Product Documentation
A very secure policy:
- Requires user verification: Biometrics, PIN, or Pattern
- Requires restricted algorithm: ECDSA
- Uses Android SafetyNet attestation
Please follow this link to learn more about the FIDO Policy definitions.
{
"FidoPolicy": {
"name": "RestrictedSKFSPolicy-Android-SafetyNet",
"copyright": "StrongAuth, Inc. (DBA StrongKey) All Rights Reserved",
"version": "2.0",
"startDate": "1695937015",
"endDate": "1760103870871",
"system": {
"did": 4,
"requireCounter": "mandatory",
"integritySignatures": true,
"userVerification": ["required"],
"userPresenceTimeout": 30,
"allowedAaguids": ["b93fd961-f2e6-462f-b122-82002247de78"],
"transport": ["usb", "internal"]
},
"crossOrigin": {
"enabled": false,
"allowedOrigins": []
},
"algorithms": {
"curves": ["secp256r1", "secp384r1", "secp521r1", "curve25519"],
"rsa": ["none"],
"signatures": ["ES256", "ES384", "ES512", "EdDSA", "ES256K"]
},
"attestation": {
"conveyance": ["direct"],
"formats": ["android-safetynet"]
},
"registration": {
"displayName": "required",
"attachment": ["platform"],
"discoverableCredential": ["required"],
"excludeCredentials": "enabled"
},
"authentication": {
"allowCredentials": "enabled"
},
"authorization": {
"maxdataLength": 256,
"preserve": true
},
"rp": {
"id": "strongkey.com",
"name": "FIDOServer"
},
"extensions": {},
"mds": {
"authenticatorStatusReport": [{
"status": "FIDO_CERTIFIED_L1",
"priority": "1",
"decision": "IGNORE"
}, {
"status": "FIDO_CERTIFIED_L2",
"priority": "1",
"decision": "ACCEPT"
}, {
"status": "UPDATE_AVAILABLE",
"priority": "5",
"decision": "IGNORE"
}, {
"status": "REVOKED",
"priority": "10",
"decision": "DENY"
}]
},
"jwt": {
"algorithms": ["ES256", "ES384", "ES521"],
"duration": 30,
"required": ["rpid", "iat", "exp", "cip", "uname", "agent"]
},
"signcerts": {
"rootca": {
"subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 4,O=StrongKey",
"serialnumber": "1903408431",
"pemcert": "-----BEGIN CERTIFICATE-----MIICVTCCAbWgAwIBAgIEcXO1LzAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NzA1WhcNMjQwOTI1MTg1NzA1WjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBYMv6wHuMxx7dxHZ6E2MNrKI2lDH3//XJAtoI0aex0ZWmhkUxFLkV8cwFcNLhxLpBjKSqGdK6W8aQpSD6xsh+b7IBi8p7Vq6/TUghfhgaAyJFYd33KR7zfpu46I3VVqSKNpKIYjZBsdpB92MO7+ZnzqZnjuAxZLz1c1sUOTSBgbWeW9CjQjBAMB0GA1UdDgQWBBTmC8DH0wPv5hpOqk83Qch/mv+QZDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBggqhkjOPQQDBAUAA4GLADCBhwJBYBPeZhWl60J4jD5+DwSvgYLIvEeLW61RoOoUus8/YiM+2ZW5ksOjZ7zGDxv1x+SXlagsqAcedKVSvSjrmzZphGwCQgEDaLUK9CIE7tLzzMwLDUetEP4Qx2/2A16Fmz+NimD+CtY5l+QYjim/WKYcGBBQgGnkWj4jOEImMfI/Y626wskfbQ==-----END CERTIFICATE-----",
"jwtcerts": {
"default": [{
"subjectdn": "CN=SKFS JWT Signer 1,OU=DID 4,O=StrongKey",
