this post was submitted on 02 Nov 2023
108 points (99.1% liked)

Technology

59118 readers
3534 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s
[email protected]
[email protected]
L4s
enu
108
Support for PassKey Integration (Web Authentication API) in KeePassXC implemented (github.com)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/technology
21 comments fedilink hide all child comments
 

Passkey support arrived in KeePassXC https://github.com/keepassxreboot/keepassxc/issues/1870

Just last week so it's not in any distributions yet, but a binary can be found here: https://snapshot.keepassxc.org/build-235575/

I haven't tried it yet because I haven't been using passkeys because it wasn't implemented in KeePassXC but now that it is I will try on some page which implements it. Just need to figure out who implements it. I think none of the Fediverse services does yet.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago (8 children)

how does the server encrypt the message it sends without the secret? Or is that stored during sign up?

[–] [email protected] 6 points 1 year ago (7 children)

When you sign up, your device creates a public private key pair. It keeps the private key locally and sends the public key to the server. So instead of a username, you are nothing but a string of random characters representing your public key. You can see an example of this, if you go into the Linux terminal and type "ssh-keygen"

[–] [email protected] 1 points 1 year ago (2 children)

Underrated explanation, you held it finally click for me. I consider myself a fairly educated person but just couldn't wrap my head around what made it so special. Correct me if i'm wrong but my understanding is the server uses the public key to encrypt a challenge code that can only be decrypted by your private key. You get an on device prompt to approve the process and the rest is done under the hood.

To go further on this, is the public/private key a mathematical relationship? What ties the two together to make them useful as a pair?

[–] [email protected] 2 points 1 year ago

Also no expert about the math behind it but this is how I learned asymmetric encryption with public and private key on a very high level of abstraction:

To encrypt a message you basically take the unencrypted message to the power of the private key (lets call that d) and divide it by the result of a multiplication of two large prime numbers (lets call that N). Now you take the rest of that division, so basically modulo if you are familiar with that.

To decrypt, you take the encrypted message to the power of the public key (e) and divide it by N. The rest of that operation is again the unencrypted message.

So the private and public key are the pairs (d, N) and (e, N) respectively. The great thing about this is that you can post the public key publicly without care and only you, in possession of the private key, can decrypt messages encrypted with your public key. So its easy to verify if you got the key but hard to brute force due to modulo being a one way function. However, this basic RSA approach as described here is not used on its own anymore but rather in combination with other techniques to prevent guessing on very short messages or keys.

load more comments (1 replies)
load more comments (5 replies)
load more comments (5 replies)