4

I am looking for the use case/scenario for setting up a smart phone as an authenticator using CTAP2 specifications.

I am looking for the use case in which a user setup the browser to interact with their smart phone the same way it would when using Yubikey or another similar security key. I have read all the documentations related to it but unfortunately what I always get an article using Yubikeys / other USB devices as the authenticator. I am looking forward for some interaction where mobile phone serves a roaming authenticator.

By having a look at the documentation and CTAP specification conceptually I know this can be done by having some connection between the phone and the host via:

  • Bluetooth
  • NFC
  • USB

After establishment of connection the mobile authenticator could then implement the CTAP2 protocol so that the browser considers it as roaming authenticator. I am also looking forward to see the authentication process using some BLE enabled device. I have already tried log-in using yubikey security key on website. But I want to achieve the same flow login-mechanism using Bluetooth enable Thetis BLE key or mobile itself.

Any insights would be very helpful. I am also looking forward for people working on this particular use case to have a mutual discussion.

mehak
  • 43
  • 4

2 Answers2

6

First, you need to follow this spec to develop your roaming authenticator. FIDO2 standard is recommended if you start the development now. There are 2 modules which may take your time to research & develop your authenticator: BLE, FIDO Crypto logic. This is the hardest work because there is no kind open source published for reference, you must be totally working with spec.

Second, you can use one these clients to test your authenticator while developing:

Note: It's not convenient to do iOS authenticator now. Please check this issue to see why

Third, you may use FIDO Conformance Tools to validate your authenticator.

Finally, you may go get certified and register on MDS if need

Bao HQ
  • 1,145
  • 7
  • 18
1

I am searching for the same thing. For future readers as of now 2020, below resources are helpful if anyone else is looking.

You could look into https://github.com/solokeys/solo which provides open source implementation for hardware and firmware. It is a great starting point. As they have ctap implemented they also have hid emulation using usb_gadget for linux.

You could also look into https://github.com/github/SoftU2F which is a software u2f for MacOS using mac keychain.

Hey24sheep
  • 1,172
  • 6
  • 16