"serialnumber": "520033527",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWegAwIBAgIEHv8U9zAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NzE3WhcNMjQwOTI1MTg1NzE3WjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMQbTiXomTFAKatu9PHe/tHHvJL+vERUZIOUQvHFIrQ5MDeke4bHz4+ykEtsJnAvcDD1NfRT+hiPgVccWVRF3oSjQjBAMB0GA1UdDgQWBBQJhbRu2fNQ4OakQ+/CsDtikMsIozAfBgNVHSMEGDAWgBTmC8DH0wPv5hpOqk83Qch/mv+QZDAMBggqhkjOPQQDBAUAA4GMADCBiAJCAby5myeFbVRMnU7aEXxvHsHUXU4RkoXmsjFGDdXYC71Faz8/VpFKl+8WSWT9cEeoq0Sd4QqVPPrRF8PLucQB7kwVAkIBdIMpL8fEa67VA28ZsYdKiF5WCML/0TX69pBaGgNTn9EOdBeyY+bim/fZSMsLEw2uGdl22CUF0MwFJMwXYnT4RFo=-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS JWT Signer 2,OU=DID 4,O=StrongKey",
"serialnumber": "1861869988",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWegAwIBAgIEbvnhpDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NzMzWhcNMjQwOTI1MTg1NzMzWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABP4eul8YIFk4M926fShj9Ms8PrY0pTjQrZrcyld8QMoL4HWfBGYU46l6udwLqBS4EkWV61JoRx9ckB0J/m3/UKCjQjBAMB0GA1UdDgQWBBRXvUkGZzGlkUj1/kexZGSHNiqH9zAfBgNVHSMEGDAWgBTmC8DH0wPv5hpOqk83Qch/mv+QZDAMBggqhkjOPQQDBAUAA4GMADCBiAJCANEElehFbnp5DANe2dPTRZM7/xJwm4jJZgVMAxRUhvtDtr7OWUVKH286lDRy30i8qnd7sgEO3oUgzHGtMgUT31PkAkIB6bB8MpoOK8hYP0NS1OU33dxdiS5zeOUDxE8zmM7wMkjQ6AfIlWhNBbWLaSTeIFqBdm0Q01e2A495QZZcSSI7yOA=-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS JWT Signer 3,OU=DID 4,O=StrongKey",
"serialnumber": "1346154862",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIEUDyxbjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NzQ5WhcNMjQwOTI1MTg1NzQ5WjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABF/KaBeuMEokXVAqJT8onffaohNwLEHY7Kol/gCIOJQhrrlHXuTwhrgI6n1aLCD5mDCJCRLI6slBnMdaXncW8eajQjBAMB0GA1UdDgQWBBTrNktmp0/9V7u+gDvXixZSmKk7LzAfBgNVHSMEGDAWgBTmC8DH0wPv5hpOqk83Qch/mv+QZDAMBggqhkjOPQQDBAUAA4GLADCBhwJCAcS7ZOvHVhYDvm1E9t3xDfILUiMLcp5VAQMjWcSWgo2Ofp6Cpn1cl5wIBsr/NE15j33DBtDCbQtqgbD7Y83gKNi5AkExHYhD8L+V91jzPy//Gppf4nHndFujzVEifVSHQkjGtRI+uVgOMPy85655pEoQ0UR6pidB6KnE46wi76TBJDDMzw==-----END CERTIFICATE-----"
}]
},
"samlcerts": {
"default": [{
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 4,O=StrongKey",
"serialnumber": "1657889361",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEYtFiUTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNTA2WhcNMjQwOTI1MTkwNTA2WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsivCqX7rc4kFa53HWHptN01PyFygOz6P3uPOKxzq7ZIax4SecpvBiGWQ/OXLaw+u3lvDNdhC+XkB8zdSbjd7XU6SgAGEzzyxtr7XH0xv6h7OCVscvzsXcTIdnbyVvY/2UHnvqOp0X3Saj04JEZj3rZrltbHl3QOq9+wLClGufnBpnEKLbzgrz/JKS5o0A6T8rrG5pM/f0EH/fudx8d0vevbHBbZ0XsE9Q7OcXsLbseHVwmQqfCZTW3d55tOM54gLJD1KQ7Fyl2mhmM2LlsFa4HbGuCZE/byXga4bEtbJUTfSpgJhOcValIiMKZNSd2GdWf6DuvXyeExCoh4Nhf/UHAgMBAAGjUjBQMB0GA1UdDgQWBBRF8QKXOMaOcIXO5bIjzLdQkbT5/zAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAU5gvAx9MD7+YaTqpPN0HIf5r/kGQwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgC0/3llomWy2uxI/Ce3Eoy6VIsIVghBGU+TIQyRT4yKFYZo9fWigyZy/Wsxh0FrQA88jvSFbMoU+5+1R34VzP4ThgJCAKlkK17HMrZqZBJX0S+hJHkMLmgZu3WY7iT6yzGJOHOpvdfF+8vjB72aJc35mKCcNbicQgBbc3kOvokvDiU3Brq+-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS SAML Signer 2,OU=DID 4,O=StrongKey",
