Document ZKEmailSigner and ZKEmailUtils

Author: ernestognw

contracts/mocks/docs/account/MyAccountZKEmail.sol

@@ -0,0 +1,40 @@
+// contracts/MyAccountZKEmail.sol
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {Account} from "../../../account/Account.sol";
+import {EIP712} from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
+import {ERC721Holder} from "@openzeppelin/contracts/token/ERC721/utils/ERC721Holder.sol";
+import {ERC1155Holder} from "@openzeppelin/contracts/token/ERC1155/utils/ERC1155Holder.sol";
+import {ERC7739} from "../../../utils/cryptography/ERC7739.sol";
+import {ERC7821} from "../../../account/extensions/ERC7821.sol";
+import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
+import {SignerZKEmail} from "../../../utils/cryptography/SignerZKEmail.sol";
+import {IDKIMRegistry} from "@zk-email/contracts/DKIMRegistry.sol";
+import {IVerifier} from "@zk-email/email-tx-builder/interfaces/IVerifier.sol";
+
+contract MyAccountZKEmail is Account, SignerZKEmail, ERC7739, ERC7821, ERC721Holder, ERC1155Holder, Initializable {
+    constructor() EIP712("MyAccountZKEmail", "1") {}
+
+    function initialize(
+        bytes32 accountSalt_,
+        IDKIMRegistry registry_,
+        IVerifier verifier_,
+        uint256 templateId_
+    ) public initializer {
+        _setAccountSalt(accountSalt_);
+        _setDKIMRegistry(registry_);
+        _setVerifier(verifier_);
+        _setCommandTemplate(templateId_);
+    }
+
+    /// @dev Allows the entry point as an authorized executor.
+    function _erc7821AuthorizedExecutor(
+        address caller,
+        bytes32 mode,
+        bytes calldata executionData
+    ) internal view virtual override returns (bool) {
+        return caller == address(entryPoint()) || super._erc7821AuthorizedExecutor(caller, mode, executionData);
+    }
+}

docs/modules/ROOT/pages/account-abstraction.adoc

@@ -56,6 +56,31 @@ Similarly, some government and corporate public key infrastructures use RSA for
 include::api:example$account/MyAccountRSA.sol[]
 ----
 
+For email-based authentication, the library provides xref:api:utils.adoc#SignerZKEmail[`SignerZKEmail`], which enables secure authentication through email messages using zero-knowledge proofs. This implementation leverages DKIM signatures from a trusted registry and a verifier contract to ensure email authenticity without revealing sensitive information.
+
+The validation process involves several key components:
+
+* A https://docs.zk.email/architecture/dkim-verification[DKIMRegistry] (DomainKeys Identified Mail) verification mechanism to ensure the email was sent from a valid domain
+* A https://docs.zk.email/email-tx-builder/architecture/command-templates[command template] validation mechanism to ensure the email command matches the expected format and parameters
+* A https://docs.zk.email/architecture/zk-proofs#how-zk-email-uses-zero-knowledge-proofs[zero-knowledge proof] verification mechanism to ensure the email was actually sent and received without revealing its contents
+
+To use this signer, developers must set up several components during initialization:
+
+* **accountSalt**: A unique identifier derived from the user's email address and account code. This is used for:
+  * User Identification: Links the email address to a specific Ethereum address securely and deterministically
+  * Security: Provides a unique identifier that cannot be easily guessed or brute-forced
+  * Deterministic Address Generation: Enables the creation of deterministic addresses based on email addresses
+* **DKIMRegistry**: An instance of the DKIM registry contract for domain verification
+* **verifier**: An instance of the Verifier contract for zero-knowledge proof validation
+* **commandTemplate**: The template ID of the sign hash command, defining the expected format
+
+[source,solidity]
+----
+include::api:example$account/MyAccountZKEmail.sol[]
+----
+
+WARNING: Leaving any of the required components uninitialized may leave the account unusable since no proper authentication mechanism would be associated with it.
+
 == Account Factory
 
 The first time a user sends an user operation, the account will be created deterministically (i.e. its code and address can be predicted) using the the `initCode` field in the UserOperation. This field contains both the address of a smart contract (the factory) and the data required to call it and deploy the smart account.