공개 키 등록시 인증 절차 추가

src/routes/(fullscreen)/key/export/+page.svelte

@@ -38,11 +38,11 @@
     isBeforeContinueModalOpen = false;
     isBeforeContinueBottomSheetOpen = false;
 
-    if (await requestPubKeyRegistration(data.pubKeyBase64)) {
+    if (await requestPubKeyRegistration(data.pubKeyBase64, $keyPairStore.privateKey)) {
       await storeKeyPairPersistently($keyPairStore);
       await goto(data.redirectPath);
     } else {
-      // TODO
+      // TODO: Error handling
     }
   };
 </script>

src/routes/(fullscreen)/key/export/service.ts

@@ -13,14 +13,39 @@ export const createBlobFromKeyPairBase64 = (pubKeyBase64: string, privKeyBase64:
   return new Blob([`${pubKeyPem}\n${privKeyPem}\n`], { type: "text/plain" });
 };
 
-export const requestPubKeyRegistration = async (pubKeyBase64: string) => {
-  const res = await callAPI("/api/key/register", {
+const decryptChallenge = async (challenge: string, privateKey: CryptoKey) => {
+  const challengeBuffer = Uint8Array.from(atob(challenge), (c) => c.charCodeAt(0));
+  const answer = await window.crypto.subtle.decrypt(
+    {
+      name: "RSA-OAEP",
+    } satisfies RsaOaepParams,
+    privateKey,
+    challengeBuffer,
+  );
+  return btoa(String.fromCharCode(...new Uint8Array(answer)));
+};
+
+export const requestPubKeyRegistration = async (pubKeyBase64: string, privateKey: CryptoKey) => {
+  let res = await callAPI("/api/key/register", {
     method: "POST",
     headers: {
       "Content-Type": "application/json",
     },
     body: JSON.stringify({ pubKey: pubKeyBase64 }),
   });
+  if (!res.ok) return false;
+
+  const data = await res.json();
+  const challenge = data.challenge as string;
+  const answer = await decryptChallenge(challenge, privateKey);
+
+  res = await callAPI("/api/key/verify", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+    },
+    body: JSON.stringify({ answer }),
+  });
   return res.ok;
 };