This public key will be sent along with your email inside of a new INIT_USER_EMAIL_RECOVERY or EMAIL_AUTH activity
The credential bundle will come from your email. This bundle can then be used for email recovery or auth. We can simulate this locally: see instructions here. A credential bundle is composed of a public key and an encrypted payload. The payload is encrypted to this document's embedded key (stored in local storage and displayed above). The scheme relies on HPKE (RFC 9180).
Once you've injected the credential bundle, the credential is ready to sign. A new RECOVER activity for example. This iframe doesn't know anything about Turnkey activity however, it's a simple stamper!
Below we display a log of the messages sent / received. The forms above send messages, and the code communicates results by sending events via the postMessage API.