Page 1 of 1

U2F/FIDO (Yubikey) support

Posted: 2021-04-06, 18:23
by jb_wisemo
As an extension with or without extension API enhancement, would it be possible to add support for U2F/FIDO hardware authenticators that are called via the U2F/FIDO specified extensions to WebCrypto/WebAuthn and end up generating specific requests to USB as specified by U2F/FIDO.

Note that this is not a PKCS#11 mechanism, but something much more specific intended for web logins where the WebSite asks for a U2F authentication, and the Browser tells the hardware the request and the originating URL, such that the hardware can authenticate with a per site encryption key that cannot be accessed by any other web site. The Website request may also include payloads that the hardware decrypts to recover and verify the per site key.

This feature is already in Firefox, Safari and Chrome, but not IE. Maybe the Firefox code could be imported. For an extension implementation, the platform may (or may not) need a mechanism to integrate with the relevant WebCrypto/WebAuthn APIs such that websites see no difference from the Browser core implementation in Firefox.

The U2F specification is open, with at least one Open Hardware implementation, besides the market dominant Swedish Yubikey products.

Re: U2F/FIDO (Yubikey) support  [Closed]

Posted: 2021-04-06, 18:45
by Moonchild
Closing as duplicate (or rather multiplcate)