Crate webauthn_authenticator_rs

source ·
Expand description

webauthn-authenticator-rs is a library for interfacing with FIDO/CTAP 2 tokens.

This performs the actions that would be taken by a client application (such as a web browser) to facilitate authentication with a remote service.

This library aims to provide abstrations over many platform-specific APIs, so that client applications don’t need to worry as much about the finer details of the protocol.

This is a “pre-1.0” library: it is still under active development, and the API is not yet stable or final. Some of the modules have edge cases which may cause you to get permanently locked out of your authenticator.

This library is not FIDO certified, and currently lacks a thorough security review.

§FIDO / CTAP version support

This library currently only supports CTAP 2.0, 2.1 or 2.1-PRE.

Authenticators which only support CTAP 1.x (U2F) are unsupported. This generally only is an issue for older tokens.

The authors of this library recommend using FIDO2 certified hardware authenticators with at least Autenticator Certification Level 2. Be cautious when buying, as there are many products on the market which falsely claim certification, have implementation errors, only support U2F, or use off-the-shelf microcontrollers which do not protect key material (Level 1).

§Features

Note: these links may be broken unless you build the documentation with the appropriate --features flag listed inline.

§Transports and backends

§Miscellaneous features

  • ctap2: CTAP 2.0, 2.1 and 2.1-PRE implementation 1.

    Automatically enabled by the bluetooth, cable, ctap2-management, nfc, softtoken and usb features.

    • ctap2-management: Adds support for configuring and managing CTAP 2.x hardware authenticators to the CTAP 2.x implementation.
  • crypto: Enables OpenSSL support 1. This allows the library to avoid a hard dependency on OpenSSL on Windows, if only the win10 backend is enabled.

    Automatically enabled by the ctap2, softpasskey and softtoken features.

  • qrcode: QR code display for the Cli UI, recommended for use if the cable and ui-cli features are both enabled

  • ui-cli: Cli UI


  1. Feature requires OpenSSL. 

Modules§

Macros§

Structs§

Traits§

Functions§

Type Aliases§