getify
commented
3 months ago Lots of useful links here: https://github.com/forcedotcom/cli/discussions/2482
Open getify opened 3 months ago
getify
commented
3 months ago Lots of useful links here: https://github.com/forcedotcom/cli/discussions/2482
getify
commented
3 months ago
instead of sticking the encryption-key IV in the
userHandle, consider PRF extension, which allows a passkey to generate a safely secure number suitable as key material.https://bitwarden.com/blog/prf-webauthn-and-its-role-in-passkeys/
https://github.com/w3c/webauthn/wiki/Explainer:-PRF-extension
Chrome supports PRF: https://chromestatus.com/feature/5138422207348736
Safari 18 adding PRF support: https://webkit.org/blog/15443/news-from-wwdc24-webkit-in-safari-18-beta/#:~:text=And%20third%2C%20WebKit%20for%20Safari%2018%20beta%20adds%20support%20for%20the%20WebAuthn%20prf%20extension.%20It%20allows%20for%20retrieving%20a%20symmetric%20key%20from%20a%20passkey%20to%20use%20for%20the%20encryption%20of%20user%20data.