0

When a user want to register his device, the relying party provide some parameters which are :

  • a challenge,
  • appID,
  • Version of protocol

The user performs then a "user presence test" by touching the button on his device sending those informations :

dictionary RegisterResponse { DOMString registrationData; DOMString clientData; };

Relying party do what he has to do with those informations and the process is finished !

But I do not understand the following part. Based on the specifications of U2F protocol :

Registration Request Message - U2F_REGISTER This message is used to initiate a U2F token registration. The FIDO Client first contacts the relying party to obtain a challenge, and then constructs the registration request message. The registration request message has two parts: The challenge parameter is the SHA-256 hash of the Client Data, a stringified JSON data structure that the FIDO Client prepares. Among other things, the Client Data contains the challenge from the relying party (hence the name of the parameter). The application parameter [32 bytes]. The application parameter is the SHA-256 hash of the application identity of the application requesting the registration. (See [FIDOAppIDAndFacets] in bibliography for details.)

https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-raw-message-formats.html

At which step this part is run ?

Thank you in advance !

QBl
  • 71
  • 1
  • 2
  • 7

1 Answers1

1

You are talking about registration so linking a key to an account. To register a key:

  1. The user types in name/password and posts to the server.
  2. The server replies with RegisterRequestData (created with the server side u2f library).
  3. The client side uses library function u2f.register which gives the request to the U2F device and gets back a RegisterResponse (json with the device registration info). This is send back to the server.
  4. The server gives the reply to the serverside u2f library and saves the DeviceRegistration.

Authentication/login is similar but with the server sending DeviceRegistration + challenge to the client which uses u2f.sign and returns the DeviceResponse.

A schema that makes it clear I think: https://developers.yubico.com/U2F/Libraries/Using_a_library.html

Dean Voets
  • 21
  • 4