In recent days Passkeys are in news following announcements from Google, Apple and others.
[Screen shot from https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/ ]
Passkey’s are a new brand name for WebAuthn + CTAP2 from FIDO2 standards. The underlying technology uses FIDO2 compliant Public key Cryptography targeted for Web applications. Passkey makes the FIDO2 authentication method only available to people using hardware devices like Yubikeys available to everyone by making mobile phones and popular OSes supporting storage and syncing of the private keys used for authentication.
Some keywords to quickly understand the technology:
WebAuthn/FIDO2 = Passkey
Discoverable Credential or discoverable WebAuthn/FIDO2 Credential = Passkey
FIDO2 devices and Passkeys generate Public - Private key pairs and then store the private key securely. The public key is stored by a FIDO2 complaint backend service which then allows authentication. When a user wants to access a website in a computer using Passkeys, assuming the user has previously signed up using a mobile device, then the browser requests the mobile device to authenticate on behalf of the browser. Such communication between mobile devices and computers uses CTAP2 and the transport protocol is Bluetooth in the case of mobile devices (Both iOS and Android). In the case of devices like NFC rings, the transport protocol is replaced with NFC.
What is FIDO2 ?
Fast Identity Online (FIDO) is standard to handle password-less authentication on mobile devices, web browsers and in operating systems.
FIDO2 handleds:
- Authentication
- Registration
What is WebAuthn ?
W3C standard for web authentication supported by major browsers. WebAuthn makes it possible to use websites using the FIDO2 authentication method.
What is CTAP2 ?
Client to Authenticator Protocol - Establishes connection with an external authenticator like a Mobile phone, Security key etc.
The underlying transport for CTAP is : NFC, USB HID, Bluetooth (smart and BLE)
Passkeys vs YubyKey
Copyable, Syncable, Shareable, Multi Device FIDO2/WebAuthn keys
**Incorporating Passkey **
For incorporating Passkey, we would need support for the technology, i.e. authentication in the frontend and a backend server which is FIDO2 compliant. The backend system essentially stores Public keys corresponding to a device’s passkey and uses the same to process authentication requests it receives from Authenticators like Mobile devices or dedicated Multi Factor tools like YubiKey.
In a nutshell, any application wanting to provide support for Passkey must incorporate frontend support and use a backend. Popular services like Auth0 are already offering Passkey support.
Blockchains and Passkey
Since blockchains and Passkey’s are using a Public Key encryption scheme, one obvious question is whether it’s possible to use Passkey to access blockchains. Additionally is it possible to use Passkey with a popular Ethereum wallet like Metamask ?
The answer to this question depends on the type of Encryption Algorithm, mostly Elliptic Curve used in generation of the keys in Passkeys (WebAuthn) and in the blockchains.
FIDO2 uses NIST FIPS 186-4 mentioned the Elliptic Curves mentioned in “Appendix D: Recommended Elliptic Curves for Federal Government Use” . secp256r1 aka NIST P-256 is suggested but Chains like Ethereum and Bitcoin uses secp256k1. EOSIO blockchain on the other hand added support for secp256r1.
Polkadot blockchain uses Schnorrkel signature scheme and the Curve25519 which are relatively new and not yet included in the NIST or FIDO2 specifications.
References
- ++https://www.yubico.com/blog/a-yubico-faq-about-passkeys/++
- ++https://ethereum.stackexchange.com/questions/82530/why-ethereum-based-dapps-dont-use-webauthn++
- EOSIO support for secp256r1 ++https://web.archive.org/web/20230509092832/https://github.com/EOSIO/eos/pull/7421++ & ++https://web.archive.org/web/20230508180031/https://github.com/Gimly-Blockchain/eosio-did-spec/issues/5++
- Safe Curves ++https://web.archive.org/web/20230423144205/https://safecurves.cr.yp.to/++
- End user doc ++https://fidoalliance.org/how-fido-works/++
- Awesome Webauthn: ++https://github.com/herrjemand/awesome-webauthn++
Discord Server.This post has been manually curated by @bhattg from Indiaunited community. Join us on our
Do you know that you can earn a passive income by delegating to @indiaunited. We share more than 100 % of the curation rewards with the delegators in the form of IUC tokens. HP delegators and IUC token holders also get upto 20% additional vote weight.
Here are some handy links for delegations: 100HP, 250HP, 500HP, 1000HP.
100% of the rewards from this comment goes to the curator for their manual curation efforts. Please encourage the curator @bhattg by upvoting this comment and support the community by voting the posts made by @indiaunited..
This post received an extra 20.00% vote for delegating HP / holding IUC tokens.
Congratulations @bobinson! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)
Your next target is to reach 64000 upvotes.
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOPCheck out our last posts:
It would be really nice to connect these wallets somehow to an authenticator using the fingerprint, I hope one day they can connect to the blockchains, I would use it
@malos10 Connecting to blockchains is supported by EOSIO chain and some of the products from Blockone like the Bullish exchange. It will be possible add Passkey support to Hive as well. For other chains like Ethereum it could be tricky as they have different encryption algorithms in use.