WebAuthn: support use of physical FIDO2 USB security keys

[meonkeys]

Current Status

End-to-end encryption is currently enabled by adding a password. This feature request suggests the addition of support for WebAuthn via physical FIDO2 USB security keys.

Nextcloud itself supports security keys.

Feature Description

Passwords would allow the use of a security key where a password is used.

Additional context

n/a

[marius-wieschollek]

I don't have a FIDO2 key, so a PR would be great.

[meonkeys]

@marius-wieschollek Want me to send you one? No obligation to write code, just as a thank you since I use and enjoy the Passwords app.

[jans23]

AFAIK WebAuthn doesn't provide a way for web applications to use FIDO device's encryption capabilities. This is why we develop WebCrypt which will be part of Nitrokey 3.

[meonkeys]

@jans23 surely there's some way Passwords could allow the user to decrypt their password database with, for example, a yubikey?

Would it be easier to allow log in via 2md factor (only)? Say, push notification to any connected Nextcloud app?

[jans23]

I don't know of any.

[bingen]

+1
Specially interested in support for Solo Keys. @marius-wieschollek I can buy you one too:
https://solokeys.com/collections/all

[marius-wieschollek]

I have looked a bit more into the WebAuthn standard, it has three options for authentication:

• Federated: logging in with a third party provider such as Google, Apple etc.
• PublicKey: Using a public key to verify the user e.g. trough Fido2 or Windows Hello
• Password: Store a password in the browser, ask for it back later.

What you all would want is the second option . webauthn.guide has a good summary on how that works:

This process makes it possible to verify that the user has the correct access credentials … without the server actually knowing the credentials. But that is a problem for using it for E2E: I need something to encrypt/decrypt the keychain. The public key authentication does not have a way to do this. It gives me a public key which i have to store and then can use to verify that you have the private key. There is no way to have something encrypted or store an encryption passphrase.
The best i could try is to abuse properties of the response like the signature or userId to decrypt the E2E data. But that is not how you should use WebAuthn because that is unsafe.
So i currently don't see a way to integrate WebAuthn Public Keys.

The last option is the WebAuthn password login. It's straightforward. I send the browser a request to store your encryption passphrase with the given username. Then, when you log in i can request the passphrase and the browser will either ask you if you want to log in or just hand it out. I can then use the passphrase in the normal encryption process.
There are no hardware keys or anything like this involved in this process. It's just communication with the browsers built-in password manager.

I have added that option to the nightly releases, you can test it out on next.passwordsapp.org by logging in with one of the E2E accounts and then enabling "Log in with WebAuthn" in the settings. Works with Chromium based browsers, not Firefox atm.

As far as i can see, that's the best i can do with WebAuthn right now.

[jans23]

I need something to encrypt/decrypt the keychain

There is an option: WebSmartcard is exactly for these type of situations where you want E2E encryption by FIDO2 devices within web browsers. As of now it is only supported by Nitrokey 3 devices. If you are eager to integrate this, we are happy to support you.

[marius-wieschollek]

There is an option: WebSmartcard is exactly for these type of situations where you want E2E encryption by FIDO2 devices within web browsers. As of now it is only supported by Nitrokey 3 devices. If you are eager to integrate this, we are happy to support you.

I will look out for that project. But i wouldn't implement it right now as

• Its not finished (apparently even the Nitrokey needs a test firmware)
• This one is only for the Nitrokey 3, there is something similar for Onlykey and relevant parts of the implementation are from Solokey. I would prefer one solution that works for all keys.
• They mention using OpenPGP.js. I'm not sure that is a requirement, but i would be happy if i didn't have to add another encryption library. (Because those are quite big in file size)
• It seems like they're kind of abusing the WebAuthn credentialId and the signature in the response to communicate with the key. I mean … if it works i guess? But it can cause ui popups and you may have to touch the key several times. So the user experience is not that great.
• This isn't a standard, apparently it doesn't work with Win 10 (see warning in their demo) and it could break anytime.
• Documentation is very bad

[jans23]

I'm speaking for Nitrokey's WebSmartcard project:

• The first point is a chicken-egg problem. We want at least one application using it in production before releasing WebSmartcard as production-ready firmware.
• OpenPGP.js is absolutely optional. Instead it was chosen as a first integration to prove that WebSmartcard works.
• Yes, there are UI popups but these don't need to be confirmed; no additional touches required.
• Documentation will be improved along the way.