# Uniauth
Easy-to-use abstraction over authentication.
# How it works
1. Application tells the server of a requested action (for example, to log in) and asks for a nonce.
2. Server issues a nonce which will never be used again.
3. Application tells the user's local uniauth daemon to sign a challenge using the nonce, service name and username.
4. User authenticates/authorizes the action.
5. Daemon signs the challenge and response is sent from the application to the server.
6. Server verifies the challenge against the user's key(s).
# Server
Servers only store public keys, if/when the server is compromised the attacker cannot do anything with them.
# Daemon
Uniauth daemons can do anything, from being completely autonomous to using a hardware authenticator.
# Signature Algorithms
The application-daemon protocol supports any algorithm with a signature under 256 bytes long, but currently only **ed25519** is implemented.
It is advised to serialize keys using 16-bit lengths for potential compatibility with large keys like RSA.