A Chrome Extension that emulates a Hardware Authentication Device
Chrome Key emulates a Hardware Authentication Device. It is capable of answering Webauthn requests for both registering new keys and authenticating with existing ones. The purpose is to allow developers to test their applications without requiring having an actual device in hand. It relies on browser standards such as Web Cryptography API and Concise Binary Object Representation for generation and interaction with key material. This will never be able to provide the same security guarantees as a real HAD, so use it for development, debugging and testing only. A 3-post blog series was written, touching different portions of this extension, its guarantees and lack of. The first post of the series may be found here https://blog.joaopeixoto.net/chrome-key-an-extension-story/.