![]() |
||
---|---|---|
.. | ||
README.md | ||
hmacfido.py |
README.md
Required packages
fido2
What it does
This script is a simple shell menu for working with fido2 hmac-secrets. When you run it you get 3 options.
- list
- create
- sign
This script does not work with resident keys so a seperate file called keys.json will be created to store the key id's. It is mostly optimized for Windows but does not work with the Webauthn API so you need to run with administrator privileges to contact the CTAP api.
hmac-secret what is it?
This extention to standard FIDO2 (I believe it's required but am not sure) supports shared secrets for use with offline devices like password vaults or disk encryption(cryptenroll).
How does it work
-
You create a credential on the key as usual with a user and relying party but with the extension enabled. Now you have a secret key stored on the device which cannot leave it.
-
more text here