Product Documentation
A very secure policy:
- Requires user verification: Biometrics, PIN, or Pattern
- Requires restricted algorithm: ECDSA
- Uses Android SafetyNet attestation
Please follow this link to learn more about the FIDO Policy definitions.
{
"FidoPolicy": {
"name": "RestrictedSKFSPolicy-Android-SafetyNet",
"copyright": "StrongAuth, Inc. (DBA StrongKey) All Rights Reserved",
"version": "2.0",
"startDate": "1745341841",
"endDate": "1760103870871",
"system": {
"did": 4,
"requireCounter": "mandatory",
"integritySignatures": true,
"userVerification": [
"required"
],
"userPresenceTimeout": 30,
"allowedAaguids": [
"b93fd961-f2e6-462f-b122-82002247de78"
],
"transport": [
"usb",
"internal"
]
},
"subdomains": {
"enabled": false,
"allowedSubdomains": [
]
},
"relatedOriginRequests": {
"enabled": false
},
"digitalAssetLinks": {
"enabled": false
},
"algorithms": {
"curves": [
"secp256r1",
"secp384r1",
"secp521r1",
"curve25519"
],
"rsa": [
"none"
],
"signatures": [
"ES256",
"ES384",
"ES512",
"EdDSA",
"ES256K"
]
},
"attestation": {
"conveyance": [
"direct"
],
"formats": [
"android-safetynet"
]
},
"registration": {
"displayName": "required",
"attachment": [
"platform"
],
"discoverableCredential": [
"required"
],
"excludeCredentials": "enabled"
},
"authentication": {
"allowCredentials": "enabled"
},
"authorization": {
"maxdataLength": 256,
"preserve": true
},
"rp": {
"id": "strongkey.com",
"name": "FIDOServer"
},
"extensions": {
},
"mds": {
"authenticatorStatusReport": [
{
"status": "FIDO_CERTIFIED_L1",
"priority": "1",
"decision": "IGNORE"
},
{
"status": "FIDO_CERTIFIED_L2",
"priority": "1",
"decision": "ACCEPT"
},
{
"status": "UPDATE_AVAILABLE",
"priority": "5",
"decision": "IGNORE"
},
{
"status": "REVOKED",
"priority": "10",
"decision": "DENY"
}
]
},
"jwt": {
"algorithms": [
"ES256",
"ES384",
"ES521"
],
"duration": 30,
"required": [
"rpid",
"iat",
"exp",
"cip",
"uname",
"agent"
]
},
"signcerts": {
"rootca": {
"subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 4,O=StrongKey",
"serialnumber": "3827312939673571130",
"pemcert": "-----BEGIN CERTIFICATE-----MIICVTCCAbegAwIBAgIINR1Y1zV/zzowCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNDElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNjU3MzBaFw0yNjA0MjIxNjU3MzBaMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAC+iJcFlv50egM56Y4lltx3NXLJVjJyoqNDQWp2FoAqIbOhNdIMYAg2zDmx7bbEMQDw7fiar5NOyVUf+pu848fQegHpXpRjCPtqdmqE6sHotKglw1M5QIuBGua1yAKuQd18K1AaQpbxnhqNtjng/AlPWjldZaZKdqq6N/sH35n/x5fh7qNCMEAwHQYDVR0OBBYEFKWPEThwnuf0PANS/BntL6B+J27uMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMEA4GLADCBhwJBOaFCZSC/yBlsxEReoupqBYcDzz2b1bPliHMGwIFCNeijedsHIaSse8Pu71PuPWEDZVhNTVm3i/hGu1KmaMqGlDoCQgDzDwaNXo2YaAV46j+rDkj1eUorqA0Rwl40r2HZDlxpJ/+Bu5/falG6qNVEkU9d/nnhl3mGdNWXV04n655GpJ/Ikg==-----END CERTIFICATE-----",
"jwtcerts": {
"default": [
{
"subjectdn": "CN=SKFS JWT Signer 1,OU=DID 4,O=StrongKey",
