CTAP is the protocol used between computers and security keys. CTAP 2.1 defines[1] a security key extension called credBlob that is designed to store a hash value that can be used to authenticate externally provided data. This feature involves plumbing that value through WebAuthn to let the security key see it. [1] https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html#sctn-credBlob-extension
Motivation
credBlob is designed to associate a SHA-256 hash with a credential on a security key. Microsoft (will) use this to allow externally-provided (and thus untrusted) data to be authenticated during an OS login process when central servers are unavailable. By allowing this extension to be exercised via WebAuthn it's possible to create credentials via the web that will be compatible with this. Otherwise all such credentials would have to be created via native tools.
Specification
Unknown standards status - check spec link for status
Status in Chromium
No active development
(tracking bug)
Consensus & Standardization
- No signal
- No signal
- No signals
Owner
Intent to Prototype url
Intent to Prototype threadLast updated on 2021-12-07