Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
パスキーでE2E暗号化 in Android Apps (PRF Extension)
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Walnuts
March 06, 2026
Technology
10
0
Share
パスキーでE2E暗号化 in Android Apps (PRF Extension)
2025/03/06に開催されたMobile Act OSAKA 18での発表資料です。
Walnuts
March 06, 2026
More Decks by Walnuts
See All by Walnuts
Cloud Native 技術をフル活用!壊して学ぶ自宅サーバーのバックアップ戦略!
walnuts1018
1
94
プログラミングサークルの新歓を支える技術
walnuts1018
1
570
Go言語でLINE Botをつくろう!
walnuts1018
0
1.1k
ESP32と赤外線LEDを用いて エアコンを遠隔操作する
walnuts1018
0
400
Other Decks in Technology
See All in Technology
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
270
こんなアーキテクチャ図はいやだ / Anti-pattern in AWS Architecture Diagrams
naospon
1
410
AWS認定資格は本当に意味があるのか?
nrinetcom
PRO
1
260
CDK Insightsで見る、AIによるCDKコード静的解析(+AI解析)
k_adachi_01
2
180
新メンバーのために、シニアエンジニアが環境を作る時代
puku0x
0
1.1k
ハーネスエンジニアリングの概要と設計思想
sergicalsix
9
4.1k
60分で学ぶ最新Webフロントエンド
mizdra
PRO
33
18k
AI時代にデータ基盤が持つべきCapabilityを考える + Snowflake Data Superheroやっていき宣言 / Considering the Capabilities Data Platforms Should Have in the AI Era + Declaration of Commitment as a Snowflake Data Superhero
civitaspo
0
110
"SQLは書けません"から始まる データドリブン
kubell_hr
2
460
Azure PortalなどにみるWebアクセシビリティ
tomokusaba
0
380
Digitization部 紹介資料
sansan33
PRO
1
7.3k
Azure Lifecycle with Copilot CLI
torumakabe
3
1k
Featured
See All Featured
The Spectacular Lies of Maps
axbom
PRO
1
690
WENDY [Excerpt]
tessaabrams
10
37k
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
chikuwait
0
470
Site-Speed That Sticks
csswizardry
13
1.2k
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
64
54k
Primal Persuasion: How to Engage the Brain for Learning That Lasts
tmiket
0
320
The Pragmatic Product Professional
lauravandoore
37
7.2k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
254
22k
Testing 201, or: Great Expectations
jmmastey
46
8.1k
We Have a Design System, Now What?
morganepeng
55
8.1k
sira's awesome portfolio website redesign presentation
elsirapls
0
210
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
8k
Transcript
パスキーでE2E暗号化 in Android Apps (PRF Extension) 2025/03/06 Mobile Act OSAKA
18 walnuts1018
名名 : 俵 俵俵俵俵俵俵 俵俵俵俵俵 名名 : 俵俵俵俵 俵俵俵 俵俵俵俵俵俵俵
4俵俵 俵俵俵俵俵俵俵 俵俵俵俵俵 名名 : 俵 Kubernetes 俵 Go 俵 OpenTelemetry 俵 React 俵 Android 自己紹介 https://walnuts.dev @walnuts1018 @walnuts1018 id:walnuts1018 1 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵
2 パスワードによるリモート認証 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 Credential 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 俵俵 1.
俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 2. 俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵 0123 検証 パスワードの送信
3 FIDO認証 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 名名名名名名名名名名名名名名名名名 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 Challenge 俵
俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • Credential 俵 = 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 Credential 俵俵俵俵 俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵 abcdef 署名検証 YWJjZGVmCg 署名生成
4 FIDO認証 on Android • Android 俵俵 Credential Manager 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵
val credentialManager = CredentialManager.create(context) // サーバーからChallengeなどを受け取る val publicKeyJson = Json.parseToJsonElement( apiClient.getVerificationAssertion(userId) ).jsonObject["publicKey"]!!.toString() // Credential Manager APIを呼び出して署名を得る val result = credentialManager.getCredential( context = activityContext, request = GetCredentialRequest( credentialOptions = listOf(GetPublicKeyCredentialOption(requestJson = publicKeyJson)), ), ) // サーバーに署名を送信して検証 val response = apiClient.verifyWebAuthnAssertion((result.credential as PublicKeyCredential).authenticationResponseJson) 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵
5 クライアントサイド暗号化におけるパスワード • FIDO 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 俵俵俵俵俵俵俵俵 • 俵俵俵俵
名名名名名名名名名名名名名名名名名名名 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵
6 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 •
俵俵俵俵 名名名名名名名名名名名名名名名名名名名名名名名名名名 俵俵俵俵俵俵 俵俵俵俵 俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 +Salt 俵俵俵俵俵俵俵俵俵俵俵 俵俵俵俵俵俵俵俵俵 クライアントサイド暗号化におけるパスワード 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵
7 WebAuthn Pseudo-random function (prf) extension • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 FIDO 俵俵俵俵俵俵俵俵俵俵俵俵俵
• 俵俵俵俵 Credential 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 Challenge/Response 俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵 /俵俵俵俵俵俵俵 Credential 俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵 … • 俵俵俵俵 WebAuthn PRF Extension 俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵 RPID 俵 俵 俵俵俵俵俵俵 Salt 俵俵俵俵俵俵 俵俵俵俵俵俵俵俵俵俵 • = 俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 https://w3c.github.io/webauthn/#prf-extension 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵 RPID: example.walnuts.dev Salt: d2FsbnV0czEwMTgK uCgogICAgICAgRm9 ybWVyIE1haW50YWl
8 PRF Extension on Android • Credential Manager 俵俵俵 Passkey
俵俵俵俵俵俵俵俵 PRF Extension 俵俵俵俵俵俵俵 • "WebAuthn "俵俵俵俵俵 ... • Android 俵俵俵俵俵 Android Keystore 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵 PRF Extension 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 Google Password Manager 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵 Web俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 /俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵
PRF Extension on Android 俵俵 : • Pixel 8 Pro
(Android16) / Pixel 9 Pro (Android16) • 俵俵俵 : Google Password Manager • 俵俵俵俵 : https://prfexample.walnuts.dev/ 俵俵 : 1. 俵俵俵俵俵俵俵俵俵俵俵俵 with PRF Extension 俵 2. 俵俵俵俵俵俵俵俵俵俵俵俵俵俵 PRF Extension 俵俵俵俵俵 俵俵俵俵俵俵俵俵 3. 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 4. 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 PRF Extension 俵俵俵俵俵 俵俵俵俵俵俵俵 9 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵
10 より実用的にするには • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • Google 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • Please, please,
please stop using passkeys for encrypting user data · Timbits • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵 HMAC 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵 PRF Key generated by Passkey 1 PRF Key generated by Passkey 2 Shared Key encrypted by PRF Key1 Data encrypted by Shared Key Shared Key encrypted by PRF Key2 Shared Key Saved on Server Saved on Authenticator Restored when needed
11 まとめ • (WebAuthn ) PRF Extension 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 俵俵俵俵俵 •
Android 俵 Credential Manager 俵俵俵俵俵俵俵俵俵俵俵俵俵俵 PRF Extension 俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵
ks91
naospon
nrinetcom
k_adachi_01
puku0x
sergicalsix
mizdra
civitaspo
kubell_hr
tomokusaba
sansan33
torumakabe
axbom
tessaabrams
chikuwait
csswizardry
nwiizo
tmiket
lauravandoore
smashingmag
jmmastey
morganepeng
elsirapls
eileencodes
