WebAuthn

[KrishnaPG]

Fortify looks great and greatly reduces the pain involved in the webCrypto (atleast the browser extension part is gone).

However, it is not clear, how this is related to WebAuthn, which is also a W3C spec, and greatly improves the way of using smart cards from web.

If these two could work together it would be the best solution. Tried WebAuthn compatible device with Fortify, and unfortunately it does not seem to be detected.

1. Fortify seems to have little to no support for Ed25519 and x25519 suite of algorithms that are the core of decentralized networks - will this change anytime soon?
2. WebAuthn highlights the support for use cases of sovereign identities - Fortify (at least currenty) seem to be more geared towards CA based (centralized) certifications - is this going to change?

Would love to see Fortify supporting the decentralized key systems (e.g. is FIDO2 supported?)

[rmhrisk]

WebAuthN does not support using smart cards from the web.

It supports authentication tokens in the context of authentication in compliance with the associated protocols.

Think of Fortify as pure crypto and WebAuthN as authentication.

TL;DR you can’t sign, encrypt and hash with WebAuthN.

Re: PKCS11; Fortify is based on PKCS#11 and CryptoAPI. Neither support those algorithms. The upcoming 3.x version of PKCS11 will include these algorithms.

Next we will need tokens and PKCS11 libraries for them that actually implement them.

Once that happens adding support for them is trivial.

TL;DR: you can not do crypto Operations with a FIDO token. If you have something else in mind let us know.