I am using fido2 python package and I would like to know how to generate an EC pair (ES256)
public and private key.
and also how to sign a challenge using the private key so it'll be possible to verify it with the public key
Thanks
Asked
Active
Viewed 169 times
-1
Nadav
- 2,589
- 9
- 44
- 63
2 Answers
0
The Web Authentication protocol (and FIDO2 CTAP2 protocol built on top of it) have a challenge/response protocol against a device representing authentication of the user called an Authenticator.
The fido2 python library is meant to be used to talk to the authenticator, not to emulate an authenticator itself. The role that talks to the authenticator is called a Relying Party.
Systems typically further divide the Relying Party role into client and server roles - the client communicates with the authenticator, but really it is relaying the communication to and from the server. In WebAuthn, the browser, the site javascript it is running, and any underlying platform support are all considered part of the client. If you have native code talking USB or NFC to an authenticator (on platforms which let you), that native code is considered an authenticator.
The underlying authentication challenge does not have a cryptographic signature from the relying party. Instead, the cryptographic signature is made by the authenticator - the authenticator generates a new key pair on registration, and then supplies a signature from that key to prove possession and thus prove authentication. Since fido2 does not have authenticator support, it has no need to generate key pairs (outside of potential test code).
Note that this gets to an essential of the underlying WebAuthn and FIDO2 platform trust model - the user must trust the client. For this reason, several platforms have locked out low-level access to authenticator hardware (USB, NFC and BLE communication to hardware) and instead provide system API. Native applications must have entitlements to operate on behalf of a particular web origin as a WebAuthn client, and browsers must request special entitlements from the platform in order to represent all web domains.
This does not affect usage of fido2 for implementing server functionality, but I'd advise you to double-check platform support if you plan to use it to implement any client functionality.
David Waite
- 104
- 3
-
that wasn't the question I know what's a relaying party and I read quite a lot about this protocol the usb fingerprint and other CTAPs are using an a symmetric keys the CTAP - on successful authentication sign the challenge and pass the signature into the relaying party, which verify the challenge using the provided public key – Nadav Jan 07 '22 at 15:55
0
from cryptography.hazmat.primitives.asymmetric import ec
from fido2 import cbor
private_key = ec.generate_private_key(ec.SECP256R1())
public_key = private_key.public_key()
and for exporting the keys:
private_key_pem = private_key.private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.BestAvailableEncryption(b'password'))
x, y = int2bytes(public_key.public_numbers().x), int2bytes(public_key.public_numbers().y)
public_key = cbor.encode({1: 2, 3: -7, -1: 1, -2: x, -3: y})
the keys can now be exported to the client via base64 / cbor encoding
Nadav
- 2,589
- 9
- 44
- 63