Class Passport

The Passport module provides an interface to the Windows Hello API. It allows you to create a key pair and sign data using the private key. The public key can be exported in a variety of formats.

Example

import { Passport, PublicKeyEncoding, KeyCreationOption } from 'passport-desktop';
import { randomBytes, createPublicKey, createVerify } from 'node:crypto';

if (!Passport.available()) {
throw new Error('Windows Hello is not available');
}

await Passport.accountWithIdExists('my-account-id'); // false

const passport = new Passport('my-account-id');
if (!passport.accountExists) {
await passport.createAccount(KeyCreationOption.FailIfExists);
}

const challenge = randomBytes(32);
const signature = await passport.sign(challenge);

// Verify the signature with the public key
const keyBuffer = await passport.getPublicKey(PublicKeyEncoding.Pkcs1RsaPublicKey);
const key = createPublicKey({
key: keyBuffer,
format: 'der',
type: 'pkcs1'
});

// Create a verifier and verify the challenge
const verify = createVerify('SHA256');
verify.write(challenge);
verify.end();

verify.verify(key, signature); // true

// Delete the account
await passport.deleteAccount();

Hierarchy

  • Passport

Constructors

  • Create a new Passport instance. The account_id is used to identify the account in the Windows Credential Manager. If an account with the given id already exists, it will be used. You can check if an account exists with the accountExists getter.

    Example

    import { Passport } from 'passport-desktop';

    const passport = new Passport('my-account-id');

    Parameters

    • accountId: string

      The id of the account in the Windows Credential Manager.

    Returns Passport

Accessors

  • get accountExists(): boolean
  • Whether the account exists in the Windows Credential Manager. This is only updated if the account exists when the Passport instance is created and when createAccount or deleteAccount are called. If the account is deleted or created outside of this instance, this value will not be updated.

    Returns boolean

Methods

  • Create a new passport account. You can optionally pass a KeyCreationOption to customize the key creation. If no option is passed, an existing key will be replaced. If the account does not exist, it will be created.

    Example

    import { Passport, KeyCreationOption } from 'passport-desktop';

    const passport = new Passport('my-account-id');
    await passport.createAccount(KeyCreationOption.FailIfExists);

    Parameters

    Returns Promise<void>

  • Delete the account from the Windows Credential Manager. If the account does not exist, an error will be thrown.

    Returns Promise<void>

  • Get the public key of the account. If the account does not exist, an error will be thrown. The encoding of the key can be specified, defaulting to Pkcs1RsaPublicKey.

    In order to verify a signature using this public key, use the Pkcs1RsaPublicKey encoding and pass the result to the crypto module.

    Example

    import { Passport, PublicKeyEncoding } from 'passport-desktop';
    import { createPublicKey } from 'node:crypto';

    const passport = new Passport('my-account-id');
    // Create the key pair
    await passport.createAccount();

    const keyBuffer = await passport.getPublicKey(PublicKeyEncoding.Pkcs1RsaPublicKey);
    // Use these options to load the public key
    const key = createPublicKey({
    key: keyBuffer,
    format: 'der',
    type: 'pkcs1'
    });

    Parameters

    • Optional encoding: null | PublicKeyEncoding

      The encoding to use for the public key.

    Returns Promise<Buffer>

    The public key.

    See

    sign

  • Sign a challenge with the private key. If the account does not exist, an error will be thrown. This will open a Windows Hello dialog to verify the user. If the challenge is not verified, an error will be thrown.

    The signature can be verified with the public key, for example using the crypto module.

    Example

    import { Passport, PublicKeyEncoding } from 'passport-desktop';
    import { randomBytes, createPublicKey, createVerify } from 'node:crypto';

    const passport = new Passport('my-account-id');
    // Create the key pair
    await passport.createAccount();

    // Create a challenge and sign it
    const challenge = randomBytes(32);
    const signature = await passport.sign(challenge);

    // Verify the signature with the public key
    const keyBuffer = await passport.getPublicKey(PublicKeyEncoding.Pkcs1RsaPublicKey);
    const key = createPublicKey({
    key: keyBuffer,
    format: 'der',
    type: 'pkcs1'
    });

    // Create a verifier and verify the challenge
    const verify = createVerify('SHA256');
    verify.write(challenge);
    verify.end();

    verify.verify(key, signature); // true

    Parameters

    • challenge: Buffer

      The challenge to sign.

    Returns Promise<Buffer>

    The signature.

  • Whether an account with the given ID exists in the Windows Credential Manager.

    Parameters

    • id: string

      The ID of the account to check.

    Returns boolean

    Whether the account exists.

  • Whether the Passport API is available on the current platform and the current user has permission to use it. This will return false on non-Windows platforms and if the user does not have permission to use Windows Hello.

    Returns boolean

    Whether the Passport API is available.

  • Request verification from the user. This will show a dialog to the user asking them to verify their identity. If the user accepts, the returned value will be Verified. If the user rejects or cancels the dialog, the returned value will be another value from VerificationResult specifying the rejection reason.

    Example

    import { Passport, VerificationResult } from 'passport-desktop';

    const result = await Passport.requestVerification('Please verify your identity');
    if (result === VerificationResult.Verified) {
    console.log('User verified');
    } else {
    console.log('User rejected verification');
    }

    Parameters

    • message: string

      The message to show to the user.

    Returns Promise<VerificationResult>

    The result of the verification request.

Generated using TypeDoc