FIDO security keys can be used effectively to secure access to websites and applications, rendering phishing attacks harmless with hardware-protected cryptographic keys while keeping a low-friction user experience.
Security keys can however also be used for different use cases, that don't necessarily involve a browser.
In this presentation we will briefly explain what FIDO Security Keys are and how they work.
We will then show how security keys can be used as an alternative to more traditional hardware security solutions like smartcards.
In particular we will explain how tools like OpenSSH can be used to not only authenticate users when accessing servers, but also to sign files or other data, such as git commits.
We will explain how attestation works and how you can prove that a signature was made using a security key, and how to reliably determine the type of security key used.
We will show what FIDO extensions can be used, for instance to store small data files such as certificates on a security key, or to derive symmetric keys that can be used to encrypt data.
Finally, we'd like to collect feedback from participants in identifying other use cases that could benefit from security keys as a low cost and versatile way to secure applications.