WebAuthn is a standard for strong authentication on the Web, it's available in all major browsers. There are also native APIs available for Android and Windows. Behind the scenes, WebAuthn communicates with FIDO authenticators using the CTAP2 protocol.
libfido2 is an alternative library for destop operating systems that provides utilities to interact with FIDO2 devices.
To register a credential in the browser with hmac-secret extension you would need to specify that in the extension for the key creation, like this:
const publicKey = {
/* ... */
extensions: {
hmacCreateSecret: true,
},
};
navigator.credentials.create({ publicKey })When obtaining an assertion, fido2-assert expects its input to consist of:
- client data hash (base64 blob)
- relying party id (UTF-8 string)
- credential id, if credential not resident (base64 blob)
- hmac salt, if the FIDO2 hmac-secret extension is enabled (base64 blob)
Using the response from the browser registration, you can build that file and then try:
fido2-token -L // to list the available tokens
fido2-assert -G -h -i assert_param ioreg://xxxxxxxxxx