mortenVChristiansen
/
k_card
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
code for 3 machines demoing how to use the chrome card.
37 Commits 2 Branches 0 Tags 1.1 MiB
Python 51.8%
Dart 34.3%
JavaScript 7.3%
Go 2.3%
Kotlin 2.1%
Other 2.2%
Go to file
Morten V. Christiansen 4b719a0846 Switch token binding from per-request URL+method to domain-level host+nonce 
Challenge is now SHA256(host|nonce) instead of SHA256(url|method|nonce).
A single card interaction authorises access to any path and method on the
gated domain, which is the intended granularity. Tests updated accordingly:
path/method rejection cases replaced with domain-level and tampered-host cases.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 		2026-05-09 23:52:48 +02:00
component3 Implement per-request FIDO2 token binding across all components 2026-05-08 12:01:23 +02:00
k_phone Switch token binding from per-request URL+method to domain-level host+nonce 2026-05-09 23:52:48 +02:00
tests Switch token binding from per-request URL+method to domain-level host+nonce 2026-05-09 23:52:48 +02:00
.gitignore Initial commit: chromecard workspace snapshot 2026-04-29 22:06:14 +02:00
CLAUDE.md Refactor k_phone (v2) and add component3 Go binary 2026-05-05 21:04:19 +02:00
PHASE5_RUNBOOK.md Initial commit: chromecard workspace snapshot 2026-04-29 22:06:14 +02:00
Setup.md Fix Android Playwright tests: connectOverCDP + card reconnect 2026-05-09 21:41:36 +02:00
Workplan.md Fix Android Playwright tests: connectOverCDP + card reconnect 2026-05-09 21:41:36 +02:00
ctaphid_init_probe.py Initial commit: chromecard workspace snapshot 2026-04-29 22:06:14 +02:00
fido2_probe.py Initial commit: chromecard workspace snapshot 2026-04-29 22:06:14 +02:00
generate_phase2_certs.py Initial commit: chromecard workspace snapshot 2026-04-29 22:06:14 +02:00
k_client_portal.py Initial commit: chromecard workspace snapshot 2026-04-29 22:06:14 +02:00
k_proxy_app.py Fix Android Playwright tests: connectOverCDP + card reconnect 2026-05-09 21:41:36 +02:00
k_server_app.py Switch token binding from per-request URL+method to domain-level host+nonce 2026-05-09 23:52:48 +02:00
package-lock.json Fix Android Playwright tests: connectOverCDP + card reconnect 2026-05-09 21:41:36 +02:00
package.json Fix Android Playwright tests: connectOverCDP + card reconnect 2026-05-09 21:41:36 +02:00
phase5_chain_regression.sh Initial commit: chromecard workspace snapshot 2026-04-29 22:06:14 +02:00
phase65_concurrency_probe.py Initial commit: chromecard workspace snapshot 2026-04-29 22:06:14 +02:00
playwright.config.js Fix Android Playwright tests: connectOverCDP + card reconnect 2026-05-09 21:41:36 +02:00
raw_ctap_probe.py Initial commit: chromecard workspace snapshot 2026-04-29 22:06:14 +02:00
webauthn_local_demo.py Initial commit: chromecard workspace snapshot 2026-04-29 22:06:14 +02:00