Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use passkeys PRF extension as improvement/alternative #4

Open
yackermann opened this issue Dec 20, 2024 · 2 comments
Open

Use passkeys PRF extension as improvement/alternative #4

yackermann opened this issue Dec 20, 2024 · 2 comments

Comments

@yackermann
Copy link

yackermann commented Dec 20, 2024
edited
Loading

Passkeys now support PRF extension which means that if the app is has passkey registered with it (with the user app identity, and not web), then you can use PRF extension by passing Phone+Pin and retrieve a seed for KDF, which then can be used to create encrypted payload, and stored in opaque location, or even offline/backup services.

The passkeys themselves provide pre-authorization, and rate limiting.

We just released a whole whitepaper on it

https://www.daryascam.info/White-Paper-Killing-messenger-phishing-with-passkeys-blackjack-and-hybrid-141cf1aba98e80ea9bcfee7353a22623#15acf1aba98e80c69248c53c89f5d58d
@yackermann
Copy link
Author

Step-by-Step Guide for Backup Process

  1. Enable Backup in Mobile App
    • Enter backup PIN or Password.
  2. Obtain Challenge from Backup Bucket
    • The mobile app communicates with the Messenger Backup Bucket to request a challenge, a random string used to perform challenge response check, and protect against replay attack.
  3. Compute Salt in Mobile App
    • Compute recoverySalt using the formula:HMAC(HASH(Normalized phone number), HASH(PIN or Password)).
  4. Generate Passkey Assertion
    • The mobile app generates a passkey assertion with the PRF (Pseudorandom Function) extension, and prf.salt1 set to recoverySalt
  5. User Consent
    • Prompt: The user provides consent to proceed.
  6. Extract PRF Secret and Derive Keys
    • Extract the PRF secret.
    • Derive three 32-byte keys: idk (Identity Key), mack (Message Authentication Code Key), enck (Encryption Key)
  7. Serialize App Data
    • Serialise the app identity, including app private key, messages, and optionally files, etc
  8. Encrypt and Secure Data
    • Encrypt-then-MAC using enck and mack.
    • Derive the recovery index using the formula:HMAC(idk, HASH(credId)).
  9. Sign Encrypted Payload
    • Sign the encrypted payload, and x962 passkey public key with app private key
  10. Send Payload to Messenger Backup Bucket
    • The mobile app sends asserti the signed payload to the Messenger Backup Bucket.
  11. Validate App and Passkey
    • Validate that the app's public key exists in the Messenger Broker.
    • Validate the AppKey signature.
    • Validate the passkey signature against signed payload.
    • (Optional) Validate device app attestation, to prevent enumeration, and malicious app access.
  12. Save Encrypted Blob
    • The Messenger Backup Bucket saves the encrypted blob.
  13. Confirm Backup Success
    • The Messenger Backup Bucket sends an "OK" confirmation back to the mobile app.
Screenshot 2024-12-20 at 8 50 58 PM

@yackermann
Copy link
Author

And for recovery

Step-by-Step Guide: Recovering Messenger Account with Passkey and PRF

  1. Enter Phone Number and PIN/Password
    • The user enters their phone number and PIN or password into the mobile app.
  2. Obtain Challenge
    • The mobile app communicates with the Messenger Backup Bucket to obtain a recovery challenge.
  3. Compute Salt in Mobile App
    • Compute recoverySalt using the formula:HMAC(HASH(Normalized phone number), HASH(PIN or Password)).
  4. Generate Passkey Assertion
    • The mobile app generates a passkey assertion with the PRF (Pseudorandom Function) extension, and prf.salt1 set to recoverySalt
  5. User Consent
    • The user provides consent to proceed with the recovery process.
  6. Extract PRF Secret and Derive Keys
    • Extract the PRF secret.
    • Derive three 32-byte keys: idk (Identity Key), mack (Message Authentication Code Key), enck (Encryption Key)
  7. Derive Recovery Index
    • The mobile app derives the recovery index (rid) using the formula:HMAC(idk, HASH(credId)).
  8. Send Recovery Request
    • The mobile app sends the signed payload to the Messenger Backup Bucket at the endpoint /blob/${rid}.
  9. Validate Request
    • The Messenger Backup Bucket checks if a blob exists for the provided recovery index.
    • It the validates the passkey signature.
    • If either fails a generic error must be returned to prevent blob enumeration
    • (Optional) Validate device app attestation, to prevent enumeration, and malicious app access.
  10. Retrieve Backup Blob
    • If validation succeeds, the Messenger Backup Bucket returns the encrypted blob to the mobile app.
  11. Decrypt Backup Blob
    • The mobile app authenticates and decrypts the blob using:
      • mack for message authentication.
      • enck for decryption.
  12. Recovery Success
    • The mobile app informs the user that account recovery was successful.

Screenshot 2024-12-20 at 8 53 03 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@yackermann