psanford
commented
1 year ago I've actually started to work on factoring out an API where you can provide your own key storage management object and all the protocol bits are handled by the library: https://github.com/psanford/ctapkey. There's a branch of tpm-fido that's already using the library and I think could be merged into main: https://github.com/psanford/tpm-fido/tree/use-ctapkey
My plan is to add fido2 support to that library.
I'm working on xdg-credentials-portal, a proposal for platform APIs akin to Windows Hello for the Linux desktop. This project would be a great fit as backend for the platform authenticator (I'd love to hear your thoughts).
Whilst CTAP over HID is already supported for U2F, it may be easier to build FIDO2 operations without the overhead of the CTAP2 protocol at first. If that's the case, would you please consider exposing U2F/WebAuthn APIs directly for use by other libraries, such as directly by libwebauthn. Thanks!