Crate webauthn_authenticator_rs

Expand description

webauthn-authenticator-rs is a library for interfacing with FIDO/CTAP 2 tokens.

This performs the actions that would be taken by a client application (such as a web browser) to facilitate authentication with a remote service.

This library aims to provide abstrations over many platform-specific APIs, so that client applications don’t need to worry as much about the finer details of the protocol.

This is a “pre-1.0” library: it is still under active development, and the API is not yet stable or final. Some of the modules have edge cases which may cause you to get permanently locked out of your authenticator.

This library is not FIDO certified, and currently lacks a thorough security review.

§FIDO / CTAP version support

This library currently only supports CTAP 2.0, 2.1 or 2.1-PRE.

Authenticators which only support CTAP 1.x (U2F) are unsupported. This generally only is an issue for older tokens.

The authors of this library recommend using FIDO2 certified hardware authenticators with at least Autenticator Certification Level 2. Be cautious when buying, as there are many products on the market which falsely claim certification, have implementation errors, only support U2F, or use off-the-shelf microcontrollers which do not protect key material (Level 1).

§Features

Note: these links may be broken unless you build the documentation with the appropriate --features flag listed inline.

§Transports and backends

bluetooth: Bluetooth ¹
cable: caBLE / Hybrid Authenticator ¹
- cable-override-tunnel: Override caBLE tunnel server URLs
mozilla: Mozilla Authenticator, formerly known as u2fhid
nfc: NFC via PC/SC API ¹
softpasskey: SoftPasskey (for testing) ¹
softtoken: SoftToken (for testing) ¹
usb: USB HID ¹
win10: Windows 10 WebAuthn API

§Miscellaneous features

ctap2: CTAP 2.0, 2.1 and 2.1-PRE implementation ¹.

Automatically enabled by the bluetooth, cable, ctap2-management, nfc, softtoken and usb features.
- ctap2-management: Adds support for configuring and managing CTAP 2.x hardware authenticators to the CTAP 2.x implementation.
crypto: Enables OpenSSL support ¹. This allows the library to avoid a hard dependency on OpenSSL on Windows, if only the win10 backend is enabled.

Automatically enabled by the ctap2, softpasskey and softtoken features.
qrcode: QR code display for the Cli UI, recommended for use if the cable and ui-cli features are both enabled
ui-cli: Cli UI

Feature requires OpenSSL. ↩

Modules§

bluetoothbluetooth: BluetoothTransport communicates with a FIDO token over Bluetooth Low Energy, using btleplug.
cablecable: caBLE / Hybrid Authenticator
ctap2ctap2: This package provides a CTAP 2.0, CTAP 2.1-PRE and CTAP 2.1 protocol implementation on top of Token, allowing you to interface with FIDO authenticators.
error
mozillamozilla: Authenticator implementation using Mozilla’s authenticator-rs library.
nfcnfc: NFCTransport communicates with a FIDO authenticator using the PC/SC API.
prelude
softpasskeysoftpasskey
softtokensofttoken
transportctap2: Low-level transport abstraction layer for communication with FIDO tokens.
types: Types used in a public API.
u2fhidDeprecatedu2fhid: Mozilla authenticator-rs backend. Renamed to MozillaAuthenticator.
ui
usbusb: USBTransport communicates with a FIDO token over USB HID.
win10win10: Bindings for Windows 10 WebAuthn API.