PRF WebAuthn and its role in passkeys

Bitwarden includes passkey management for users to store and manage passkeys within their vaults and the ability to use passkeys to sign into the Bitwarden web vault. Accessing and unlocking the Bitwarden vault with a passkey leverages an extension for WebAuthn called the pseudo-random function or PRF. This article explores this emerging standard and how it may impact the user experience of passkey login. Integrating the PRF extension in WebAuthn also supports end-to-end encryption, ensuring secure communications for sensitive data. Join the Bitwarden community and share your experience.

The WebAuthn PRF extension is an emerging standard that sources symmetric keys from an authenticator. When using an authenticator, such as a security key and a compatible browser, the WebAuthn PRF extension allows the authenticator to generate an encryption key associated with a particular site, often called the relying party. This key can then be provided to that site during authentication. For example, when a Bitwarden user registers a passkey from a hardware security key such as a YubiKey, Bitwarden can use that encryption key (associated with the passkey) to encrypt and decrypt the user’s vault data. Unlike a hardware security module (HSM), which controls access to an organization’s digital security key, the WebAuthn PRF extension does not store encryption keys on the hardware device. Instead, the extension uses input data (a salt) provided by the relying party to generate keys, a deterministic operation where the output will always be the same for a certain input. Many current platform authenticators do not implement specific security extensions, which is why the support for PRF in WebAuthn is significant.

This differs from regular FIDO2 outputs (or signatures), which will always differ, regardless of the input or challenge because the PRF allows passkeys to be used for encryption operations.

The PRF extension offers several benefits and use cases that enhance the security and functionality of WebAuthn. Here are some key advantages:

1. Client-side encryption: One of the standout features of the PRF extension is its ability to enable client-side encryption. This allows users to retain full control over their data. Service providers can store encrypted data without ever needing to view it, ensuring that sensitive information remains confidential and secure.

2. Data protection: By using the PRF salt as a basis for the HMAC-based Key Derivation Function (HKDF), the PRF extension provides an additional layer of security. This ensures that user data is protected from unauthorized access, making it a robust solution for data protection.

3. Identity wallets: The PRF extension can derive encryption keys for identity wallets, enabling secure storage and management of identity data.

4. Non-custodial digital wallets: With the PRF extension, there’s no need for server-side access to private keys. This enables non-custodial digital wallets to operate securely, giving users peace of mind that their private keys are safe from server-side breaches.

5. Sensitive data protection: For platforms handling highly sensitive information, the PRF extension can enable client-side encryption of sensitive data.

When you use an authenticator such as security keys and a browser that supports the security key – as showcased in “Sign in and unlock Bitwarden with passkeys” – the WebAuthn PRF extension prompts the authenticator to generate an encryption key associated with a particular website. This key can then be provided to that application after authentication. 

Here’s how it works. A Bitwarden user who registers a passkey from a compatible device can use that same passkey to encrypt and decrypt their vault, which means that with the WebAuthn PRF extension, users can decrypt their Bitwarden vaults without using a master password. The extension also extends additional convenience and security if you’re on a temporary device.

How? First, let’s explore traditional authentication: If you use a YubiKey for 2FA, this YubiKey determines who Bitwarden servers will give your encrypted vault to and adds an additional layer of security on top of your master password. Your vault decrypts only after it has received authentication from YubiKey. In most cases, this is a secure setup.

However, if a bad actor gains access to your encrypted vault by somehow bypassing 2FA, then the protection provided by YubiKey is void. This is because the YubiKey was used to help the Bitwarden server determine whether the encrypted vault should be shared with you, not as part of the encryption process. In this case, the Yubikey 2FA alone does not ensure the highest security standards, especially if a weak master password was used.

WebAuthn PRF addresses this gap by replacing your master password with a strong encryption key, which is much harder to crack compared to passwords. It’s also important to note that the WebAuthn PRF extension is currently available in Chromium-based browsers, such as Google Chrome and Microsoft Edge.

As the possibilities of WebAuthn PRF unfold, join the Bitwarden community and share your experiences. Together, let’s help make the online world more secure!

Build passkey authentication for your websites and applications with Bitwarden Passwordless.dev.

Learn how Bitwarden is helping customers adopt secure, password-free experiences.