Key Storage | FIDO2 for ASP.NET

FIDO Key Store

The implementation of IFidoKeyStore is responsible for performing operations against your storage layer of choice.

This interface has 5 methods:

public interface IFidoKeyStore
{
    Task<bool> DoesKeyExistForDifferentUser(byte[] credentialId, string userId);

    Task<IEnumerable<byte[]>> GetCredentialIdsForUser(string userId);
    Task<IFidoKey> GetCredentialById(byte[] credentialId);

    Task Store(IFidoKey key);

    Task UpdateCounter(byte[] credentialId, int counter);
}

This store is not intended to be a general data access layer, but only for the FIDO component.

A custom registration of IFidoKeyStore can be registered using the AddKeyStore extenion on IFidoBuilder.

services.AddFido()
    .AddKeyStore<MyCustomKeyStore>();

FIDO Key Entity

namespace Rsk.AspNetCore.Fido.Models
{
    public interface IFidoKey
    {
        /// <summary>
        /// Unique user ID that owns the credential
        /// </summary>
        string UserId { get; set; }

        /// <summary>
        /// User handle stored on the authenticator
        /// </summary>
        byte[] UserHandle { get; set; }

        /// <summary>
        /// Unique ID of the credential.
        /// This must never be registered for more than one user
        /// </summary>
        byte[] CredentialId { get; set; }

        /// <summary>
        /// Fname for the device.
        /// Should be recognisable by the user
        /// </summary>
        string DisplayFriendlyName { get; set; }

        /// <summary>
        /// Attestation type defined in https://www.w3.org/TR/webauthn/#sctn-attestation-types.
        /// Shows the level of trust in the authenticator/public key credential
        /// </summary>
        FidoAttestationType AttestationType { get; set; }

        /// <summary>
        /// Identifier for the authenticator type.
        /// Can be used to lookup metadata.
        /// </summary>
        AuthenticatorId AuthenticatorId { get; set; }

        /// <summary>
        /// Signature counter - incremented with each successful authentication
        /// </summary>
        int Counter { get; set; }

        /// <summary>
        /// The kty value of the the public key credential.
        /// Uses rfc 8152 values.
        /// </summary>
        string KeyType { get; set; }

        /// <summary>
        /// The alg value of the the public key credential.
        /// Uses rfc 8152 values.
        /// </summary>
        string Algorithm { get; set; }

        /// <summary>
        /// Public key credential serialized as JSON
        /// </summary>
        string CredentialAsJson { get; set; }

        /// <summary>
        /// When the key was created
        /// </summary>
        DateTime? Created { get; set; }

        /// <summary>
        /// When the key was last used
        /// </summary>
        DateTime? LastUsed { get; set; }
    }
}

Previous Next