Can one use a gpg smartcard to implement FIDO2?
From what I understand, the idea of FIDO2 is to use symmetric cryptography, with secret key on the token, and public key on the server. When requesting to connect, the server uses the public key to generate a challenge that can only be solved with the private key, i.e., if the user can solve the challenge, he has the token containing the private key, and is granted access.
- is that an accurate description of the protocol?
Then, I am curious of:
- why would not all tokens containing gpg smartcards and a microcontroller for interfacing be implementing FIDO2?
To take an example, why would there be a Nitrokey Pro with a smartcard and microcontroller that cannot perform FIDO2, vs. a Nitrokey FIDO2 for the sole purpose of doing FIDO2, and without smartcard? (see https://www.nitrokey.com/#comparison ) The Nitrokey Pro has both smartcard and microcontroller, so I guess it could emulate whatever FIDO2 protocol, and do the crypto on the smartcard? Am I missing something, or is it possible to do but just 'doable in theory but not implemented currently'?
