1*60a517b6SEd Maste.\" Copyright (c) 2018-2023 Yubico AB. All rights reserved. 22ccfa855SEd Maste.\" 32ccfa855SEd Maste.\" Redistribution and use in source and binary forms, with or without 42ccfa855SEd Maste.\" modification, are permitted provided that the following conditions are 52ccfa855SEd Maste.\" met: 62ccfa855SEd Maste.\" 72ccfa855SEd Maste.\" 1. Redistributions of source code must retain the above copyright 82ccfa855SEd Maste.\" notice, this list of conditions and the following disclaimer. 92ccfa855SEd Maste.\" 2. Redistributions in binary form must reproduce the above copyright 102ccfa855SEd Maste.\" notice, this list of conditions and the following disclaimer in 112ccfa855SEd Maste.\" the documentation and/or other materials provided with the 122ccfa855SEd Maste.\" distribution. 132ccfa855SEd Maste.\" 142ccfa855SEd Maste.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 152ccfa855SEd Maste.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 162ccfa855SEd Maste.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 172ccfa855SEd Maste.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 182ccfa855SEd Maste.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 192ccfa855SEd Maste.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 202ccfa855SEd Maste.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 212ccfa855SEd Maste.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 222ccfa855SEd Maste.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 232ccfa855SEd Maste.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 242ccfa855SEd Maste.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 252ccfa855SEd Maste.\" 262ccfa855SEd Maste.\" SPDX-License-Identifier: BSD-2-Clause 270afa8e06SEd Maste.\" 28*60a517b6SEd Maste.Dd $Mdocdate: July 3 2023 $ 290afa8e06SEd Maste.Dt FIDO2-ASSERT 1 300afa8e06SEd Maste.Os 310afa8e06SEd Maste.Sh NAME 320afa8e06SEd Maste.Nm fido2-assert 330afa8e06SEd Maste.Nd get/verify a FIDO2 assertion 340afa8e06SEd Maste.Sh SYNOPSIS 350afa8e06SEd Maste.Nm 360afa8e06SEd Maste.Fl G 37*60a517b6SEd Maste.Op Fl bdhpruvw 380afa8e06SEd Maste.Op Fl t Ar option 390afa8e06SEd Maste.Op Fl i Ar input_file 400afa8e06SEd Maste.Op Fl o Ar output_file 410afa8e06SEd Maste.Ar device 420afa8e06SEd Maste.Nm 430afa8e06SEd Maste.Fl V 440afa8e06SEd Maste.Op Fl dhpv 450afa8e06SEd Maste.Op Fl i Ar input_file 460afa8e06SEd Maste.Ar key_file 470afa8e06SEd Maste.Op Ar type 480afa8e06SEd Maste.Sh DESCRIPTION 490afa8e06SEd Maste.Nm 500afa8e06SEd Mastegets or verifies a FIDO2 assertion. 510afa8e06SEd Maste.Pp 520afa8e06SEd MasteThe input of 530afa8e06SEd Maste.Nm 540afa8e06SEd Masteis defined by the parameters of the assertion to be obtained/verified. 550afa8e06SEd MasteSee the 560afa8e06SEd Maste.Sx INPUT FORMAT 570afa8e06SEd Mastesection for details. 580afa8e06SEd Maste.Pp 590afa8e06SEd MasteThe output of 600afa8e06SEd Maste.Nm 610afa8e06SEd Masteis defined by the result of the selected operation. 620afa8e06SEd MasteSee the 630afa8e06SEd Maste.Sx OUTPUT FORMAT 640afa8e06SEd Mastesection for details. 