steps to get my software-based passkey authenticator fido certified.

[Aravinth Vj]

Hello Everyone,

I'm new to fido procedures. I have been working on a software-based passkey authenticator using a browser extension to get integrated into our solution and was able to make it work on some demo websites and other websites that accepts self-signed attestation certificates. but still struggling to make it work on major websites like google. I do understand i need to get fido certified. so can anyone explain me the steps of getting certified and if an attestation certificate from a CA is required and other steps involved if any of you have already been through the steps. Thanks in advance.

[My1]

An Attestation cert is something you mostly make up yourself, generate yourself a random UUID and "claim" it as your AAGUID (ideally publish it somewhere so ppl know it exists), and make your attestation CA and then the cert.

the issue tho, CAN a software authenticator reasonably protect its attestation public key against its users?

Before you get that part done you can only really do stuff like "credential self attestation" where you make some claims like AAGUID and just sign with the credential private key and use no x5c in there, it's basically the standard for software authenticators.

Regards

My1

Am Mi., 14. Mai 2025 um 18:10 Uhr schrieb Aravinth Vj <aravint...@gmail.com>:

Hello Everyone,

I'm new to fido procedures. I have been working on a software-based passkey authenticator using a browser extension to get integrated into our solution and was able to make it work on some demo websites and other websites that accepts self-signed attestation certificates. but still struggling to make it work on major websites like google. I do understand i need to get fido certified. so can anyone explain me the steps of getting certified and if an attestation certificate from a CA is required and other steps involved if any of you have already been through the steps. Thanks in advance.

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/f3e9c236-1b95-4b50-ae02-ff29883a49ffn%40fidoalliance.org.

[My1]

considering he said passkey, I'd rather guess FIDO2, rather than UAF.

Am Mo., 1. Sept. 2025 um 19:37 Uhr schrieb Norman Poh <np...@truststamp.net>:

Hi Aravinth, also My1,

"I have been working on a software-based passkey" -- I'm working on something similar to the extent that it is software-based instead of a piece of hardware.

I do have a simple/stupid question though. Just to confirm my understanding.

1. Despite being a software authenticator, you are still developing UAF Authenticator, correct?

2. If so, you need a vendor ID, correct?

BW,

Norman

[Norman Poh]

Hi Aravinth, also My1,

"I have been working on a software-based passkey" -- I'm working on something similar to the extent that it is software-based instead of a piece of hardware.

I do have a simple/stupid question though. Just to confirm my understanding.

1. Despite being a software authenticator, you are still developing UAF Authenticator, correct?

2. If so, you need a vendor ID, correct?

BW,

Norman

On Wednesday, May 14, 2025 at 7:14:27 PM UTC+1 My1 wrote: