Passkeys and device public key

Privacy & Security General
Rmurali OP
Created Oct ’22
Replies 1
Boosts 1
Views 1.3k
Participants 2

Hello,

As a relying party is there currently a way within iOS for me to request/ensure the user authenticates with a FIDO credential that is generated from and bound to the device's platform authenticator rather than shared as a passkey via iCloud keychain ? Does iOS implement the device public key (DPK) extension in its WebAuthn implementation ?

Everything I have read so far seems to suggest for iOS platform authenticators passkeys is the supported FIDO credential and there is no way to turn off credential syncing for use cases that warrant AAL Level 3 authentication.

Thanks for any help.

RMurali

Replies  1
Boosts  1
Views  1.3k
Participants  2
msmtamburro OP
Mar ’23

I'm also interested in understanding if iOS, like Android, has implemented the proposed Device-bound Public Key WebAuthn extension (devicePubKey). This is described here: https://security.googleblog.com/2022/10/SecurityofPasskeysintheGooglePasswordManager.html

Passkeys on Android support the proposed Device-bound Public Key WebAuthn extension (devicePubKey). If this extension is requested when creating or using passkeys on Android, relying parties will receive two signatures in the result..

0
Passkeys and device public key
First post date Last post date
 
 
Q