FIDO2 - Where do Android and IOS platform authenticators store private key credentials?

Information Security Asked by Danh Thanh Nguyen on November 21, 2021

I’m new to FIDO2 specification.

I’m aware that Android and IOS devices support FIDO2 protocols (even Android phones could act as a physical key for FIDO2 authentication).

However, Could anyone let me know that, when we use the platform authenticators such as Android fingerprint, where are the credentials (private keys) stored?

Thanks.

android fido fido2 ios

FIDO2 - Where do Android and IOS platform authenticators store private key credentials?

Add your own answers!

Related Questions

Sign-in with Apple user verification

Regularly receiving suspicious certificate errors online

Is it a bad practice to store my user’s ObjectId in a JWT in the sub claim?

Whom should I report spam emails to?

Is it possible to brute-force the original message of SHA-256 given the size of original string?

How to secure my PHP url endpoints

Is there any alternative to nmap for UDP?

How to validate client side safety in a Zero Knowlegde model

How to validate the integrity of a back end?

Is it safe to store session state of different apps in single Redis cluster?

Full disk encryption and remote unlocking a mail server in the hand of a possible attacker, what could go wrong?

Using GPG as password manager

Is it safe to embed a google form on a website without an SSL Certificate?

Arp poisoning doesn’t work with HTTPS navigation

What allows meterpreter to migrate processes and how to defend against it?

PHP Blind XXE Exploitation: Invalid URI in Entity

Can a website keylog you outside a virtual machine

Why is the use of TAB (%09) characters in the middle a ‘javascript:’ URL valid?

Is revealing the phone number during OTP verification process considered a vulnerability?

What questions are useful to scope a mobile app pen test?

Ask a Question