Overview#

WebAuthn Authenticator is an Authenticator and a cryptographic entity used by a WebAuthn Client to:

• generate a Public Key credential and register it with a Relying Party
• authenticate by potentially verifying the user, and then cryptographically digitally signing and returning, in the form of an Authentication Assertion, and other Data

presented by a WebAuthn Relying Party in concert with the WebAuthn Client.

WebAuthn Authenticators may be one or the other:

• Platform Authenticator
• Roaming Authenticator

WebAuthn Authenticators may utilize:

• Biometric Identification

Credential IDs are generated by WebAuthn Authenticators in two forms:

• At least 16 bytes that include at least 100 bits of entropy, or
• The Public Key credential source, without its Credential ID, encrypted so only its managing authenticator can decrypt it. This form allows the WebAuthn Authenticator to be nearly stateless, by having the WebAuthn Relying Party store any necessary state.

human-palatable

More Information#

There might be more information for this subject on one of the following:

• U2F device