我可以创建具有WebAuthn身份验证的确定性数据吗?

huangapple go评论60阅读模式
英文:

Can I create deterministic data with webauthn authentication

问题

我有一个与私钥一起工作的应用程序。此私钥以用户在服务器端确定的密码进行加密,以便不给用户带来任何困难。当用户想要使用私钥时,用户可以使用其密码解密它并再次使用它。在使用密码解密私钥后,我会检查是否泄露了任何有意义的数据。
您可以在此处查看流程图

我想在这里删除密码,并集成webauthn。然而,由于应用程序的代码库非常庞大,要在系统中进行更改非常困难。是否可以从身份验证响应中的值中使用确定性数据来代替密码?是否可能设计这种结构?
这是我想做的事情

我知道Webauthn不是一种新兴的存储数据的标准。但我想知道是否可以创建一种只能在身份验证时获得的确定性数据。

英文:

I have an application that works with a private key. This private key is kept encrypted with the password determined by the user on the server side in order not to cause any difficulties to the user. When the user wants to use the private key, user can decrypt it with their password and use it again. After the private key is decrypted with a password, I check if any meaningful data is revealed.
You can check process graph here

I want to remove the password here and integrate webauthn instead. However, it is very difficult to make changes in the system because the code base of the application is very large. Is there a deterministic data that I can use instead of the password here from the values that come with the authentication response? Would it be possible to design this structure?
Thats what I want to do

I know that Webauthn is not an emerging standard for storing a data. But I am wondering if I can create a deterministic data that cannot be obtained outside of authentication.

答案1

得分: 1

你可以在基于Chromium的最新版本浏览器中使用PRF扩展,并与支持CTAP2的安全密钥一起,从安全密钥断言中获取对称密钥。

英文:

You can use the PRF extension in recent versions of Chromium-based browsers, and with CTAP2-capable security keys, to get a symmetric key from a security key assertion.

huangapple
  • 本文由 发表于 2023年6月25日 22:45:04
  • 转载请务必保留本文链接:https://go.coder-hub.com/76550969.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定