How do passkeys saved in 1password work?
Hi
1.I wrote a sequence diagram to authenticate using the passkey saved in 1password, but is this correct?
- If I register a passkey in 1password, will only the private key be registered in 1password?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Hi @choi_mixi,
I love the sequence diagram, this is my first time seeing one and yes on a basic level this is correct. However, I'd like to add some more context.
When a passkey is created, a public-private key pair is created. The public key is stored on the website's server and the private key is stored in your 1Password vault. Both keys are needed to authenticate and log in to the account that your passkey was created for.
The website or app you created the passkey for will create a 'challenge', and after you authenticate with biometrics or your device PIN, your device will unlock the private key and use it to sign the 'challenge'.
The completed signature is then sent to the website or app where they use the public key they have on their servers to check the signature before you can login into the website or app.
You can learn more about how passkeys work here: Passkeys FAQs: What they are, and other frequently asked questions.
Let me know if this helps!
0 -
Hello @muhammad.hameed_1P ,
Thank you for your reply.
I created a new sequence diagram by adding public keys and private keys. Could you please let me know if there are any errors in the diagram?
Best regards
0 -
Question:
When I save a passkey in 1Password's vault, is the passkey stored in the local device or in 1Password's cloud? Do I need to authenticate with 1Password's master password (knowledge) + secret key (in local device) to use a passkey , and if successful, i can use the passkey in 1Password's cloud?
0 -
Hey @choi_mixi,
Thats right, when you save a passkey it is stored in your 1Password and you can access this from any device (that supports passkeys).
Yes, will need to unlock 1Password on the device to be able to use the passkey to sign in to a website.
I hope this answers your questions!
0 -
Hello @steph.giles
Thank you for reply.
Your answer solved my question. thank you.
I have an additional question, Could you please let me know if there are any errors in the diagram?
Best Regards
0 -
Can you clarify the distinction between "1Password" and "Client" in your diagram? The signing happens in our application process (or browser extension).
Different platforms will have slightly different architectures. For example, on iOS we've implemented Apple's passkey API for third-party managers and the saving and filling of passkeys goes through that AutoFill API.
Would you also be able to share what you're planning to use the diagram for? The context will help us to better answer your questions. I look forward to hearing from you. 🙂
-Dave
0
