Password manager app for iOS: passkey support

Andrey Shcherbakov

unread,

Sep 22, 2024, 2:54:02 PM9/22/24

to FIDO Dev (fido-dev)

Hi All!

I am developing a password manager app for iOS. I started implementing FIDO passkey support for my AutoFill extension there. There is an API for that starting from iOS 17.

Unfortunately, I cannot find any clear documentation or examples on that. Not in Apple iOS docs, not at FIDO alliance. Can you give me a hint where to start, please?

For example, there is a function in the ASCredentialProviderViewController (iOS AutoFill API) that is used to register a new passkey:

-(void)prepareInterfaceForPasskeyRegistration:(id <ASCredentialRequest>)registrationRequest

I understand the general scheme as describe here:
https://www.passkeys.io/technical-details#tab1

But I am stuck with the details: what algos to use for key generations, how exactly to sign the challange...

Thanks in advance and saludos from Buenos Aires!
Andrei

My1

unread,

Sep 23, 2024, 4:50:47 AM9/23/24

to Andrey Shcherbakov, FIDO Dev (fido-dev)

I think you can look here for some of the details on how WebAuthn signatures and stuff are handled.

https://www.w3.org/TR/webauthn-2/#sctn-authenticator-model

especially

https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred

and

https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion

signature specific stuff:

https://www.w3.org/TR/webauthn-2/#sctn-none-attestation (passkeys usually use no attestation, iirc, although if you want to have some metadata for your passkey self-attestation is likely the way to go considering you likely don't exactly have a way to keep a keypair safe *against* your users) https://www.w3.org/TR/webauthn-2/#sctn-attestation-types)

https://www.w3.org/TR/webauthn-2/#sctn-authenticator-data

also side note: the best idea to go if you wanna make a syncable passkey solution is to not use a signature counter and just always submit zero.

regarding apple specific stuff, you function you mentioned

https://developer.apple.com/documentation/authenticationservices/ascredentialproviderviewcontroller/prepareinterface(forpasskeyregistration:)?language=objc

asks to call another one

https://developer.apple.com/documentation/authenticationservices/ascredentialproviderextensioncontext/completeregistrationrequest(using:completionhandler:)?language=objc

which mentions an "AS Passkey Registration Credential"

https://developer.apple.com/documentation/authenticationservices/aspasskeyregistrationcredential?language=objc

and here is the juicy stuff that connects the Apple Documentation and the WebAutn Authenticator model as this shows you

1) related function to its creation

2) working with its parameters which are generally the same as in webauthn

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/7552c8b1-8aed-4cef-ab95-8c09222e0d10n%40fidoalliance.org.

Andrey Shcherbakov

unread,

Sep 23, 2024, 10:27:16 AM9/23/24

to FIDO Dev (fido-dev), My1, FIDO Dev (fido-dev), Andrey Shcherbakov

Hi My1

Thanks a lot for this info! I really appreciate your help.

Andrey

Reply all

Reply to author

Forward