Vouch Auth Client API

This API implements the Secure Biometric Authentication (SBA) protocol for Vouch. It provides endpoints for device provisioning, attestation, and payload assertion.

Host Implementation

The API requires a host implementation that represents a secure device (typically a smartphone, tablet, smartwatch, or any other device capable of secure key storage) that wishes to communicate with the Vouch backend. The host must provide the following capabilities:

Storage Operations

storage-get: Retrieve stored data
storage-put!: Store new data
storage-remove!: Remove stored data

Keyring Operations

keyring-public-key: Retrieve public keys
keyring-create!: Create new key pairs
keyring-remove!: Remove existing keys
keyring-sign: Sign data with private keys

Nonce Management

next-nonce!: Generate and track the next nonce
clear-nonce!: Reset nonce state

Security Considerations

The host implementation must ensure:

Secure storage of private keys
Protection against key extraction
Proper nonce management to prevent replay attacks
Secure execution environment for cryptographic operations

Typical Use Cases

Device Provisioning: Initial setup of a new device with Vouch
Device Attestation: Proving device identity to the backend
Payload Assertion: Creating authenticated requests
Device Reset: Removing all device data

Vouch Auth Client API

Host Implementation​

Storage Operations​

Keyring Operations​

Nonce Management​

Security Considerations​

Typical Use Cases​