🔐 FIDO2 Authentication System

A FIDO2 passwordless authentication system using YubiKey, featuring a Flask backend and a C# Windows client.

---

📖 Introduction

This project implements FIDO2 (Fast Identity Online 2.0) authentication using YubiKey, ensuring secure and passwordless login.
It supports both Registration and Authentication, using public-key cryptography for user verification.

🛠️ Tech Stack

• Backend: Flask + Python (cryptography, cbor2)
• Frontend: C# (Yubico.YubiKey.Fido2)
• Data Storage: JSON files (scalable to SQL database)

---

🚀 Installation & Setup

1️⃣ Backend Setup

(Requires Python 3.8+)

cd backend
pip install -r requirements.txt

Start the Flask server:

python server.py

The backend will listen on http://127.0.0.1:5000/.

---

2️⃣ Frontend Setup

(Requires .NET Framework 4.8+)

Run Program.cs to register or log in using YubiKey.

---

🔑 How It Works

1️⃣ Registration

• Insert YubiKey, then launch the frontend application.
• Select "Register", and the server will return a Challenge.
• YubiKey generates a key pair and sends the public key & credential ID to the server.
• If successful, the credential ID is stored on the server.

2️⃣ Authentication

• Select "Login", and the server returns Challenge & Credential ID.
• YubiKey signs the challenge using the private key and sends the signed data to the server.
• The server verifies the signature, and if valid, authentication succeeds.

---

📖 FIDO2 Overview

• FIDO2 consists of WebAuthn (Client API) and CTAP2 (Authenticator Protocol).
• Supports hardware keys (YubiKey, Windows Hello, biometrics, etc.).
• Passwordless authentication using public-key cryptography, preventing phishing attacks.

---

📖 Documentation

For a detailed explanation of the FIDO2 authentication process, please refer to: 📄 FIDO2 Architecture and Data Explanation