|
|
|
|
|
|
by scott00
1340 days ago
|
|
|
In most implementations there's only a key or two on the device that you have to sync. The webauthn protocol requires a site that accepts it to store a small amount of arbitrary data for each registered device, which is then handed to any device that attempts auth. Most devices use that to store a copy of the site-specific private key encrypted with one of the device keys. (IIRC there's usually a symmetric key and an asymmetric keypair that are protected by the device, and the symmetric one is the more convenient to use for encrypting the site data.) It's possible to store every key the device has registered, but most devices don't do it that way to keep the cost of the secure enclave low. |
|
|