1Authen::U2F(3)        User Contributed Perl Documentation       Authen::U2F(3)
2
3
4

NAME

6       Authen-U2F - FIDO U2F library
7

SYNOPSIS

9           use Authen::U2F qw(
10             u2f_challenge
11             u2f_registration_verify
12             u2f_signature_verify);
13
14           # Create a challenge to send to the U2F host
15           my $challenge = u2f_challenge;
16
17           # Process a registration response from the U2F host
18           my ($key_handle, $key) = u2f_registration_verify(
19             challenge         => $challenge,
20             app_id            => $app_id,
21             origin            => $origin,
22             registration_data => $registration_data,
23             client_data       => $client_data,
24           );
25
26           # Process a signing (authentication) response from the U2F host
27           u2f_signature_verify(
28             challenge      => $challenge,
29             app_id         => $app_id,
30             origin         => $origin,
31             key_handle     => $key_handle,
32             key            => $key,
33             signature_data => $signature_data,
34             client_data    => $client_data,
35           );
36
37           # Or, if you don't like to clutter up your namespace
38           my $challenge = Authen::U2F->challenge;
39           my ($key_handle, $key) = Authen::U2F->registration_verify(...);
40           Authen::U2F->signature_verify(...);
41

DESCRIPTION

43       This module provides the tools you need to add support for U2F in your
44       application.
45
46       It's expected that you know the basics of U2F. More information about
47       this can be found at Yubico
48       <https://www.yubico.com/about/background/fido/> and FIDO
49       <https://fidoalliance.org/specifications/overview/>.
50
51       This module does not handle the wire encoding of U2F challenges and
52       response, as these are different depending on the U2F host you're using
53       and the style of your application. In the "examples" dir there are
54       scripts that implement the 1.0 wire format, used by Yubico's
55       libu2f-host <https://developers.yubico.com/libu2f-host/>, and a Plack
56       application that works with Google's JavaScript module
57       <https://github.com/google/u2f-ref-code/blob/master/u2f-gae-
58       demo/war/js/u2f-api.js>.
59
60       Sadly, the documentation around U2F is rather more confusing than it
61       should be, and this short description is probably not making things
62       better. Please improve this or write something about U2F so we can
63       improve application security everywhere.
64

FUNCTIONS

66       There are three functions: One for generating challenges for the host
67       to sign, and one for processing the responses from the two types of
68       signing requests U2F supports.
69
70       There's straight function interface and a class method interface. Both
71       do exactly the same thing; which you use depends onhow much verbosity
72       you like vs how much namespace clutter you like. Only the functional
73       interface is mentioned in this section; see the SYNOPSIS for the
74       details.
75
76   u2f_challenge
77           my $challenge = u2f_challenge;
78
79       Creates a challenge. A challenge is 256 cryptographically-secure random
80       bits.
81
82   u2f_registration_verify
83       Verify a registration response from the host against the challenge. If
84       the verification is successful, returns the key handle and public key
85       of the device that signed the challenge. If it fails, this function
86       croaks with an error.
87
88       Takes the following options, all required:
89
90       challenge
91           The challenge originally given to the host.
92
93       app_id
94           The application ID.
95
96       origin
97           The browser location origin. This is typically the same as the
98           application ID.
99
100       registration_data
101           The registration data blob from the host.
102
103       client_data
104           The client data blob from the host.
105
106   u2f_signature_verify
107       Verify a signature (authentication) response from the host against the
108       challenge. If the verification is successful, the user has presented a
109       valid device and is now authenticated. If the verification fails, this
110       function croaks with an error.
111
112       Takes the following options, all required.
113
114       challenge
115           The challenge originally given to the host.
116
117       app_id
118           The application ID.
119
120       origin
121           The browser location origin. This is typically the same as the
122           application ID.
123
124       key_handle
125           The handle of the key that was used to sign the challenge.
126
127       key The stored public key associated with the handle.
128
129       signature_data
130           The signature data blob from the host.
131
132       client_data
133           The client data blob from the host.
134

SUPPORT

136   Bugs / Feature Requests
137       Please report any bugs or feature requests through the issue tracker at
138       <https://github.com/robn/Authen-U2F/issues>.  You will be notified
139       automatically of any progress on your issue.
140
141   Source Code
142       This is open source software. The code repository is available for
143       public review and contribution under the terms of the license.
144
145       <https://github.com/robn/Authen-U2F>
146
147         git clone https://github.com/robn/Authen-U2F.git
148

AUTHORS

150       •   Robert Norris <rob@eatenbyagrue.org>
151

153       This software is copyright (c) 2016 by Robert Norris.
154
155       This is free software; you can redistribute it and/or modify it under
156       the same terms as the Perl 5 programming language system itself.
157
158
159
160perl v5.36.1                      2023-10-24                    Authen::U2F(3)
Impressum