Andrey Ovcharov

Professional Software Engineer and hobbyist Hardware enthusiast

Andrey Ovcharov

ESP32 implementation of FIDO2 Authenticator

Last weekend I could play with the ESP32 board to implement BLE transport for FIDO2 WebAuthN protocol. The great BLE library for Arduino and tutorials helped me a lot. Now my developer board advertises itself as FIDO2 Authenticator and provides four required endpoints to communicate. Google Chrome is able to detect the device and tries to connect to it which I consider as a great success for the weekend project. However, the endpoints just do nothing at the moment and authentication fails with an error.

As well I have discovered a great chip for Secure Authentication - ATECC508A. From the datasheet details, it supports elliptic curve encryption and securely stores 16 user keys.

I’m thinking if 16 keys are enough or not. From my perspective it’s quite a decent amount - the user can use secure authenticator device to log in to major and most important accounts like Google or Github and use them as OAuth provider later. If not - the ESP32 board has 4Mb flash memory onboard which can be used to store more keys and the ATECC508A could encrypt them.