650afa8e06SEd Maste.Pp 660afa8e06SEd MasteIf an assertion is successfully obtained or verified, 670afa8e06SEd Maste.Nm 680afa8e06SEd Masteexits 0. 690afa8e06SEd MasteOtherwise, 700afa8e06SEd Maste.Nm 710afa8e06SEd Masteexits 1. 720afa8e06SEd Maste.Pp 730afa8e06SEd MasteThe options are as follows: 740afa8e06SEd Maste.Bl -tag -width Ds 750afa8e06SEd Maste.It Fl G 760afa8e06SEd MasteTells 770afa8e06SEd Maste.Nm 780afa8e06SEd Masteto obtain a new assertion from 790afa8e06SEd Maste.Ar device . 800afa8e06SEd Maste.It Fl V 810afa8e06SEd MasteTells 820afa8e06SEd Maste.Nm 830afa8e06SEd Masteto verify an assertion using the PEM-encoded public key in 840afa8e06SEd Maste.Ar key_file 850afa8e06SEd Masteof type 860afa8e06SEd Maste.Ar type , 870afa8e06SEd Mastewhere 880afa8e06SEd Maste.Ar type 890afa8e06SEd Mastemay be 900afa8e06SEd Maste.Em es256 910afa8e06SEd Maste(denoting ECDSA over NIST P-256 with SHA-256), 920afa8e06SEd Maste.Em rs256 930afa8e06SEd Maste(denoting 2048-bit RSA with PKCS#1.5 padding and SHA-256), or 940afa8e06SEd Maste.Em eddsa 950afa8e06SEd Maste(denoting EDDSA over Curve25519 with SHA-512). 960afa8e06SEd MasteIf 970afa8e06SEd Maste.Ar type 980afa8e06SEd Masteis not specified, 990afa8e06SEd Maste.Em es256 1000afa8e06SEd Masteis assumed. 1010afa8e06SEd Maste.It Fl b 1020afa8e06SEd MasteRequest the credential's 1030afa8e06SEd Maste.Dq largeBlobKey , 1040afa8e06SEd Mastea 32-byte symmetric key associated with the asserted credential. 1050afa8e06SEd Maste.It Fl h 1060afa8e06SEd MasteIf obtaining an assertion, enable the FIDO2 hmac-secret 1070afa8e06SEd Masteextension. 1080afa8e06SEd MasteIf verifying an assertion, check whether the extension data bit was 1090afa8e06SEd Mastesigned by the authenticator. 1100afa8e06SEd Maste.It Fl d 1110afa8e06SEd MasteCauses 1120afa8e06SEd Maste.Nm 1130afa8e06SEd Masteto emit debugging output on 1140afa8e06SEd Maste.Em stderr . 1150afa8e06SEd Maste.It Fl i Ar input_file 1160afa8e06SEd MasteTells 1170afa8e06SEd Maste.Nm 1180afa8e06SEd Masteto read the parameters of the assertion from 1190afa8e06SEd Maste.Ar input_file 1200afa8e06SEd Masteinstead of 1210afa8e06SEd Maste.Em stdin . 1220afa8e06SEd Maste.It Fl o Ar output_file 1230afa8e06SEd MasteTells 1240afa8e06SEd Maste.Nm 1250afa8e06SEd Masteto write output on 1260afa8e06SEd Maste.Ar output_file 1270afa8e06SEd Masteinstead of 1280afa8e06SEd Maste.Em stdout . 1290afa8e06SEd Maste.It Fl p 1300afa8e06SEd MasteIf obtaining an assertion, request user presence. 1310afa8e06SEd MasteIf verifying an assertion, check whether the user presence bit was 1320afa8e06SEd Mastesigned by the authenticator. 1330afa8e06SEd Maste.It Fl r 1340afa8e06SEd MasteObtain an assertion using a resident credential. 1350afa8e06SEd MasteIf 1360afa8e06SEd Maste.Fl r 1370afa8e06SEd Masteis specified, 1380afa8e06SEd Maste.Nm 1390afa8e06SEd Mastewill not expect a credential id in its input, and may output 1400afa8e06SEd Mastemultiple assertions. 1410afa8e06SEd MasteResident credentials are called 1420afa8e06SEd Maste.Dq discoverable credentials 1433e696dfbSEd Mastein CTAP 2.1. 