solana passkey wallet
/Development

Solana Passkeys: The Future of Crypto Wallet UX

6 min read

Solana apps need to deliver crypto wallet onboarding that’s fast, secure, and native. Phantom has led the way, but it still requires users to manage seed phrases. 

Passkeys change that. 

Built on the WebAuthn standard and FIDO2 protocol, passkeys enable biometric or hardware-based login (e.g., Face ID, Touch ID, Windows Hello, YubiKeys, etc.) without storing or exposing private keys. 

Passkeys replace traditional passwords by using a cryptographic key pair where the private key stays on the user’s device in a secure hardware module, and only the public key is shared.

While most apps use passkeys to replace passwords with passwordless authentication, Para uses them differently: as cryptographic authorization for wallet sessions. 

No passwords. No seed phrases. Just cryptographic access built into the user’s device to provide a simplified user experience.

Why do passkeys matter for Solana wallet UX?

The need for frictionless crypto onboarding has never been greater.

With Solana mobile apps, developer activity, and stablecoin volumes accelerating at such a rapid pace, passkey support makes it easier and more secure for new users to transact on-chain.

When paired with Para’s embedded wallet SDK, passkeys unlock: 

  • Instant onboarding: no installs or seed phrases
  • Persistent sessions: users stay connected across visits & devices
  • Secure key management: keys stay device-bound and are phishing-resistant

Solana Passkey Support & SIMD-0075

Most WebAuthn authentication defaults to the P-256 curve (secp256r1), a widely used elliptic curve designed for broad compatibility across browsers and devices. The P-256 curve is great for general-purpose web login, but not for Solana. That’s because Solana uses a different elliptic curve, Ed25519 (based on Curve25519), which is optimized for fast, deterministic signatures and high-throughput validation via SIMD (Single Instruction, Multiple Data) instructions.

This mismatch matters: P‑256 and Ed25519 aren’t directly compatible.

WebAuthn passkeys today can’t generate Ed25519 signatures, and browsers don’t expose APIs for Ed25519 signing through secure enclaves. As a result, passkeys can't directly sign Solana transactions.

That gap made passkey support on Solana a technical hurdle. SIMD-0075 (approved in May 2024) reaffirmed Ed25519 as Solana’s preferred curve, citing benefits like deterministic signing (no nonce risk), SIMD vectorization, and ecosystem interoperability. 

In June 2025, Solana enabled native on-chain verification of secp256r1 (P-256) signatures via a new precompile, allowing apps to verify passkey signatures onchain (e.g., to confirm user login or identity proofs).

However, Solana transactions still require Ed25519 signatures, which WebAuthn passkeys can’t produce. That means passkeys alone still aren’t sufficient for wallet-level signing. 

That’s where Para’s infrastructure comes in:

Instead of using passkeys to sign transactions, Para uses them as an authorization primitive. The passkey unlocks a scoped session, which grants access to an Ed25519-compatible signing key managed by Para’s MPC (Multi-Party Computation) infrastructure.

This design bypasses the curve mismatch while delivering:

  • Full Solana compatibility
  • Fast, native onboarding with passkeys
  • Secure self-custody and MPC-based key management

Para Passkeys: Authorization, Not Just Authentication

Para introduced passkey-based session authorization in 2023, and it is a core part of their embedded wallet SDK.

Instead of treating passkeys as just a login method, Para uses them to securely control access to wallet operations.

In Para’s SDK, passkeys are used to authorize wallet sessions after the user has logged in via OAuth, email/password, etc. This separation of concerns—auth for identity, passkeys for wallet access—creates a more secure foundation for Para embedded wallets.

What happens when a new passkey is registered with Para?

The client (browser or OS-level credential manager) creates a key pair:

  1. The private key is stored in the device’s secure enclave (e.g., TPM, Secure Enclave, or Android Keystore)
  2. The public key and credential metadata are sent to the server

Passkey credential metadata includes:

  • Credential ID (unique to each passkey)
  • Challenge nonce
  • RP ID (your app's domain)
  • Cryptographic algorithm (usually P-256)

What happens when a new wallet is created?

