Is it possible to encrypt a local db using a passkey registered in the Users phone ?

[AllanOricil]

@MasterKale

I read this https://blog.millerti.me/2023/01/22/encrypting-data-in-the-browser-using-webauthn/ and I was thinking if I could encrypt a local db using the same approach. The passkey would be in a Mobile phone, when starting the auth, a User is asked to go through Multi-device flow. With a successful auth, prf is sent to the browser, then the browser sends is to a local server (via application url) which is then going to decrypt the db info. Would it work?

[MasterKale]

If you found a mobile phone that supported prf extension then theoretically yes it would work. But right now I'm only aware of security keys supporting it. I guess you could use a security key with a mobile device that performs hybrid auth, but I think right now you still need a security key in play.

[AllanOricil]

Could you give more details? I don't know anything about security keys.

[AllanOricil]

My goal is to not allow someone to access my database if he is granted access to my machine

[AllanOricil]

https://bitwarden.com/blog/prf-webauthn-and-its-role-in-passkeys/#:~:text=When%20using%20an%20authenticator%20such,to%20that%20site%20during%20authentication.