U2F/FIDO (Yubikey) support  [Closed]

Suggestions and feature requests for the Pale Moon browser
Hobby Astronomer
Hobby Astronomer
Posts: 21
Joined: 2016-01-27, 02:09

U2F/FIDO (Yubikey) support

Post by jb_wisemo » 2021-04-06, 18:23

As an extension with or without extension API enhancement, would it be possible to add support for U2F/FIDO hardware authenticators that are called via the U2F/FIDO specified extensions to WebCrypto/WebAuthn and end up generating specific requests to USB as specified by U2F/FIDO.

Note that this is not a PKCS#11 mechanism, but something much more specific intended for web logins where the WebSite asks for a U2F authentication, and the Browser tells the hardware the request and the originating URL, such that the hardware can authenticate with a per site encryption key that cannot be accessed by any other web site. The Website request may also include payloads that the hardware decrypts to recover and verify the per site key.

This feature is already in Firefox, Safari and Chrome, but not IE. Maybe the Firefox code could be imported. For an extension implementation, the platform may (or may not) need a mechanism to integrate with the relevant WebCrypto/WebAuthn APIs such that websites see no difference from the Browser core implementation in Firefox.

The U2F specification is open, with at least one Open Hardware implementation, besides the market dominant Swedish Yubikey products.

User avatar
Pale Moon guru
Pale Moon guru
Posts: 29675
Joined: 2011-08-28, 17:27
Location: Tranås, SE

Re: U2F/FIDO (Yubikey) support  [Closed]

Post by Moonchild » 2021-04-06, 18:45

Closing as duplicate (or rather multiplcate)
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss