Andrey Ovcharov

Professional Software Engineer and hobbyist Hardware enthusiast

Andrey Ovcharov

Some progress with FIDO2 Authenticator

Last (and previous) weekends I’ve spent on the real implementation of FIDO2 WebAuthN protocol. In reality, the problem is more deep and difficult than I was thinking before, so I have re-implemented the GATT server on Android to have higher-level language and libraries and better debugging capabilities.

At the moment I have fully working “Make Credential” workflow with proper certificate generation and response signing. Here’s short video with demonstration of the process

While implementing I’ve found one inconsistency in the documentation. When you’re sending back response with new credential the specification defines indexes of authData and fmt as 0x01 and 0x02 respectively, while Chrome requires these parameters swapped - 0x01 should be fmt and 0x02 should be authData.

As well I think the user’s interface is quite misleading if you work with BLE protocol. The Chrome asks the user which authenticator should be used while the actual communication with the device is already going in the background. User has no clue they should open up the device and perform next authentication steps with it.

So, the project is slowly moving forward.