Smart wallets
Smart wallets are contract accounts that act as user wallets. They hold assets and enforce authorization in __check_auth instead of a single secret key. Passkeys (WebAuthn) are common, but you can also use Ed25519 keys, policy signers, session keys or anything the contract can verify.
When to use a smart wallet
- You need programmable authorization (limits, allow lists, multi-factor approvals such as user plus device key).
- You want a passkey or hardware key experience without exposing seed phrases.
- You need flexible signer mixes: passkeys for UX, Ed25519 for compatibility, policy or multisig signers for risk controls.
WebAuthn
WebAuthn is a browser standard for passwordless authentication using public key cryptography. A device creates a keypair and proves possession with a challenge/response flow. Keys stay on the device or synced across devices through cloud providers.
Benefits:
- Works across modern browsers and platforms.
- Familiar flows (Touch ID, Face ID, hardware keys) without seed phrases.
- Produces signatures you verify in
__check_auth.
secp256r1 on Stellar
secp256r1 (prime256v1) is the curve most WebAuthn authenticators use. Stellar added native verification for this curve in Protocol 21, so contracts can validate WebAuthn signatures on chain.
Passkeys
- WebAuthn is the browser standard for passwordless auth.
- secp256r1 is the curve most authenticators use; Stellar verifies it on-chain.
- Passkeys are the platform or hardware-backed credentials that implement WebAuthn.
- See examples for real projects.
Passkeys in practice
- Registration: use WebAuthn to create a device keypair; store the public key (and optional credential ID) in contract state.
- Signing: request a WebAuthn assertion when the user approves an action; it returns a signature over the payload.
- Verification: pass the signature and credential ID to your contract; in
__check_auth, verify the secp256r1 signature and apply any policy checks (limits, allow lists, timelocks).
Tooling
- Passkey Kit: TypeScript SDK for creating contract accounts and signing with passkeys.
- Launchtube: relay for submitting transactions and handling fees/sequence numbers.
Get involved
- Join the conversation in the
#passkeyschannel on the Stellar Developer Discord. - Track the evolving contract account interface in the SEP discussion.
Guides in this category:
📄️ Smart wallets
Smart wallets are contract accounts that act as user wallets. They hold assets and enforce authorization in check_auth instead of a single secret key. Passkeys (WebAuthn) are common, but you can also use Ed25519 keys, policy signers, session keys or anything the contract can verify.
📄️ Advanced contract account patterns
Layer spend limits, allow lists, time rules, and other guardrails onto contract accounts.
📄️ Contract account examples
Real projects that showcase policy signers, passkeys, and contract-account UX on Stellar.