Skip to content

Release: v3.1.0

Choose a tag to compare

View all tags
@taylorjdawson taylorjdawson released this 13 Nov 13:17
· 8 commits to main since this release
v3.1.0
3f96634
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release notes

Summary

  • Added config-driven Stamper initializers for API keys, passkeys, Secure Enclave, and Secure Storage; supports automatic on-device keypair creation and exposes publicKeyHex.
  • Introduced Stamper.sign(payload:format:) with .der (default) and .raw 64-byte outputs; passkey mode intentionally unsupported for generic sign.
  • Added delegated access/session conveniences to TurnkeyContext: raw/message/transaction signing via the active session, session helpers, and policy/user utility functions.
  • Introduced TurnkeyKeyManager module with EnclaveManager and SecureStorageManager for secure key lifecycle and signing.
  • Added tests for TurnkeyStamper and updated README/examples.

What changed

TurnkeyStamper

  • New public config models: ApiKeyStamperConfig, PasskeyStamperConfig, SecureEnclaveStamperConfig, SecureStorageStamperConfig, and StamperConfiguration.
  • New convenience initializers including on-device keypair creation and selection (.auto, .secureEnclave, .secureStorage).
  • New publicKeyHex surface; SignatureFormat .der | .raw; sign(payload:format:) returning hex.
  • Secure Storage stamping now passes stored config at stamp time to scope Keychain/auth prompts; DER conversion updated.

TurnkeyContext

  • Signing: signRawPayload(...), signMessage(...), signTransaction(...) using the selected session.
  • Session helpers: createKeyPair(), storeSession(...) with optional auto-refresh TTL, setActiveSession(...), refreshSession(...), getActiveSession(), and signWithSession(message:).
  • Delegated access utilities: fetchOrCreateP256ApiKeyUser(...), fetchOrCreatePolicies(...).
  • OTP result rename: VerifyOtpResult(verificationToken: String).

New module TurnkeyKeyManager

  • EnclaveManager: create/bind/list/delete P-256 keys in Secure Enclave; sign messages (DER output).
  • SecureStorageManager: create/import/list/delete keys in Keychain with configurable access control, prompts, reuse window, access group; retrieve private keys when permitted.

TurnkeyClient

  • Additional initializers to use on-device keys or passkeys, and combinations with Auth Proxy.

API compatibility

  • Additive for Stamper and TurnkeyClient initializers and sign(...).
  • OTP struct field rename to verificationToken; update call sites accordingly.

Full Changelog: v3.0.0...v3.1.0

Assets 2
Loading