Writing a FIDO2 Device

[zubin choudhary]

Hey,
I'm trying to write a Fido2 authentication device,
I tried reading specifications but can't quite wrap my head around it.
can anyone please help me how to start?

thanks
Zubin Choudhary

[Yakov Revyakin]

Hi Zubin,

I strongly recommend using mind maps to compile knowledge. It really helps.

J

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/ddba7a00-10d7-4135-85a0-284a7461e102%40fidoalliance.org.

[Yakov Revyakin]

I mean how to understand all those data structures and relations between them mentioned in CTAP2 and Webauthn specs.  It is impossible to build an authenticator based only on CTAP2 spec. You must learn Webauthn and CTAP2 as the whole

J

[Fan DANG (党凡)]

Yes, it is possible.

If you have written a U2F device, the HID protocols are almost identical. You can get started from the HID part.

Then you may focus on the API part: two major operations are authenticatorMakeCredential (registration) and authenticatorGetAssertion (authentication).

P.S., at the very beginning, I suggest that you simply ignore all optional behaviors and just make it work.

--

  党凡 / Fan DANG

To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CALXvSntsSDVW0V4nMaraTRdhus7%2BCbcG9ChpmYXh2oDvWase3Q%40mail.gmail.com.

[Love Words]

[Love Words]

0183621340

--
You received this message because you are subscribed to a topic in the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this topic, visit https://groups.google.com/a/fidoalliance.org/d/topic/fido-dev/8i8mbE3lUOY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/a049fa1a-b31a-494c-9723-d3cfe3e44f88%40fidoalliance.org.

[zubin choudhary]

okay,
So as per the specs here [1], We 0x01 (clientDataHash) is a Byte array
and 0x02 (rp).
but the byte array is for sure just not a single byte.
can anyone please explain how this is working?

Thanks


[1] https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorMakeCredential

> To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/b4acf7a9-1a9c-4440-965e-7000ab3571a3%40www.fastmail.com.

[Fan DANG (党凡)]

Note that data are encoded in the CBOR format.
You may use tools like Wireshark to dump the data and compare them to this spec.
P.S., you can check our open-source implementation here: https://github.com/canokeys/canokey-core/tree/master/applets/ctap. Hope this may help.

[Nguyen Van Cuong]

I think you should dig into opensource firmware like solokeys to understand how to implement FIDO2 devices.

https://github.com/solokeys/solo

Read the code, you can understand how FIDO2 work and how to apply specs

[John Bradley]

If you like Rust then the google opensource may also help you.

https://github.com/google/OpenSK

--

You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.

To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/5bd92380-33b8-413b-a397-2512c128c73e%40fidoalliance.org.