This public key will be sent along with your email inside of a new
INIT_USER_EMAIL_RECOVERY or
EMAIL_AUTH activity
The credential bundle will come from your email. This bundle can then be used for email recovery or auth. We can simulate this locally: see instructions here. A credential bundle is composed of a public key and an encrypted payload. The payload is encrypted to this document's embedded key (stored in local storage and displayed above). The scheme relies on HPKE (RFC 9180).
Once you've injected the credential bundle, the credential is ready to
sign. A new RECOVER activity for example. This iframe
doesn't know anything about Turnkey activity however, it's a simple
stamper!
Below we display a log of the messages sent / received. The forms above
send messages, and the code communicates results by sending events via
the postMessage API.