Protect server-side key with client token



  • I'd like to encrypt some data on the server using a user-managed secret. I could just ask for a password and derive a key from that, but ideally I'd like to offer users the option of using a yubikey to safeguard the data. This way it would be more resistant to a DB leak scenario and potentially avoid replay attacks.

    If I could fully specify the protocol, I'd have a symmetric key encrypted by a client private key, and would ask the client to decrypt the key in order to operate on the data.

    Is there a way to leverage webauthn for this?



  • Is there a way to leverage webauthn for this?

    No. WebAuthn is only about authentication, not encryption.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2