1440afa8e06SEd Maste.It Fl t Ar option 1450afa8e06SEd MasteToggles a key/value 1460afa8e06SEd Maste.Ar option , 1470afa8e06SEd Mastewhere 1480afa8e06SEd Maste.Ar option 1490afa8e06SEd Masteis a string of the form 1500afa8e06SEd Maste.Dq key=value . 1510afa8e06SEd MasteThe options supported at present are: 1520afa8e06SEd Maste.Bl -tag -width Ds 1530afa8e06SEd Maste.It Cm up Ns = Ns Ar true|false 1540afa8e06SEd MasteAsks the authenticator for user presence to be enabled or disabled. 1550afa8e06SEd Maste.It Cm uv Ns = Ns Ar true|false 1560afa8e06SEd MasteAsks the authenticator for user verification to be enabled or 1570afa8e06SEd Mastedisabled. 1580afa8e06SEd Maste.It Cm pin Ns = Ns Ar true|false 1590afa8e06SEd MasteTells 1600afa8e06SEd Maste.Nm 1610afa8e06SEd Mastewhether to prompt for a PIN and request user verification. 1620afa8e06SEd Maste.El 1630afa8e06SEd Maste.Pp 1640afa8e06SEd MasteThe 1650afa8e06SEd Maste.Fl t 1660afa8e06SEd Masteoption may be specified multiple times. 1670afa8e06SEd Maste.It Fl u 1680afa8e06SEd MasteObtain an assertion using U2F. 1690afa8e06SEd MasteBy default, 1700afa8e06SEd Maste.Nm 1710afa8e06SEd Mastewill use FIDO2 if supported by the authenticator, and fallback to 1720afa8e06SEd MasteU2F otherwise. 1730afa8e06SEd Maste.It Fl v 1740afa8e06SEd MasteIf obtaining an assertion, prompt the user for a PIN and request 1750afa8e06SEd Masteuser verification from the authenticator. 1760afa8e06SEd MasteIf verifying an assertion, check whether the user verification bit 1770afa8e06SEd Mastewas signed by the authenticator. 178*60a517b6SEd Maste.It Fl w 179*60a517b6SEd MasteTells 180*60a517b6SEd Maste.Nm 181*60a517b6SEd Mastethat the first line of input when obtaining an assertion shall be 182*60a517b6SEd Masteinterpreted as unhashed client data. 183*60a517b6SEd MasteThis is required by Windows Hello, which calculates the client data hash 184*60a517b6SEd Masteinternally. 1850afa8e06SEd Maste.El 1860afa8e06SEd Maste.Pp 1870afa8e06SEd MasteIf a 1880afa8e06SEd Maste.Em tty 1890afa8e06SEd Masteis available, 1900afa8e06SEd Maste.Nm 1910afa8e06SEd Mastewill use it to obtain the PIN. 1920afa8e06SEd MasteOtherwise, 1930afa8e06SEd Maste.Em stdin 1940afa8e06SEd Masteis used. 1950afa8e06SEd Maste.Sh INPUT FORMAT 1960afa8e06SEd MasteThe input of 1970afa8e06SEd Maste.Nm 1980afa8e06SEd Masteconsists of base64 blobs and UTF-8 strings separated 1990afa8e06SEd Masteby newline characters ('\\n'). 2000afa8e06SEd Maste.Pp 2010afa8e06SEd MasteWhen obtaining an assertion, 2020afa8e06SEd Maste.Nm 2030afa8e06SEd Masteexpects its input to consist of: 2040afa8e06SEd Maste.Pp 2050afa8e06SEd Maste.Bl -enum -offset indent -compact 2060afa8e06SEd Maste.It 2070afa8e06SEd Masteclient data hash (base64 blob); 2080afa8e06SEd Maste.It 2090afa8e06SEd Masterelying party id (UTF-8 string); 2100afa8e06SEd Maste.It 2110afa8e06SEd Mastecredential id, if credential not resident (base64 blob); 2120afa8e06SEd Maste.It 2130afa8e06SEd Mastehmac salt, if the FIDO2 hmac-secret extension is enabled 2140afa8e06SEd Maste(base64 blob); 2150afa8e06SEd Maste.El 2160afa8e06SEd Maste.Pp 2170afa8e06SEd MasteWhen verifying an assertion, 2180afa8e06SEd Maste.Nm 2190afa8e06SEd Masteexpects its input to consist of: 2200afa8e06SEd Maste.Pp 2210afa8e06SEd Maste.Bl -enum -offset indent -compact 2220afa8e06SEd Maste.It 2230afa8e06SEd Masteclient data hash (base64 blob); 2240afa8e06SEd Maste.It 2250afa8e06SEd Masterelying party id (UTF-8 string); 2260afa8e06SEd Maste.It 2270afa8e06SEd Masteauthenticator data (base64 blob); 2280afa8e06SEd Maste.It 2290afa8e06SEd Masteassertion signature (base64 blob); 2300afa8e06SEd Maste.El 2310afa8e06SEd Maste.Pp 2320afa8e06SEd MasteUTF-8 strings passed to 2330afa8e06SEd Maste.Nm 2340afa8e06SEd Mastemust not contain embedded newline or NUL characters. 2350afa8e06SEd Maste.Sh OUTPUT FORMAT 2360afa8e06SEd MasteThe output of 2370afa8e06SEd Maste.Nm 2380afa8e06SEd Masteconsists of base64 blobs and UTF-8 strings separated 2390afa8e06SEd Masteby newline characters ('\\n'). 2400afa8e06SEd Maste.Pp 2410afa8e06SEd MasteFor each generated assertion, 2420afa8e06SEd Maste.Nm 2430afa8e06SEd Masteoutputs: 2440afa8e06SEd Maste.Pp 2450afa8e06SEd Maste.Bl -enum -offset indent -compact 2460afa8e06SEd Maste.It 2470afa8e06SEd Masteclient data hash (base64 blob); 2480afa8e06SEd Maste.It 2490afa8e06SEd Masterelying party id (UTF-8 string); 2500afa8e06SEd Maste.It 2510afa8e06SEd Masteauthenticator data (base64 blob); 2520afa8e06SEd Maste.It 2530afa8e06SEd Masteassertion signature (base64 blob); 2540afa8e06SEd Maste.It 2550afa8e06SEd Masteuser id, if credential resident (base64 blob); 2560afa8e06SEd Maste.It 2570afa8e06SEd Mastehmac secret, if the FIDO2 hmac-secret extension is enabled 2580afa8e06SEd Maste(base64 blob); 2590afa8e06SEd Maste.It 2600afa8e06SEd Mastethe credential's associated 32-byte symmetric key 2610afa8e06SEd Maste.Pq Dq largeBlobKey , 2620afa8e06SEd Masteif requested (base64 blob). 2630afa8e06SEd Maste.El 2640afa8e06SEd Maste.Pp 2650afa8e06SEd MasteWhen verifying an assertion, 2660afa8e06SEd Maste.Nm 2670afa8e06SEd Masteproduces no output. 2680afa8e06SEd Maste.Sh EXAMPLES 2690afa8e06SEd MasteAssuming 2700afa8e06SEd Maste.Pa cred 2710afa8e06SEd Mastecontains a 2720afa8e06SEd Maste.Em es256 2730afa8e06SEd Mastecredential created according to the steps outlined in 2740afa8e06SEd Maste.Xr fido2-cred 1 , 2750afa8e06SEd Masteobtain an assertion from an authenticator at 2760afa8e06SEd Maste.Pa /dev/hidraw5 2770afa8e06SEd Masteand verify it: 2780afa8e06SEd Maste.Pp 2790afa8e06SEd Maste.Dl $ echo assertion challenge | openssl sha256 -binary | base64 > assert_param 2800afa8e06SEd Maste.Dl $ echo relying party >> assert_param 2810afa8e06SEd Maste.Dl $ head -1 cred >> assert_param 2820afa8e06SEd Maste.Dl $ tail -n +2 cred > pubkey 2830afa8e06SEd Maste.Dl $ fido2-assert -G -i assert_param /dev/hidraw5 | fido2-assert -V pubkey es256 2840afa8e06SEd Maste.Sh SEE ALSO 2850afa8e06SEd Maste.Xr fido2-cred 1 , 2860afa8e06SEd Maste.Xr fido2-token 1 287