ventilaar
/
random-scripts
1
Fork 0
Code Releases Activity
random-scripts/fido2-hmac
History
Ventilaar c6aa41e273 merge from previous repos 2022-12-22 15:12:24 +01:00
..
README.md merge from previous repos 2022-12-22 15:12:24 +01:00
hmacfido.py merge from previous repos 2022-12-22 15:12:24 +01:00

README.md

Required packages

fido2

What it does

This script is a simple shell menu for working with fido2 hmac-secrets. When you run it you get 3 options.

  • list
  • create
  • sign

This script does not work with resident keys so a seperate file called keys.json will be created to store the key id's. It is mostly optimized for Windows but does not work with the Webauthn API so you need to run with administrator privileges to contact the CTAP api.

hmac-secret what is it?

This extention to standard FIDO2 (I believe it's required but am not sure) supports shared secrets for use with offline devices like password vaults or disk encryption(cryptenroll).

How does it work

  • You create a credential on the key as usual with a user and relying party but with the extension enabled. Now you have a secret key stored on the device which cannot leave it.

  • more text here