USB Support for FIDO CTAP/CTAP2 for U2F & WebAuthn #33
Comments
|
First public debug version of Authorizer with FIDO U2F/WebAuthn over Bluetooth (unfortunately, CTAP over USB is not yet integrated and will take still a while): #52 (comment) |
|
Hello @tejado what is the current progress of CTAP2 over USB ? can you create maybe a separate branch for that and we collab and work on that if possible , moreover I found that when you will be able to register your mobile via USB in the Windows Azure directory you can use the mobile as a security key to log into windows workstation but the only issue is that we need to have USB implementation of CTAP . |
|
Thats a good idea. I will create a new branch so you are able to see the progress. But its more in an alpha state. What part in Microsoft Entra ID requires USB? Wouldnt it work with Bluetooth? |
|
Hello @tejado , I tried to register the Authorizer as security key for Windows 10 workstation . Hereafter I found out that when you try to register in the Microsoft Entra ID only options you have for a security key are USB and NFC based keys . |
|
Hello @tejado can you please have a look at this issue and create a branch for CTAP2 over USB ? we can discuss and get that working as soon as possible . |
|
Hello @tejado any updates ? on this |
I'm working on the support of WebAuthn over USB. For this, the Android device needs to have special USB HID descriptor (CTAP) and Authorizer needs to implement the device logic (key creating and authentication).
The latest spec of the Client to Authenticator Protocol (CTAP) can be found here: https://fidoalliance.org/specs/fido2/fido-client-to-authenticator-protocol-v2.1-rd-20191217.html
The USB HID descriptor is already available in USB Gadget Tool (recently released by me).
And a first PoC to implement the WebAuthn device logic was successful.
Next step:
The text was updated successfully, but these errors were encountered: