src/services/secure-credentials.service.ts

@@ -104,39 +104,55 @@ export class SecureCredentialsService {
       const encryptedSpendKey = await this.encryptKey(credentialData.spendKey, masterKey);
       const encryptedScanKey = await this.encryptKey(credentialData.scanKey, masterKey);
 
-      // Forcer l'utilisation de WebAuthn (pas de fallback)
-      console.log('🔍 DEBUG: Forcing WebAuthn credential creation');
-      secureLogger.info('Forcing WebAuthn credential creation', {
-        component: 'SecureCredentialsService',
-        operation: 'webauthn_force'
-      });
+      // Vérifier si WebAuthn est disponible et si on est en HTTPS
+      const isSecureContext = window.isSecureContext;
+      const hasWebAuthn = navigator.credentials && navigator.credentials.create;
       
-      const credential = await navigator.credentials.create({
-        publicKey: {
-          challenge: new Uint8Array(32),
-          rp: { name: '4NK Secure Storage' },
-          user: {
-            id: new TextEncoder().encode('4nk-user'),
-            name: '4NK User',
-            displayName: '4NK User'
-          },
-          pubKeyCredParams: [
-            { type: 'public-key', alg: -7 }, // ES256
-            { type: 'public-key', alg: -257 } // RS256
-          ],
-          authenticatorSelection: {
-            authenticatorAttachment: 'platform',
-            userVerification: 'required'
-          },
-          timeout: 60000,
-          attestation: 'direct'
+      let credential = null;
+      
+      if (isSecureContext && hasWebAuthn) {
+        // Stocker dans les credentials du navigateur (HTTPS requis)
+        try {
+          credential = await navigator.credentials.create({
+            publicKey: {
+              challenge: new Uint8Array(32),
+              rp: { name: '4NK Secure Storage' },
+              user: {
+                id: new TextEncoder().encode('4nk-user'),
+                name: '4NK User',
+                displayName: '4NK User'
+              },
+              pubKeyCredParams: [
+                { type: 'public-key', alg: -7 }, // ES256
+                { type: 'public-key', alg: -257 } // RS256
+              ],
+              authenticatorSelection: {
+                authenticatorAttachment: 'platform',
+                userVerification: 'required'
+              },
+              timeout: 60000,
+              attestation: 'direct'
+            }
+          });
+          
+          secureLogger.info('WebAuthn credential created successfully', {
+            component: 'SecureCredentialsService',
+            operation: 'webauthn_create'
+          });
+        } catch (error) {
+          secureLogger.warn('WebAuthn credential creation failed, using fallback', error as Error, {
+            component: 'SecureCredentialsService',
+            operation: 'webauthn_create'
+          });
         }
-      });
-      
-      secureLogger.info('WebAuthn credential created successfully', {
-        component: 'SecureCredentialsService',
-        operation: 'webauthn_create'
-      });
+      } else {
+        secureLogger.info('WebAuthn not available (HTTP context), using fallback storage', {
+          component: 'SecureCredentialsService',
+          operation: 'webauthn_fallback',
+          isSecureContext,
+          hasWebAuthn
+        });
+      }
 
       if (credential) {
         // Stocker les données chiffrées dans IndexedDB

src/utils/sp-address.utils.ts

@@ -2533,26 +2533,6 @@ async function onCreateButtonClick() {
       console.log(`🔍 Creator flow detected`);
       updateCreatorStatus('Creating pairing process...');
 
-      // Initialize WebAuthn credentials immediately on user click
-      try {
-        console.log('🔍 DEBUG: Testing WebAuthn availability...');
-        console.log('🔍 DEBUG: isSecureContext:', window.isSecureContext);
-        console.log('🔍 DEBUG: hasCredentials:', !!navigator.credentials);
-        console.log('🔍 DEBUG: hasCreate:', !!navigator.credentials?.create);
-        console.log('🔍 DEBUG: protocol:', window.location.protocol);
-        
-        const { secureCredentialsService } = await import('../services/secure-credentials.service');
-        updateCreatorStatus('🔐 Requesting browser authentication...');
-        
-        // This should trigger the browser popup immediately
-        const credentials = await secureCredentialsService.generateSecureCredentials('4nk-pairing-password');
-        console.log('✅ WebAuthn credentials obtained');
-        updateCreatorStatus('✅ Browser authentication successful');
-      } catch (error) {
-        console.warn('⚠️ WebAuthn failed, continuing with fallback:', error);
-        updateCreatorStatus('⚠️ Using fallback authentication');
-      }
-
       await prepareAndSendPairingTx();
       updateCreatorStatus('Pairing process created! Generating 4 words...');
 
@@ -2720,7 +2700,30 @@ export async function prepareAndSendPairingTx(): Promise<void> {
     // Update UI with creator address
     updateCreatorStatus(`Creator address: ${creatorAddress}`);
 
-    // Secure credentials already initialized in the click handler
+    // Initialize secure credentials with PBKDF2 and browser credentials
+    try {
+      const { secureCredentialsService } = await import('../services/secure-credentials.service');
+      
+      // Check if we're in a secure context (HTTPS)
+      if (window.isSecureContext) {
+        updateCreatorStatus('🔐 Initializing secure credentials with browser...');
+      } else {
+        updateCreatorStatus('🔐 Initializing secure credentials (HTTP mode - WebAuthn not available)...');
+      }
+      
+      // This will trigger the browser popup for WebAuthn (only in HTTPS)
+      const credentials = await secureCredentialsService.generateSecureCredentials('4nk-pairing-password');
+      console.log('✅ Secure credentials initialized with PBKDF2 and WebAuthn');
+      
+      if (window.isSecureContext) {
+        updateCreatorStatus('✅ Secure credentials ready (WebAuthn enabled)');
+      } else {
+        updateCreatorStatus('✅ Secure credentials ready (fallback mode - use HTTPS for WebAuthn)');
+      }
+    } catch (error) {
+      console.warn('⚠️ Secure credentials initialization failed:', error);
+      updateCreatorStatus('⚠️ Using fallback credentials');
+    }
 
     // Create pairing process with creator's address
     const createPairingProcessReturn = await service.createPairingProcess(