Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
パスキーでE2E暗号化 in Android Apps (PRF Extension)
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Walnuts
March 06, 2026
Technology
10
0
Share
パスキーでE2E暗号化 in Android Apps (PRF Extension)
2025/03/06に開催されたMobile Act OSAKA 18での発表資料です。
Walnuts
March 06, 2026
More Decks by Walnuts
See All by Walnuts
Cloud Native 技術をフル活用!壊して学ぶ自宅サーバーのバックアップ戦略!
walnuts1018
1
97
プログラミングサークルの新歓を支える技術
walnuts1018
1
580
Go言語でLINE Botをつくろう!
walnuts1018
0
1.1k
ESP32と赤外線LEDを用いて エアコンを遠隔操作する
walnuts1018
0
410
Other Decks in Technology
See All in Technology
AIコーディング時代における、ソフトウェアサプライチェーン攻撃に対する防衛術(簡易版)
soysoysoyb
0
120
はじめての MagicPod生成AI機能 機能紹介から活用方法まで
magicpod
0
110
20260423_執筆の工夫と裏側 技術書の企画から刊行まで / From the planning to the publication of technical book
nash_efp
3
430
AI時代 に増える データ活用先
takahal
0
310
Revisiting [CLS] and Patch Token Interaction in Vision Transformers
yu4u
0
390
CloudTrail を見つめ直してみる
kazzpapa3
1
110
データを"持てない"環境でのアノテーション基盤設計
sansantech
PRO
1
140
Route 53 Global Resolver で高額課金発生!
otanikohei2023
0
120
AgentCore×VPCでの設計パターンn選と勘所
har1101
3
300
これからの「データマネジメント」の話をしよう
sansantech
PRO
0
150
レビューしきれない?それは「全て人力でのレビュー」だからではないでしょうか
amixedcolor
0
350
Practical TypeProf: Lessons from Analyzing Optcarrot
mame
0
970
Featured
See All Featured
Everyday Curiosity
cassininazir
0
200
The Art of Programming - Codeland 2020
erikaheidi
57
14k
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
340
Context Engineering - Making Every Token Count
addyosmani
9
840
Design in an AI World
tapps
1
200
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Leo the Paperboy
mayatellez
7
1.7k
Discover your Explorer Soul
emna__ayadi
2
1.1k
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
720
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
110
How to train your dragon (web standard)
notwaldorf
97
6.6k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
287
14k
Transcript
パスキーでE2E暗号化 in Android Apps (PRF Extension) 2025/03/06 Mobile Act OSAKA
18 walnuts1018
名名 : 俵 俵俵俵俵俵俵 俵俵俵俵俵 名名 : 俵俵俵俵 俵俵俵 俵俵俵俵俵俵俵
4俵俵 俵俵俵俵俵俵俵 俵俵俵俵俵 名名 : 俵 Kubernetes 俵 Go 俵 OpenTelemetry 俵 React 俵 Android 自己紹介 https://walnuts.dev @walnuts1018 @walnuts1018 id:walnuts1018 1 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵
2 パスワードによるリモート認証 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 Credential 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 俵俵 1.
俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 2. 俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵 0123 検証 パスワードの送信
3 FIDO認証 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 名名名名名名名名名名名名名名名名名 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 Challenge 俵
俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • Credential 俵 = 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 Credential 俵俵俵俵 俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵 abcdef 署名検証 YWJjZGVmCg 署名生成
4 FIDO認証 on Android • Android 俵俵 Credential Manager 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵
val credentialManager = CredentialManager.create(context) // サーバーからChallengeなどを受け取る val publicKeyJson = Json.parseToJsonElement( apiClient.getVerificationAssertion(userId) ).jsonObject["publicKey"]!!.toString() // Credential Manager APIを呼び出して署名を得る val result = credentialManager.getCredential( context = activityContext, request = GetCredentialRequest( credentialOptions = listOf(GetPublicKeyCredentialOption(requestJson = publicKeyJson)), ), ) // サーバーに署名を送信して検証 val response = apiClient.verifyWebAuthnAssertion((result.credential as PublicKeyCredential).authenticationResponseJson) 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵
5 クライアントサイド暗号化におけるパスワード • FIDO 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 俵俵俵俵俵俵俵俵 • 俵俵俵俵
名名名名名名名名名名名名名名名名名名名 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵
6 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 •
俵俵俵俵 名名名名名名名名名名名名名名名名名名名名名名名名名名 俵俵俵俵俵俵 俵俵俵俵 俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 +Salt 俵俵俵俵俵俵俵俵俵俵俵 俵俵俵俵俵俵俵俵俵 クライアントサイド暗号化におけるパスワード 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵
7 WebAuthn Pseudo-random function (prf) extension • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 FIDO 俵俵俵俵俵俵俵俵俵俵俵俵俵
• 俵俵俵俵 Credential 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 Challenge/Response 俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵 /俵俵俵俵俵俵俵 Credential 俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵 … • 俵俵俵俵 WebAuthn PRF Extension 俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵 RPID 俵 俵 俵俵俵俵俵俵 Salt 俵俵俵俵俵俵 俵俵俵俵俵俵俵俵俵俵 • = 俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 https://w3c.github.io/webauthn/#prf-extension 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵 RPID: example.walnuts.dev Salt: d2FsbnV0czEwMTgK uCgogICAgICAgRm9 ybWVyIE1haW50YWl
8 PRF Extension on Android • Credential Manager 俵俵俵 Passkey
俵俵俵俵俵俵俵俵 PRF Extension 俵俵俵俵俵俵俵 • "WebAuthn "俵俵俵俵俵 ... • Android 俵俵俵俵俵 Android Keystore 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵 PRF Extension 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 Google Password Manager 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵 Web俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 /俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵
PRF Extension on Android 俵俵 : • Pixel 8 Pro
(Android16) / Pixel 9 Pro (Android16) • 俵俵俵 : Google Password Manager • 俵俵俵俵 : https://prfexample.walnuts.dev/ 俵俵 : 1. 俵俵俵俵俵俵俵俵俵俵俵俵 with PRF Extension 俵 2. 俵俵俵俵俵俵俵俵俵俵俵俵俵俵 PRF Extension 俵俵俵俵俵 俵俵俵俵俵俵俵俵 3. 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 4. 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 PRF Extension 俵俵俵俵俵 俵俵俵俵俵俵俵 9 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵
10 より実用的にするには • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • Google 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • Please, please,
please stop using passkeys for encrypting user data · Timbits • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵 HMAC 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵 PRF Key generated by Passkey 1 PRF Key generated by Passkey 2 Shared Key encrypted by PRF Key1 Data encrypted by Shared Key Shared Key encrypted by PRF Key2 Shared Key Saved on Server Saved on Authenticator Restored when needed
11 まとめ • (WebAuthn ) PRF Extension 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 俵俵俵俵俵 •
Android 俵 Credential Manager 俵俵俵俵俵俵俵俵俵俵俵俵俵俵 PRF Extension 俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 • 俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵俵 俵俵俵俵 > FIDO 俵俵 > 俵俵俵俵俵俵俵俵俵俵俵俵 > PRF Extension 俵俵 > 俵俵 > 俵俵俵
SiteGround - Reliable hosting with speed, security, and support you can count on.
soysoysoyb
magicpod
nash_efp
takahal
yu4u
kazzpapa3
sansantech
otanikohei2023
har1101
amixedcolor
mame
cassininazir
erikaheidi
skipperchong
addyosmani
tapps
marcelosomers
mayatellez
emna__ayadi
nmsamuel
techseoconnect
notwaldorf
stephaniewalter
