Andrey Ovcharov

Tech blog

Andrey Ovcharov

WebAuthN on ESP32 development board

After implementing the Android app for FIDO2 authentication I started to implement the same functionality on the ESP32 development board.

In the beginning, I started development with C++ on the Arduino Platform as it has a high-level library to operate Bluetooth Low Energy (BLE). But after some work, I have figured out that this library is only a thin wrapper around functions provided by the ESP IDF framework. Therefore I have switched to ESP IDF and continued development with C language. The previously built Android app helped me a lot in debugging various issues with the protocol.

And finally, I’ve made this project running.

I have trimmed a lot of functionality to achieve this. For example, I have implemented only one credential which is stored in a volatile device’s memory. User validation and presence is implemented as a simple button click. Most of the checks and validations are missing as well.

Nevertheless, I was able to pass both “Make Credential” and “Get Assertion” procedures on https://webauthn.bin.coffee/ webpage and the video below shows the full process of registration and authentication.

So at this point I have almost all the required pieces to continue with the build of personal Authenticator device. Every piece can be improved independently while maintaining basic functionality of registration and authentication workflows.

Now I am thinking of making a custom PCB board for the device. Looks like it can be small-sized wearable allowing to use secure passwordless authentication.