Use aPAKE/OPAQUE for FIDO multi-device credentials (PassKey)

[Sebastian-Elfors-IDnow]

The OPAQUE Asymmetric PAKE Protocol has recently been published by the IETF Network Working Group.

In particular, the section "Client Credential Storage and Recovery" is interesting, because that part specifies how a client can encrypt its private key in an envelope and store it on the server together with the server's public key. The user uses a PIN-code to encrypt the envelope that is then stored at the server. The client can thus download its envelope and decrypt it with a PIN-code. The recovered private key can then be stored in the mobile's TPM/TEE. Furthermore, the client can use the server's public key to authenticate to the server and to create a session key.

This could perhaps be a standardized option for roaming of FIDO multi-device credentials (PassKey)? Perhaps it can be mentioned as an implementation example (or similar) in the WebAuthn standard?

[timcappalli]

I don't believe there would be any changes in WebAuthn to support this. It would be all authenticator side. passkeys are just regular old WebAuthn credentials from the perspective of the WebAuthn specification.

I would suggest bringing this up at a future FIDO plenary BoF session.

[Sebastian-Elfors-IDnow]

Thanks for your insights and recommendations, Tim. I'll keep in mind to propose this as a BoF session at a FIDO plenary.

[emlun]

From WG call 2023-02-08: Looks like no further action is needed here.