Fast Identity Online
As per the official FIDOAlliance.org.
FIDO Authentication enables password-only logins to be replaced with secure and fast login experiences across websites and apps.
FIDO uses digital signatures to solve password problems and also provided multiple ways to manage private keys. With the evolution of smartphones, a user/prover can use mobile phones as one of authenticators devices to store private keys and generate digital signatures.
The concept of Authenticators is introduced in the FIDO authentication standard.
Authenticator represents the user facing portion of the FIDO protocol. During registration and authentication both, the user has to interact with authenticator to confirm posession of the private key, stored in authenticator device.
These authenticators are responsible for protecting cryptographic key materials like private keys.
FIDO proposes various types of Authenticators like smartphones, USB, NFC, or special hardware chips like Trusted Platform Module (TPM), Secure Execution Environment (SSE) etc. Enterprises can use them depending on their need. Read more about Authenticator types in this whitepaper published by FIDO Alliance.

The answer to our "first" question

It looks like we have the answer to our first question - "How does a prover/user manage private keys?".
A user/prover can store private keys in authenticators devices / softwares securely and can obtain the private key when producing the digital signature.
What about the second question? - "How does a verifier get the public key of prover to verify the digital signature?". How does that work in FIDO?
Before we get to the answer, we need to understand how FIDO works at a very high level, read the next section to know that.
Last modified 18d ago
Copy link
Edit on GitHub