Closed kyriakopoulosd closed 3 years ago
fmeum
commented
4 years ago I am actually working on a version of WearAuthn for phones. Unfortunately, many phone vendors don't implement the required Bluetooth HID API. If your phone is a OnePlus, Nokia, Motorola or Xiaomi, it is likely that it won't be supported. Google Pixels should eventually be supported though.
kyriakopoulosd
commented
4 years ago @FabianHenneke would it be possible then to use the NFC protocol instead of the Bluetooth HID API ?
fmeum
commented
4 years ago NFC is much simpler and should work on every phone with Google Pay support.
May I ask what your use case for an NFC security key on a phone looks like? Are you using two phones and would like to use one as the security key for the other? Without Bluetooth, this could really be the only thing a phone app would be useful for.
kyriakopoulosd
commented
4 years ago Well, what I was trying to do was the following case : I wanted to use my smartphone as a physical FIDO2 security Key. For example, some online services such as Microsoft.com, github.com etc. allow to use FIDO2 Security Keys to log-in and authenticate in your account. So after buying an NFC Reader and connecting it on my pc, I wanted instead of buying a FIDO2 NFC Security key, turn and use my Smartphone as FIDO2 Security Key.
fmeum
commented
4 years ago I don't know whether Windows 10 supports FIDO security keys connected via NFC readers, but other desktop platforms mostly don't. Since an NFC reader is not that cheap and USB FIDO2 security keys can be purchased for less than 25$, this approach may even be more costly.
I cannot promise that I will finish a phone version in the near future, but will keep you updated on any progress you make.
VNRARA
commented
4 years ago I think some laptops have nfc built in. That's also what some key manufacturers are showing when you have to tap the NFC key to the laptop. Haven't seen it yet tho.
mrGabodroid
commented
4 years ago Hi @FabianHenneke !
At first, thank you for making this project open-source, it is a great inspiration.
I was reading your discussion with @kyriakopoulosd here and also here: https://github.com/Trojan295/android-webauthn-token/issues/4. So I saw your comment about the restricted access to the FIDO UUIDs and also the limited Bluetooth HID API support. So after all, I would like to ask, if it is possible to create an Android app, which one would be recognized as Bluetooth security key by Chrome browser running on my desktop (Mac OS X/Windows).
fmeum
commented
4 years ago I was reading your discussion with @kyriakopoulosd here and also here: Trojan295/android-webauthn-token#4. So I saw your comment about the restricted access to the FIDO UUIDs and also the limited Bluetooth HID API support. So after all, I would like to ask, if it is possible to create an Android app, which one would be recognized as Bluetooth security key by Chrome browser running on my desktop (Mac OS X/Windows).
@mrGabodroid What I know can be done:
Unfortunately, it seems that an actual BLE security key from a third party cannot be realized on Android currently.
fmeum
commented
3 years ago I have learned of an app that offers WearAuthn's functionality for phones: https://www.wiokey.de/en/
Hi there!
First of all, nice app! I would like to ask you if you've implemented or is possible to implement another version of this app so no wearable is needed by the user. What I would like to do is to use my mobile phone as A security key by itself instead of having a SmartWatch paired with it and having the SmartWatch as Security Key. Is it possible ?