When a user creates a wallet with Para, a passkey is registered and tied to their device. Specifically, it:

  • Signs an authorization challenge
  • Confirms the user controls the device and wallet
  • Establishes a scoped, signed session that can be persisted

This session then unlocks sensitive operations like:

  • Sending transactions
  • Accessing encrypted, session-bound keys
  • Approving smart contract interactions

Here’s where Para’s approach becomes important:

The passkey itself isn’t used directly to sign Solana transactions (which must be Ed25519).

Instead, the Para wallet SDK uses the passkey as an authorization primitive to unlock a session, which then grants scoped access to the Solana-compatible Ed25519 signing key used by the embedded wallet.

This signing key lives within Para’s secure MPC-based key infrastructure, which is compatible with Solana’s signature requirements.

Effectively, the passkey authorizes, while the wallet key performs the signing. This unlocks sensitive operations such as sending transactions, accessing encrypted keys, and approving smart contract interactions.

By separating identity from signing authority, Para ensures that even high-stakes actions are protected by cryptographic authorization rather than just user login.

Para passkeys take this farther, making it possible to embed wallets directly into apps without browser extensions or recovery phrases. 

Why do passkeys matter for Solana developers?

For Solana developers, Para passkeys translate into: 

  • Higher conversion during onboarding because wallets are embedded into your app
  • No risk of loss of private keys or seed phrases
  • Better UX and security while staying Solana-native

Passkeys are already live in apps like Xelio, which use them to onboard users into embedded wallets with zero friction via SMS.

Other projects, like the SWIG Smart Wallet, are also adopting passkey-based flows for secure, app-native onboarding.

As more apps adopt embedded wallets with passkey-based access, we move closer to a universal wallet UX layer—one where users carry their identity and signing authority seamlessly between apps, devices, and sessions. This is especially important in ecosystems like Solana, where composability and app chaining are becoming the norm.

How to Add Passkeys to Solana Apps

Integrating passkey-based wallets to your Solana app using Para’s wallet SDK takes less than five minutes. 

Here’s how it works, step-by-step:

Prerequisites

First, obtain your Para API key from the Para Developer Portal

Next, create a env.local file in the project root and add your key:

NEXT_PUBLIC_PARA_API_KEY=your_para_api_key_here

If you're not using Next.js, adjust based on your framework:

  • For Vite, use VITE_PARA_API_KEY
  • For Node.js, reference process.env.PARA_API_KEY

1. Initialize a Session with Para SDK

Start by wrapping your app in the ParaProvider and configuring the Para SDK on the frontend. This prepares the embedded wallet environment and allows you to create or restore user sessions.

Code
<ParaProvider
  paraClientConfig={{
    env: Environment.BETA, // or Environment.PROD
    apiKey: YOUR_API_KEY,
  }}
  externalWalletConfig={{
      appName: YOUR_APP_NAME,
      wallets: ["PHANTOM","GLOW","BACKPACK"],
      walletConnect: { projectId: YOUR_WALLET_CONNECT_PROJECT_ID },
      solanaConnector: {
        config: {
          endpoint: ENDPOINT_FOR_SOLANA_CONNECTION,
          chain: SOLANA_CHAIN,
        },
      },
    }}
    paraModalConfig={{
      oAuthMethods: ["GOOGLE","TWITTER","TELEGRAM"]
      authLayout: ["AUTH:FULL","EXTERNAL:FULL"]
      recoverySecretStepEnabled: true
      onRampTestMode: true
    }}
>
  {REST_OF_APP}
</ParaProvider>

2. Use Helius to sign and Send Transactions

With the session active, you can now sign and send Solana transactions via Para’s SDK and Helius. This signer exposes the standard signTransaction method from the @solana/kit JavaScript SDK.

Code
const connection = new Connection(HELIUS_RPC_URL);
const solanaSigner = new ParaSolanaWeb3Signer(para, Connection);
const tx = new Transaction().add(...);
const signedTx = await solanaSigner.signTransaction(transaction);
await connection.sendRawTransaction(signedTx.serialize());

Using Para gets you the UX of passkeys and Solana-native signing on-chain without exposing private keys or requiring browser extensions.

Conclusion

Solana is going mainstream.

To onboard more users, passkeys, biometric signing, and passwordless authentication will reduce friction and bring more people on-chain.

Add passkey support to your Solana app in five minutes with Para's SDK.

Additional Resources

Related Articles

Subscribe to Helius

Stay up-to-date with the latest in Solana development and receive updates when we post