Challenge and response authentication mechanism (CRAM) with digital signature as its prompt
is the passwordless authentication by default.


Underlying logic

  • 1. User generates cryptographic digital signature keypair locally.
  • 2. User submits public key to server during registration.
  • 3. User request server to generate a public and unique disclosable data called challenge. (>=128 bits)
  • 4. User gets the challenge.
  • 5. User signs the challenge using his/her private key.
  • 6. User sends the signed challenge to the server.
  • 7. Server verifies the signed challenge from the user submitted public key.
  • 8. Server returns success/failure verification response.

SPKI Logic

  • 1. Require certificate from SPKI.
  • 2. User generates another cryptographic digital signature keypair locally.
  • 3. User signs the public key using certificate's signing private key.
  • 4. The same logic from underlying logic applies here with the server or public device needing to verify and validate both the certificate's signing private key and the signed authentication private key.

The Underlying Logic is already implemented throughout the SPKI framework.

If developers need assistance implementing SPKI Logic, kindly navigate to Contact for potential guidance or paid developer advisory services.

Still in Consideration (Pricing)

Developer Advisory

Architecture & Design Guidance

$50 – $150/hour
  • High-level architecture review
  • Recommendations on libraries/tools
  • Security & compliance advisory
  • Kindly reach out via 'Contact'

Code Review + Implementation Support

Hands-on Technical Guidance

$100 – $200/hour
  • Code review for Web / API / Desktop
  • Annotated fixes & best practices
  • Implementation guidance & snippets
  • Kindly reach out via 'Contact'