"serialnumber": "5811459623082688245",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWmgAwIBAgIIUKZzvJxefvUwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNDElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNjU3NDJaFw0yNjA0MjIxNjU3NDJaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYMN0I/MTfTEkMMSZscXl4RA0OwhVuxtzTwwHzYk7xNsPhHk+ickHMesYcAgAuzIf/yFdlrJFt6QkfszzLPHpWKNCMEAwHQYDVR0OBBYEFMFJZjJOPNGmdBvn078JPdkGepwFMB8GA1UdIwQYMBaAFKWPEThwnuf0PANS/BntL6B+J27uMAoGCCqGSM49BAMEA4GMADCBiAJCAN/MhbuoXowT9Bp1Zk23EbsdV7gv8mCsJJZtZ9DasGGFRiwySncFA8rZjk6BvDLzMhpg3HCij40+OF5KE4vNNsgDAkIB74K8z6X9tQXwWOehq51xq//Iu6l/rGL3BQJ6D7fG7yBozpDlrb0fREdc62rrvMrdrIytrjU0rdpWSKJLVdtzRT4=-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS JWT Signer 2,OU=DID 4,O=StrongKey",
"serialnumber": "3195197273011029095",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWmgAwIBAgIILFee/a0ehGcwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNDElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNjU3NTlaFw0yNjA0MjIxNjU3NTlaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErPxdIJ8q2N5XoSZJxsIddMYaiQ59mJP1ylibBEtdMAxYDd3hDeFjBNilz+UHSlXZvPBpOWlnU2pBb8cpVwLqqaNCMEAwHQYDVR0OBBYEFLJPcGAVO4l25a6msoOv1/Ve78f1MB8GA1UdIwQYMBaAFKWPEThwnuf0PANS/BntL6B+J27uMAoGCCqGSM49BAMEA4GMADCBiAJCATtzQrXaBx40LGXPbe39QMHLwq+HVW9cPN1j47tFj+OazckCHXtIhC+4qYhUAoi+zbbYT7R1eb4mzquD3agYYc0jAkIArq7KYF8cTeHizb0+T2ku5iSVEcz7oJGungtYZpiS3752fp3As3wxmZWuVoqww5GvnCZlNRDlEDoBEPRY1vwc5pk=-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS JWT Signer 3,OU=DID 4,O=StrongKey",
"serialnumber": "5742687610398801601",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWmgAwIBAgIIT7If9KHbfsEwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNDElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNjU4MTdaFw0yNjA0MjIxNjU4MTdaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEV4UiQu3XlqI29tHQQehE9TV/5d5esPPmVmeRAVjx2HIIO5sEic0NFTQ92+UpeuSTIx3F/GWx2pnFcNf3Zypo3aNCMEAwHQYDVR0OBBYEFFMpbjcR2ApwawlBhZvMFzfw4DN1MB8GA1UdIwQYMBaAFKWPEThwnuf0PANS/BntL6B+J27uMAoGCCqGSM49BAMEA4GMADCBiAJCAMbnQnJgURNMm8xUmfPQwSNPf8tCQqGcE56mnHxYwq6xvs58tj/ILpg3e7tsLC/xsuf75UoUWl5i3sP2oarHX++fAkIBTpGQ7LsYslBVhsCeiT5tOs+gdXOOIig5mq4A7sdhZRQG+0PhENWgbuVZ+t0pX82x7n+fT9KR0e2jh2pGmy1YvrQ=-----END CERTIFICATE-----"
}
]
},
"samlcerts": {
"default": [
{
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 4,O=StrongKey",
"serialnumber": "352197730432039395",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkWgAwIBAgIIBONB+EUZueMwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNDElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzA2MDRaFw0yNjA0MjIxNzA2MDRaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANTJZQ/GQ9+ovDYp77ZMQz0JrBrHOfjx+JZSmvCqspHk1gZOdBtppodtrwRQQUa5xPpkKOKsRvQA7uFQiWEObAimW8r1le+dZwlprrL55bYzAgVE9KXqDkei7d6mw073gGbJOqIOQhvr8STe56AqlZ+noaNE2DBW6tH5MfsLnIyd1xCmvw2FGKIJxP5rUyGIXocNC5jExGEvJk2goEytacENRumdEPQJYD5XohX+JWsJAgMLJI+VP+vfB0LlSQjncYtGJG3AYUy8HyXi5CHLPqqyEIzLRej+qUKmGJCXY/W//v8LB3XfvAbeubShWy7tOkYltnjZ9LvJXLOHmQjigMsCAwEAAaNSMFAwHQYDVR0OBBYEFDUGPeJPV5cJTFewBJjpQ7AGl2keMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSljxE4cJ7n9DwDUvwZ7S+gfidu7jAKBggqhkjOPQQDBAOBiwAwgYcCQgDDa3/DQQcjBtCJS+y3Mjl/6q5sNti320VNyoNrE/r3cRpIlVdciazxL3lsSbdjviu6anMx8sE/La8OwhbgynvDnAJBEPW6TAvHiVi4fqFv2rETSDfezXvxO8pb0wTn/X17jfhLUN2pXZ3p13rsO8LbUU2Uzb/nt6FqZVu2VWyg5aU5Bvs=-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS SAML Signer 2,OU=DID 4,O=StrongKey",
