys cannot be exported** + +Users cannot transfer passkeys between different authenticators. For example, a passkey created on a security key cannot move to another device unless it syncs through a cloud provider. To avoid losing access, users should set up authentication on multiple devices. + +**Multisig support is not available yet** + +Passkeys are not supported with [Multisig](/concepts/cryptography/transaction-auth/multisig) yet, which could allow using Passkey with [ZkLogin](/concepts/cryptography/zklogin). Reach out to us if you are interested in such a support. \ No newline at end of file diff --git a/docs/content/sidebars/concepts.js b/docs/content/sidebars/concepts.js index f49c1f6dfe35a..f1f412dcd5505 100644 --- a/docs/content/sidebars/concepts.js +++ b/docs/content/sidebars/concepts.js @@ -110,6 +110,7 @@ const concepts = [ ], }, 'concepts/cryptography/zklogin', + 'concepts/cryptography/passkeys', 'concepts/cryptography/system/checkpoint-verification', /*{ type: 'category', From 1fc5cc23e092d67c73e311579f3636c78f54db2c Mon Sep 17 00:00:00 2001 From: Abhinav Garg Date: Thu, 27 Feb 2025 19:18:32 -0500 Subject: [PATCH 3/5] Address Joy feedback for passkey doc --- docs/content/concepts/cryptography.mdx | 6 +-- .../concepts/cryptography/passkeys.mdx | 40 +++++++++---------- 2 files changed, 21 insertions(+), 25 deletions(-) diff --git a/docs/content/concepts/cryptography.mdx b/docs/content/concepts/cryptography.mdx index db578f2ce55a2..d042064986ec2 100644 --- a/docs/content/concepts/cryptography.mdx +++ b/docs/content/concepts/cryptography.mdx @@ -18,11 +18,11 @@ zkLogin is a Sui primitive that enables you to send transactions from a Sui addr Go to [zkLogin](./cryptography/zklogin.mdx). -## Passkeys +## Passkey -Passkeys is a Sui primitive that enables you to sign-in to apps and send transactions to Sui using a private key securely stored on a authenticator. It uses the WebAuthn standard. +Sui supports the passkey signature scheme that enables you to sign-in to apps and sign transactions for Sui using a private key securely stored on a passkey authenticator. It uses the WebAuthn standard. -To to [Passkeys](./cryptography/passkeys.mdx). +Go to [Passkey](./cryptography/passkeys.mdx). ## Related links diff --git a/docs/content/concepts/cryptography/passkeys.mdx b/docs/content/concepts/cryptography/passkeys.mdx index 93e3d78b6c499..5a03d42955803 100644 --- a/docs/content/concepts/cryptography/passkeys.mdx +++ b/docs/content/concepts/cryptography/passkeys.mdx @@ -1,33 +1,33 @@ --- -title: Passkeys -description: Passkeys is a Sui primitive that enables you to sign-in to apps and send transactions to Sui using a private key securely stored on a authenticator. It uses the WebAuthn standard. +title: Passkey +description: Sui supports the passkey signature scheme that enables you to sign-in to apps and sign transactions for Sui using a private key securely stored on a passkey authenticator. It uses the WebAuthn standard. --- -Passkeys provide a secure and user-friendly alternative for submitting transactions to Sui. Built on the **WebAuthn standard**, passkeys let users authenticate and sign transactions using: +Passkey provides a secure and user-friendly alternative for submitting transactions to Sui. Built on the **WebAuthn standard**, passkey lets users authenticate and sign transactions using: -- Hardware security keys, such as YubiKeys) +- Hardware security keys, such as YubiKeys - Mobile devices, such as smartphones and tablets - Platform-based authenticators, such as Face ID and Touch ID -Passkeys simplify authentication by removing the need to manage seed phrases or private keys manually. Instead, they rely on device-based authentication and cloud synchronization, allowing seamless, phishing-resistant access across multiple devices. +Passkey simplifies authentication by removing the need to manage seed phrases or private keys manually. Instead, they rely on device-based authentication and cloud synchronization, allowing seamless, phishing-resistant access across multiple devices. -By integrating passkeys, Sui improves security and accessibility, making it easier for users to manage their accounts without compromising decentralization or cryptographic security. +By supporting the passkey signature scheme, Sui improves security and accessibility, making it easier for users to manage their accounts with hardened security. Passkey-based wallets are also tied to the origin, meaning they can’t be phished or used on a different site, which makes it a more secure authentication option. -Refer to [Typescript SDK support](https://sdk.mystenlabs.com/typescript/cryptography/passkey) on how to add passkey support to your application. Also feel free to refer to [SIP-9](https://github.com/sui-foundation/sips/blob/main/sips/sip-9.md) for product specification. +Refer to the [Typescript SDK support](https://sdk.mystenlabs.com/typescript/cryptography/passkey) on how to add passkey support to your application. Also feel free to refer to [SIP-9](https://github.com/sui-foundation/sips/blob/main/sips/sip-9.md) for product specification. :::info -Passkeys is available in beta in Sui Devnet and Testnet. The Mainnet release is yet to be scheduled. +Passkey support is available in beta in Sui Devnet and Testnet. The Mainnet release is yet to be scheduled. ::: -## Benefits of using passkeys +## Benefits of using passkey **Sign transactions seamlessly** -Users can sign transactions in Sui using passkeys, where the passkey private key stays securely stored within the authenticator, reducing the risk of key extraction attacks. +Users can sign transactions in Sui using passkey, where the passkey private key stays securely stored within the authenticator, reducing the risk of key extraction attacks. **Authenticate across devices** -Users can approve transactions on their mobile phones by scanning a QR code from a desktop browser. Cloud-synchronized passkeys (such as those stored in Apple iCloud or Google Password Manager) let users authenticate across