Conor Patrick
GitHub
commit
f5c6f99423
@ -22,8 +22,8 @@ for FIDO2 operation.
|
|||||||
When you register a service with a FIDO2 or U2F authenticator, the
|
When you register a service with a FIDO2 or U2F authenticator, the
|
||||||
authenticator must generate a new keypair unique to that service. This keypair
|
authenticator must generate a new keypair unique to that service. This keypair
|
||||||
could be stored on the authenticator to be used in subsequent authentications,
|
could be stored on the authenticator to be used in subsequent authentications,
|
||||||
but now a certain amount of memory needs to be allocated for this. On embedded
|
but a certain amount of memory would need to be allocated for this. On embedded
|
||||||
devices, there isn't much memory to spare and users will allows frustratingly
|
devices, there isn't much memory to spare and users would frustratingly
|
||||||
hit the limit of this memory.
|
hit the limit of this memory.
|
||||||
|
|
||||||
The answer to this problem is to do key wrapping. The authenticator just
|
The answer to this problem is to do key wrapping. The authenticator just
|
||||||
@ -39,7 +39,7 @@ In essence, the following happens at registration.
|
|||||||
3. Return `P` and `R` to service. (`R` is in `KEYID` parameter)
|
3. Return `P` and `R` to service. (`R` is in `KEYID` parameter)
|
||||||
4. Service stores `P` and `R`.
|
4. Service stores `P` and `R`.
|
||||||
|
|
||||||
Now on authenication.
|
Now on authentication.
|
||||||
|
|
||||||
1. Service issues authentication request with `R` in `KEYID` parameter.
|
1. Service issues authentication request with `R` in `KEYID` parameter.
|
||||||
2. \* Authenticator generates `K` by calculating `HMAC(M,R)`.
|
2. \* Authenticator generates `K` by calculating `HMAC(M,R)`.
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user