this post was submitted on 24 Sep 2023
78 points (94.3% liked)

Programming

17366 readers
165 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] valpackett@lemmy.blahaj.zone 4 points 1 year ago (1 children)

Note that you pretty much can't store them with Google or Apple; smartphone biometric sensors operate the on-device HSM, not something remote.

[–] takeda@lemmy.world 1 points 1 year ago (1 children)

So, how does it work when you are accessing account from a different device? How the other device knows your fingerprint?

[–] valpackett@lemmy.blahaj.zone 2 points 1 year ago

It does not. The fingerprint always only unlocks the device's HSM ("secure enclave" in Apple speak).

Between your devices enrolled in the ecosystem, private keys are synced securely (AFAIK, they make it so that an existing device’s HSM encrypts keys using the pubkey of the new one’s HSM); for signing up using your device on someone else's computer there's a process that combines QR codes with Bluetooth communication.