multiple devices without manual key transfers. +Users can approve transactions on their mobile phones by scanning a QR code from a desktop browser. Cloud-synchronized passkey (such as those stored in Apple iCloud or Google Password Manager) lets users authenticate across multiple devices without manual key transfers. **Use hardware security keys** @@ -37,24 +37,20 @@ Users can sign transactions with external security keys, such as YubiKeys, to ad Users can sign transactions directly on devices with built-in authenticators (such as Face ID on iPhones or Windows Hello on Windows PCs). This approach lets users sign transactions natively without needing an external security key. -**Recover access and secure accounts with multi-signature authentication** +**Recover access and secure accounts with cloud-synced passkey** -Cloud-synced passkeys help users recover access if they lose a device. +Cloud-synced passkey helps users recover access if they lose a device. -## Limitations of passkeys +## Limitations of passkey **Passkey functionality varies by authenticator** -Some security keys do not support biometric authentication, requiring users to enter a PIN instead. Also since WebAuthn does not provide access to private keys, users must store their passkeys securely or enable cloud synchronization for recovery. +Some security keys do not support biometric authentication, requiring users to enter a PIN instead. Also since WebAuthn does not provide access to private keys, users must store their passkey securely or enable cloud synchronization for recovery. **Cloud synchronization introduces potential risks** -Cloud-synced passkeys improve accessibility but also create risks if a cloud provider is compromised or if a user loses access to their cloud account. Users who prefer full self-custody can rely on hardware-based passkeys that do not use cloud synchronization. +Cloud-synced passkey improves accessibility but also create risks if a cloud provider is compromised or if a user loses access to their cloud account. Users who prefer full self-custody can rely on hardware-based passkey that does not use cloud synchronization. -**Passkeys cannot be exported** +**Passkey cannot be exported** -Users cannot transfer passkeys between different authenticators. For example, a passkey created on a security key cannot move to another device unless it syncs through a cloud provider. To avoid losing access, users should set up authentication on multiple devices. - -**Multisig support is not available yet** - -Passkeys are not supported with [Multisig](/concepts/cryptography/transaction-auth/multisig) yet, which could allow using Passkey with [ZkLogin](/concepts/cryptography/zklogin). Reach out to us if you are interested in such a support. \ No newline at end of file +Users cannot transfer a passkey between different authenticators. For example, a passkey created on a security key cannot move to another device unless it syncs through a cloud provider. To avoid losing access, users should set up authentication on multiple devices. \ No newline at end of file From 28c90ec73cb11014b2c9be75b25d90913362270c Mon Sep 17 00:00:00 2001 From: ronny-mysten <118224482+ronny-mysten@users.noreply.github.com> Date: Fri, 28 Feb 2025 13:52:30 -0700 Subject: [PATCH 4/5] Update docs/content/concepts/cryptography/passkeys.mdx --- docs/content/concepts/cryptography/passkeys.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/concepts/cryptography/passkeys.mdx b/docs/content/concepts/cryptography/passkeys.mdx index 5a03d42955803..f39a8fe6bd348 100644 --- a/docs/content/concepts/cryptography/passkeys.mdx +++ b/docs/content/concepts/cryptography/passkeys.mdx @@ -45,7 +45,7 @@ Cloud-synced passkey helps users recover access if they lose a device. **Passkey functionality varies by authenticator** -Some security keys do not support biometric authentication, requiring users to enter a PIN instead. Also since WebAuthn does not provide access to private keys, users must store their passkey securely or enable cloud synchronization for recovery. +Some security keys do not support biometric authentication, requiring users to enter a PIN instead. Also, because WebAuthn does not provide access to private keys, users must store their passkey securely or enable cloud synchronization for recovery. **Cloud synchronization introduces potential risks** From 9d895066a4bea51033f80605903b933a022ddf5d Mon Sep 17 00:00:00 2001 From: ronny-mysten <118224482+ronny-mysten@users.noreply.github.com> Date: Fri, 28 Feb 2025 13:52:44 -0700 Subject: [PATCH 5/5] Update docs/content/concepts/cryptography/passkeys.mdx --- docs/content/concepts/cryptography/passkeys.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/concepts/cryptography/passkeys.mdx b/docs/content/concepts/cryptography/passkeys.mdx index f39a8fe6bd348..37fcb516cf895 100644 --- a/docs/content/concepts/cryptography/passkeys.mdx +++ b/docs/content/concepts/cryptography/passkeys.mdx @@ -13,7 +13,7 @@ Passkey simplifies authentication by removing the need to manage seed phrases or By supporting the passkey signature scheme, Sui improves security and accessibility, making it easier for users to manage their accounts with hardened security. Passkey-based wallets are also tied to the origin, meaning they can’t be phished or used on a different site, which makes it a more secure authentication option. -Refer to the [Typescript SDK support](https://sdk.mystenlabs.com/typescript/cryptography/passkey) on how to add passkey support to your application. Also feel free to refer to [SIP-9](https://github.com/sui-foundation/sips/blob/main/sips/sip-9.md) for product specification. +Refer to the [Typescript SDK support](https://sdk.mystenlabs.com/typescript/cryptography/passkey) on how to add passkey support to your application. For product specification, refer to [SIP-9](https://github.com/sui-foundation/sips/blob/main/sips/sip-9.md). :::info Passkey support is available in beta in Sui Devnet and Testnet. The Mainnet release is yet to be scheduled.