FIDO2 is set of specifications for multi-factor authentication. It is based on asymmetric cryptography with secrets stored in a HW token. The token must support the protocol to be usable. I own Nitrokey Start which is fundamentally similar but it speaks a different protocol (of GPG smart cards). I'm curious whether the device can serve as FIDO2 token too.
Goal for this Hackweek
There will be likely lots of impedance to match. Ideally, the secrets should never live out of the GPG smart card, however, I'm not sure if the signing protocols are compatible. (To study this is also a goal.) An alternative would be to use an established password manager (e.g. pass) and emulate the FIDO2 token in software with access to secrets in the password manager. The intention is to be able to authenticate via browser against a WebAuthn (web) service.
The goal is not to provide a more secure solution than real HW FIDO2 token.
This project is part of:
Hack Week 21
Idea is to predefin...
BPF verifier plays a ...
Today, NeuVector on...