-
Notifications
You must be signed in to change notification settings - Fork 59
-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How/where are skfsclient keys stored? #101
Comments
Since skfsclient is intended only for demonstration or automated testing
purposes, it uses a fixed AES key to encrypt the private-key and stores
them on the FIDO Server.
The FIDO protocol supports an authenticator to send an opaque blob
(known as the "keyHandle") that is always returned with the
preauthenticate and preauthorize responses. As a result, skfsclient
merely uses the fixed AES key to decrypt the keyHandle, reassemble the
private-key to digitally sign the challenge.
Some physical Security Key manufacturers use a similar design to support
an "unlimited" number of registered keys with their authenticators. Of
course, they don't use fixed keys, but randomly generate a unique AES
key within their device on first use.
…On 4/7/21 7:13 AM, Anders Rundgren wrote:
I'm able to register and authenticate using the skfsclient.
What I don't get is where the client keys are saved. I have skimmed the
source but I just don't get it 😵
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#101>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABWSVTVS6GCPLYTM2F7NAEDTHRR7ZANCNFSM42Q4AAEQ>.
|
Thanx Arshad!
|
I think I found it! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm able to register and authenticate using the skfsclient.
What I don't get is where the client keys are saved. I have skimmed the source but I just don't get it 😵
The text was updated successfully, but these errors were encountered: