[Remote CryptoKeys] Relationship to WebAuthn PRF extension?

[estark37]

Is there any relationship between the Remote CryptoKeys proposal and the WebAuthn PRF extension? At first glance, my impression is that the WebAuthn PRF extension could be used for some of the same use cases as Remote CryptoKeys, but:

• One would need to define some way to make the PRF extension output opaque to JS, but still usable with Web Crypto
• There might be Remote CryptoKeys use cases in which the key is not and cannot be stored on a WebAuth authenticator (e.g. non-FIDO2 smart cards)...?

[timcappalli]

One growing challenge with using PRF with passkeys is the blast radius for deleting a passkey, which is really only intended for use for sign in, expands significantly if it also means a user can no longer access/recover E2EE data. This is something we've been discussing in the WebAuthn WG. UX treatment by passkey providers / authenticators could help (e.g. an additional confirmation prompt on delete), but consistency will be a challenge.

RE: JS, and CryptoKey integration, these issues may be helpful:

• Proposal/discussion: non-extractable CryptoKey output from the prf extension w3c/webauthn#1895
• Add importCryptoKey input to PRF extension w3c/webauthn#1945

[jonchoukroun]

@timcappalli is correct, our proposal intends to support long-lived keys. As for the storage mechanism, our thinking has been that the API should be agnostic on where the key material actually lives - provided it meets the non-exctractable and device-syncing requirements. So if a user wanted to store their private key on a smart card, maybe that's something the API can support?

[jht5945]

WebAuthn PRF only support HMAC keys, usually it is a symmetric encrypt key, Remote CryptoKeys not only support symmetric keys, it will also support PKI(RSA/ECC) for singing and encryption, the real keys may only store in external devices, like TPM or Security Keys (e.g. PIV card or other devices via PKCS#11).