"serialnumber": "-6959572993234552707",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5TCCAkagAwIBAgIJAJ9qoTxt2jh9MAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTcwNjIyWhcNMjYwNDIyMTcwNjIyWjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl32F0VPLd49dJx2u2/EaByY10q/27Xo0TdK6eFWwUiykX5Phae86g+jDPdJc9uDFDVHLF07w/0/2bZ6VthDiZkgZrveWtv3sGU7BZ74ROtC/irTmwKEFWvGxyCezcekCfrsYdlKj7uqBYMqGJjSmaSyDbXWmLlJ7hx/kbSXaNjjDaRYMeJPnV2HdsPg/fZRuFNyrKSQbfoltdmyACB1UgMqNuecyaDaQwa5k0g4MN75RI4QYr/r1XFNt0kb1fw4kLhQEW8pKZuUNhw1u+GqvuwSLs308C245skXTqKrBmqLsiAw/6fEwbleQqK1k2WRba3Czkand7yhYZpMB1VNj7AgMBAAGjUjBQMB0GA1UdDgQWBBTNX9TYE6/TBElgzFKTBTjgt7wesDAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUpY8ROHCe5/Q8A1L8Ge0voH4nbu4wCgYIKoZIzj0EAwQDgYwAMIGIAkIBA/ZxJQMRoBNxU54oumttDkOvaG3fIClW+HTKK8ae4QI0cWUziK1yiGHcA6FWQajXVbYEZCTOLEiGOkelztH2bNwCQgExKk0pBonzq7oKTQWEJERwxu30YesnWfhGMBCHgltLosr08l1m5AQLUk05kHMREIIfCH7EPuowhWPovxsOpqE1Kw==-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS SAML Signer 3,OU=DID 4,O=StrongKey",
"serialnumber": "-2494728354128657114",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkagAwIBAgIJAN1g8ceREQUmMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTcwNjQwWhcNMjYwNDIyMTcwNjQwWjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqVszhDqcOwai7jJlUbg6zVQPGSamisoZHI3kwkF6F+kFQ02Q3aPhQRoccBfp6TIKe+bDAx369WCRk5Lwfws27u4Vy+5gdYbVCEwYyd60ewN6fuzpQghvS3rgfwikfdeZpPssQTizB9/HlaUrpZjlqzcaO7gZ0cNC1MtjJYdA8LGxzt6UVkajpZN/YsDxw3GUHpFjEA/Rka8jjVgU/FK3MBpUOtYm00uq5NEaOnzkv+jZd6XUb4FZ0UqfMOodHl5ighY0mdECglCxuChfENxK/jfjEkLyoGpz9HxFkTPiC9f51kmFPz/MP5aC3xlh9skK8YL44btS0KvJTRQZZ4TyVAgMBAAGjUjBQMB0GA1UdDgQWBBSy9byZdITFbf3fDpBAx+fJSHjPTTAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUpY8ROHCe5/Q8A1L8Ge0voH4nbu4wCgYIKoZIzj0EAwQDgYsAMIGHAkEuVLtd07PMXFAbdfY+WEhG9Kou3MVb6RyTLI87HLn5cqaXIbQw22RkzVfjC5wDbQGYHkQNtOz61m48pX/c1gWPWwJCAYaIaR7tqVXIbYQmJLMG9SEprezXz9Z51r5ukhfBcbH4uqDPsKiscIhOVTGfcva0Bk90HFf6J01cpSboz43iynM4-----END CERTIFICATE-----"
}
],
"citrixidp": {
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 4,O=StrongKey",
"serialnumber": "352197730432039395",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkWgAwIBAgIIBONB+EUZueMwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNDElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzA2MDRaFw0yNjA0MjIxNzA2MDRaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANTJZQ/GQ9+ovDYp77ZMQz0JrBrHOfjx+JZSmvCqspHk1gZOdBtppodtrwRQQUa5xPpkKOKsRvQA7uFQiWEObAimW8r1le+dZwlprrL55bYzAgVE9KXqDkei7d6mw073gGbJOqIOQhvr8STe56AqlZ+noaNE2DBW6tH5MfsLnIyd1xCmvw2FGKIJxP5rUyGIXocNC5jExGEvJk2goEytacENRumdEPQJYD5XohX+JWsJAgMLJI+VP+vfB0LlSQjncYtGJG3AYUy8HyXi5CHLPqqyEIzLRej+qUKmGJCXY/W//v8LB3XfvAbeubShWy7tOkYltnjZ9LvJXLOHmQjigMsCAwEAAaNSMFAwHQYDVR0OBBYEFDUGPeJPV5cJTFewBJjpQ7AGl2keMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSljxE4cJ7n9DwDUvwZ7S+gfidu7jAKBggqhkjOPQQDBAOBiwAwgYcCQgDDa3/DQQcjBtCJS+y3Mjl/6q5sNti320VNyoNrE/r3cRpIlVdciazxL3lsSbdjviu6anMx8sE/La8OwhbgynvDnAJBEPW6TAvHiVi4fqFv2rETSDfezXvxO8pb0wTn/X17jfhLUN2pXZ3p13rsO8LbUU2Uzb/nt6FqZVu2VWyg5aU5Bvs=-----END CERTIFICATE-----"
}
}
}
}
}
}
To learn more about the SKFS FIDO Policy, check out the SKFS FIDO Policy JSON Schema.