Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for FIDO2 resident credentials on SD card #245

Open
andrewkozlik opened this issue Jun 13, 2019 · 4 comments
Open

Add support for FIDO2 resident credentials on SD card #245

andrewkozlik opened this issue Jun 13, 2019 · 4 comments
Assignees
@andrewkozlik
Labels
core Trezor Core firmware. Runs on Trezor Model T and T2B1. fido Two-factor authentication using Trezor R&D Research and development team related
Projects
FIDO2 Backlog 🗂

Comments

@andrewkozlik
Copy link
Contributor

Supporting authenticator resident credentials makes it possible to select the credential private key given only an RP ID. This will allow Trezor to be used for first factor authentication (password-less) and it is also required for Microsoft compatibility (https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key).

In order to support this feature we will need to be able to store the Credential IDs on the SD card #162.
@andrewkozlik andrewkozlik self-assigned this Jun 13, 2019
@andrewkozlik andrewkozlik added core Trezor Core firmware. Runs on Trezor Model T and T2B1. enhancement labels Jun 13, 2019
@andrewkozlik andrewkozlik added this to the backlog milestone Jun 13, 2019
@ZdenekSL ZdenekSL modified the milestones: backlog, 2019-09, 2019-08 Jun 26, 2019
@andrewkozlik andrewkozlik mentioned this issue Jul 9, 2019
Closed
@ZdenekSL ZdenekSL added this to To do in FIDO2 via automation Jul 10, 2019
@ZdenekSL ZdenekSL modified the milestones: 2019-08, 2019-09 Aug 1, 2019
@andrewkozlik andrewkozlik changed the title Add support for FIDO2 resident credentials Add support for FIDO2 resident credentials on SD card Aug 9, 2019
@andrewkozlik
Copy link
Contributor Author

andrewkozlik commented Aug 9, 2019
edited

Passwordless login is already possible with resident credentials stored in NV RAM, which has been implemented as part of #394.

@ZdenekSL ZdenekSL added the W3 label Aug 20, 2019
@prusnak prusnak modified the milestones: 2019-09, 2019-10 Aug 20, 2019
@ZdenekSL ZdenekSL modified the milestones: 2019-10, 2019-11 Aug 29, 2019
@tsusanka tsusanka modified the milestones: 2019-11, backlog Sep 20, 2019
@prusnak
Copy link
Member

prusnak commented Sep 26, 2019

Blocked by #323

@vielhuber
Copy link

Thanks for this awesome work.

May I ask, what's the current status of this ticket?
Here is mentionned, that FIDO2 is already implemented in Trezor Model T, is that correct?
https://wiki.trezor.io/FIDO2
Will this be available also on the Trezor One?

@andrewkozlik
Copy link
Contributor Author

FIDO2 support is already fully implemented in Trezor T, including support for device resident credentials (i.e. passwordless logins) and the hmac-secret extension, which are the requirements for Microsoft compatibility. This ticket is only about the storage of the resident credentials on the SD card. Since we already allow storing up to 100 resident credentials in the Trezor T internal storage and we also support backing-up these resident credentials using trezorctl, the implementation of this ticket brings very little added value, making it very low priority.

AFAIK, there are no immediate plans for supporting FIDO2 on Trezor One. Correct me if I am wrong, @prusnak.

@prusnak prusnak added the fido Two-factor authentication using Trezor label Jan 23, 2020
@tsusanka tsusanka removed W3 labels Feb 19, 2021
@tsusanka tsusanka moved this from 📥 Inbox to 📽 Product in Firmware · Backlog 🗂 Oct 5, 2021
@tsusanka tsusanka removed this from the backlog milestone Oct 6, 2021
@tsusanka tsusanka added feature Product related issue visible for end user and removed enhancement labels Oct 7, 2021
@alex-jerechinsky alex-jerechinsky added this to 📽 Product in Backlog 🗂 Oct 22, 2021
@alex-jerechinsky alex-jerechinsky removed this from 📽 Product in Firmware · Backlog 🗂 Oct 22, 2021
@hynek-jina hynek-jina moved this from 📽 Product to 🔬 R&D in Backlog 🗂 Dec 2, 2021
@hynek-jina hynek-jina removed the MEDIUM label Dec 2, 2021
@hynek-jina hynek-jina added R&D Research and development team related and removed feature Product related issue visible for end user labels Apr 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewkozlik andrewkozlik

Labels
core Trezor Core firmware. Runs on Trezor Model T and T2B1. fido Two-factor authentication using Trezor R&D Research and development team related
Projects
Firmware
Status: No status
Backlog 🗂
🔬 R&D
FIDO2
  
To do
Milestone
No milestone
Development

No branches or pull requests
6 participants
@prusnak @tsusanka @vielhuber @hynek-jina @andrewkozlik @ZdenekSL