This page is displayed in , but your browser is set to .
Would you like to switch to the version?

Bitwarden Blog

PRF WebAuthn and its role in passkeys

VS
authored by:Vivian Shic
published :

Bitwarden includes

passkey management
for users to store and manage passkeys within their vaults and the ability to use passkeys to
sign into the Bitwarden web vault
. Accessing and unlocking the Bitwarden vault with a passkey leverages an extension for WebAuthn called the
pseudo-random function or PRF
. This article explores this emerging standard and how it may impact the user experience of passkey login. Integrating the PRF extension in WebAuthn also supports end-to-end encryption, ensuring secure communications for sensitive data. Join the
Bitwarden community
 and share your experience.

What is the WebAuthn PRF extension, and how does it work?

The WebAuthn PRF extension is an emerging standard that sources symmetric keys from an authenticator. When using an authenticator, such as a security key and a compatible browser, the WebAuthn PRF extension allows the authenticator to generate an encryption key associated with a particular site, often called the relying party. This key can then be provided to that site during authentication. For example, when a Bitwarden user registers a passkey from a hardware security key such as a YubiKey, Bitwarden can use that encryption key (associated with the passkey) to encrypt and decrypt the user’s vault data. Unlike a hardware security module (HSM), which controls access to an organization’s digital security key, the WebAuthn PRF extension does not store encryption keys on the hardware device. Instead, the extension uses input data (a salt) provided by the relying party to generate keys, a deterministic operation where the output will always be the same for a certain input. Many current platform authenticators do not implement specific security extensions, which is why the support for PRF in WebAuthn is significant.

This differs from regular FIDO2 outputs (or signatures), which will always differ, regardless of the input or challenge because the PRF allows passkeys to be used for encryption operations.

Benefits and use cases

The PRF extension offers several benefits and use cases that enhance the security and functionality of WebAuthn. Here are some key advantages:

  1. Client-side encryption: One of the standout features of the PRF extension is its ability to enable client-side encryption. This allows users to retain full control over their data. Service providers can store encrypted data without ever needing to view it, ensuring that sensitive information remains confidential and secure.

  2. Data protection: By using the PRF salt as a basis for the HMAC-based Key Derivation Function (HKDF), the PRF extension provides an additional layer of security. This ensures that user data is protected from unauthorized access, making it a robust solution for data protection.

  3. Identity wallets: The PRF extension can derive encryption keys for identity wallets, enabling secure storage and management of identity data.

  4. Non-custodial digital wallets: With the PRF extension, there’s no need for server-side access to private keys. This enables non-custodial digital wallets to operate securely, giving users peace of mind that their private keys are safe from server-side breaches.

  5. Sensitive data protection: For platforms handling highly sensitive information, the PRF extension can enable client-side encryption of sensitive data.

What does pseudo random function mean for you?

When you use an authenticator such as security keys and a browser that supports the security key – as showcased in “

Sign in and unlock Bitwarden with passkeys
” – the WebAuthn PRF extension prompts the authenticator to generate an encryption key associated with a particular website. This key can then be provided to that application after authentication. 

Here’s how it works. A Bitwarden user who registers a passkey from a compatible device can use that same passkey to encrypt and decrypt their vault, which means that with the WebAuthn PRF extension, users can decrypt their Bitwarden vaults without using a master password. The extension also extends additional convenience and security if you’re on a temporary device.

How? First, let’s explore traditional authentication: If you use a YubiKey for

2FA
, this YubiKey determines who Bitwarden servers will give your encrypted vault to and adds an additional layer of security on top of your master password. Your vault decrypts only after it has received authentication from YubiKey. In most cases, this is a secure setup.

However, if a bad actor gains access to your encrypted vault by somehow bypassing 2FA, then the protection provided by YubiKey is void. This is because the YubiKey was used to help the Bitwarden server determine whether the encrypted vault should be shared with you, not as part of the encryption process. In this case, the Yubikey 2FA alone does not ensure the highest security standards, especially if a weak

master password
was used.

WebAuthn PRF addresses this gap by replacing your master password with a strong encryption key, which is much harder to crack compared to passwords. It’s also important to note that the WebAuthn PRF extension is currently available in Chromium-based browsers, such as Google Chrome and Microsoft Edge.

As the possibilities of WebAuthn PRF unfold, join the

Bitwarden community
and share your experiences. Together, let’s help make the online world more secure!

Additional resources 

Build passkey authentication for your websites and applications with

Bitwarden Passwordless.dev
.

Learn how Bitwarden is helping customers adopt secure,

password-free experiences
.

Back to Blog

Ready to see Bitwarden in action?

Start a Trial
Contact Sales
Join a Live Demo