Encrypting Files with Passkeys and Age
10 months ago
- #encryption
- #WebAuthn
- #passkeys
- Typage is a TypeScript implementation of the age file encryption format, supporting Node.js, Deno, Bun, and browsers.
- Passkeys are synced, discoverable WebAuthn credentials, offering phishing-resistant authentication.
- WebAuthn PRF extension allows symmetric encryption by treating PRF output as a key, requiring user verification.
- Typage 0.2.3 introduces passkey support for file encryption, requiring less than 300 lines of code.
- Passkeys can be stored in platform authenticators, password managers, or hardware FIDO2 tokens like YubiKeys.
- The fido2prf age format encrypts file keys using PRF outputs, ensuring per-file hardware binding and unlinkability.
- Typage allows encryption and decryption using passkeys with simple API calls to WebAuthnRecipient and WebAuthnIdentity.
- Security keys can be used with Typage via the age-plugin-fido2prf CLI plugin, enabling hardware token support.
- The identity string encodes credential details for use in security key flows, enhancing encryption security.