public key: pQECAyYgASFYIFsl5O6VHyqngNHPlNmWrjGTPjLFh1jzVnhOUJGP79yVIlgg6L2rDoH/l028WsMes+MbDU0RzM2oSdTcRq+cSwz/E/k=
friendly name:
unhygienix
The only thing you can do with that data is the exact thing it's intended for, checking the user has the authenticator corresponding to that ID and wants to sign into this particular web site. Also I guess you maybe learn that this user enjoyed the Asterix comics?
You can't impersonate me using that data, any more than you can impersonate Hacker News based on the data inside its TLS certificate.
Here's what my site has on file for one of my own logins:
id: AWrNx4WDVIACFXeNDG4h6R6/ppUi8oIuXJYRwaJtOxssDZybQnu8wt6Cjdc4PqztvnSxnSgLmZGRT1BTnbZjz/M=
public key: pQECAyYgASFYIFsl5O6VHyqngNHPlNmWrjGTPjLFh1jzVnhOUJGP79yVIlgg6L2rDoH/l028WsMes+MbDU0RzM2oSdTcRq+cSwz/E/k=
friendly name: unhygienix
The only thing you can do with that data is the exact thing it's intended for, checking the user has the authenticator corresponding to that ID and wants to sign into this particular web site. Also I guess you maybe learn that this user enjoyed the Asterix comics?
You can't impersonate me using that data, any more than you can impersonate Hacker News based on the data inside its TLS certificate.