Biometric-Bound Session Keys

Non-exportable cryptographic session keys tied securely to the hardware enclave.

Enclave Settings

Biometric Hardware SupportSimulate TouchID/FaceID Enclave

DB Operations PolicyRequire fingerprint prompt on write

WebRTC Payload SigningSign outgoing replication packets

Key TypeECDSA P-256

Non-ExportableEnforced (extractable: false)

Hardware BoundTrue (Secure Enclave)

SPKI Public Key Digest3059301306072a8648ce3d020106082a8648ce3d03010703420004ad79e88bf7e4...

Initialized ZerithDB Secure Local SDK v0.1.0.

Generated non-exportable ECDSA P-256 session keypair bound to Secure Enclave (extractable: false) 🔑

Hardware-bound public key exported to SPKI: 3059301306072a8648ce3d020106082a8648ce3d030107...

Browser A (Alice)

IndexedDB Active

Identity (Ed25519 Mock)

(generating...)

Browser B (Bob)

IndexedDB Active

Identity (Ed25519 Mock)

(generating...)

1. Configure policies in the Security Enclave Settings Panel below.
2. Type a message and hit Save. If Biometric Prompt is enabled, authorize it!
3. Toggle simulated hardware off to test the Secure PIN fallback flow.
4. Outbound WebRTC syncs are signed and verified automatically using non-exportable enclave keys.