Skip to content

Building

Requirements

  • Zig 0.15.2+
  • macOS 13+ or Linux

Static Library

zig build -Doptimize=ReleaseFast

This produces zig-out/lib/libctap2.a with the C header at include/ctap2.h.

With just

just build         # ReleaseFast static library
just test-all      # unit + PBT tests
just info          # show library stats
just               # list all recipes

With Nix

nix develop        # dev shell with Zig 0.15.2

Running Tests

# Unit tests (no hardware required)
zig build test

# Property-based tests (1000 iterations each)
zig build test-pbt

# Hardware tests (requires YubiKey connected)
YUBIKEY_TESTS=1 zig build test-hardware

# C example build
zig build example

Cross-Compilation

The library supports cross-compilation to any Zig target. IOKit and CoreFoundation frameworks are not linked at build time -- they resolve at final link time in the consuming application (e.g., via Xcode OTHER_LDFLAGS).

# Build for specific target
zig build -Dtarget=aarch64-macos
zig build -Dtarget=x86_64-linux

macOS Entitlements

When embedding in a hardened-runtime macOS app, add to your entitlements:

<key>com.apple.security.device.usb</key>
<true/>

The user must grant Input Monitoring permission in System Settings > Privacy & Security.

zig-ctap2 does not use com.apple.developer.web-browser.public-key-credential because it does not call AuthenticationServices WebAuthn/passkey UI. Applications still need the USB entitlement above when hardened runtime policies apply, and they remain responsible for their own WebAuthn, RP, origin, attestation, and UX policy.