Re: [webauthn] Support for FIDO passkey with HMAC-Secret extension (#1830) from Emil Lundberg via GitHub on 2022-12-06 (public-webauthn@w3.org from December 2022)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Tue, 06 Dec 2022 17:22:00 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1339717861-1670347318-sysbot+gh@w3.org>

> 1. Could FIDO passkey credentials support the HMAC-Secret extension (without the need for CTAP2)?

Yes, they could implement a feature that is API-compatible with HMAC-Secret.

> 2. Could the proposed [WebAuthn L3 PRF-extension](https://w3c.github.io/webauthn/#prf-extension) function be able to generate PRF values using FIDO passkey credentials with the HMAC-Secret extension?

Yes, this is one of the intended use cases of the PRF extension.

> 3. Can the output PRF values be used as AES-256 keys for encrypting/decrypting opaque data?

Yes, although depending on application you might want to pass the PRF output through a key derivation function (KDF) first, rather than use the raw PRF outputs directly.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1830#issuecomment-1339717861 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 6 December 2022 17:22:02 UTC