StrongKey PKI2FIDO is a web application written in Angular and Java using REST web service calls for client-server communication.
The application enables users that have X.509 digital certificates (optionally, on smart cards—such as the PIV card or CAC) to strongly authenticate to PKI2FIDO using TLS ClientAuth and then register a FIDO Security key with a FIDO Server (such as StrongKey FIDO Server at https://sourceforge.net/projects/strongkeyfido/).
The TLS ClientAuth strong authentication process validates the digital certificate's chain (if any) and uses CRLs to verify the certificate's revocation status (OCSP checking will come in the next release).
Once the certificate chain is validated, it checks an LDAP server to determine if the user is authorized to register a FIDO Security key with the site.
Since PKI2FIDO is a sample application, a De-register button is enabled to delete FIDO keys; This enables the user to keep testing with the same username.
Features
- Angular web application
- JEE back end
- Requires X.509 digital certificates for TLS ClientAuth
- Requires StrongKey CryptoEngine (SourceForge project) for FIDO Registration
- Requires FIDO U2F Authenticator (Token)
- Uses StrongKey CryptoCabinet (SourceForge project) for FIDO Authentication
- End-Entity certificates may be on smart cards
- Verifies End-Entity certificates using CRLs and AIA