soft-u2f

Three-part Javascript implementation of a software-based U2F device. Includes a convenient abstraction
for the browser which provides a SubtleCrypto-based device or a shim if the browser doesn't support the
latest crypto. Additionally, a Node.js-compatible version is attached, which uses Node's own crypto.

Building

To build, simply call npm start. All files will be output by default to the dist directory, but you can
modify build settings by tinkering with the webpack configuration, webpack.config.js, and the typescript
compiler configuration, tsconfig.json (not recommended).

Testing

Before you run tests for the browser implementation you must start up the local test server:
``
node ./test-server/server.js
`

$3

In another terminal, call npm test and open the IP listed by Karma in the browser you wish to test.

$3

To test the Node implementation, simply open another terminal and call mocha.

Usage

$3

#### HTML
`



`

#### Javascript
`
// 1. Create virtual U2F device
var device = createSoftU2FDevice();

// 2. Get a registration challenge from the server
var regReq = getRegistrationRequestFromServer();

// 3. Register the device to the account you just got a challenge from
var regRes = device.register(regReq.appID, regReq.challenge, yourServerDomain, regReq.userID);
var keyID = regRes.keyID; // you can use this to export the keypair you just generated
sendRegistrationResponseToServer(regRes.response);

// 4. Now the user needs to save their U2F credential
var extKeyPair = device.export(keyID, aUint8ArrayPasswordWhichWillBeDisposedOf);
saveEncryptedKeyPairToJSONFile(extKeyPair);

// 4. Alternatively, or as an additional measure, have the user write down the raw private in case something happens to the key file
var extPrivate = device.exportRaw(keyID);
window.alert('Write this on a sticky: ' + extPrivate);
``