"serialnumber": "1803990656",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEa4a2gDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNTIyWhcNMjQwOTI1MTkwNTIyWjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCty5TlsnBXfgpoI1bmOGZzz/sdvKnKYqoAJ1xDGnLa9/T/LLU2J21pNPwMM/rF+cZXu719Avbh6I8R1muDkzD91YObUSmGeXo2HWab7d+cP1y0Pzid/437TcGR+ui5KqLqhof7eoGvADRi9IDAXK2g+fKgtX6pvsdPISMU8zPxvAB+/zAS1N4f2vDJT2ulz8Cf2AqY30oSqRLncR4NSgYQmNFS2VhqgqToASMF6hQS3JM/1uZOj8XNyLxtZpvoWsmoasgeMEMjQLV9HN3jWy+KFKCXqTh+K95pgTgqdtBkh2q/tn3ZXd/nItxROSSruLfyDB+UotVPNCwhUCdfSge9AgMBAAGjUjBQMB0GA1UdDgQWBBSQRs1kGzm7ZKt0aNarPcNESLw0GDAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAU5gvAx9MD7+YaTqpPN0HIf5r/kGQwDAYIKoZIzj0EAwQFAAOBiwAwgYcCQUzgpPPf0Ema3VYmIURg4kJMhrr8mJCm4CC0y/c8awTozY3CuRlT9DmEkbZTEPyMHKrRpukavaVoBDnikl2cEdyWAkIBWKl+rIUh2zvBao+a6lupcoxHg7IlXQU8N7Mo8bjtb2uSCXmh0AdQbOc3L30+fptVe31x6CyMABTPDYwDoHiziyA=-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS SAML Signer 3,OU=DID 4,O=StrongKey",
"serialnumber": "1003832862",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4jCCAkOgAwIBAgIEO9VGHjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNTM5WhcNMjQwOTI1MTkwNTM5WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCT5Y4m7pxQI9ufsHSd2zM9naPCEud7Xzv2wOzHiPWoptBx1wP9PTkq7JVyaEjWusd7ImBZzxavjzpDAIBvjWZOB5hRaareArRHIub9IThG1kW1UWBoE+MBVBjJ1i2zyp7ap6/jHcXjWV0lE5jDKgQOTsiQZrv8R5o5J+xc3TEwKLGeysma4TRZVgHKFLY3U63j64b04Sc2OdVoI6jp3GFYMvTFx5Bs7hVsVJoFHkylzp1Rb33sI9Qb7XcXuH38om4UoJemSDwRbc8Nrrz5rjBvohPWptg2kYDxsVBEeF3i9Db8hN5Z4HP/iP9l7zsJI1USIIoROgQ+eAnBAzKLeO4NAgMBAAGjUjBQMB0GA1UdDgQWBBQIB5/624pS9f8+T45rSnMv3UKARjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAU5gvAx9MD7+YaTqpPN0HIf5r/kGQwDAYIKoZIzj0EAwQFAAOBigAwgYYCQgHP8lxuV68K43VYePmt2+AUPoDdjX6fV9SbMFPMUvBf+k1sjzE2V18sR0wKw4QvFf94D3StlTrA29Yg7dYbG2LYjQJAXIaSa94bxzWdmZByqcoSc7dSC5gQd9Qy7AamfKAOZPm/DssIGRh9t5QB7BnZJr/7MhLl5VADVBl7b/LVl5uN9g==-----END CERTIFICATE-----"
}],
"citrixidp": {
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 4,O=StrongKey",
"serialnumber": "1657889361",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEYtFiUTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNTA2WhcNMjQwOTI1MTkwNTA2WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsivCqX7rc4kFa53HWHptN01PyFygOz6P3uPOKxzq7ZIax4SecpvBiGWQ/OXLaw+u3lvDNdhC+XkB8zdSbjd7XU6SgAGEzzyxtr7XH0xv6h7OCVscvzsXcTIdnbyVvY/2UHnvqOp0X3Saj04JEZj3rZrltbHl3QOq9+wLClGufnBpnEKLbzgrz/JKS5o0A6T8rrG5pM/f0EH/fudx8d0vevbHBbZ0XsE9Q7OcXsLbseHVwmQqfCZTW3d55tOM54gLJD1KQ7Fyl2mhmM2LlsFa4HbGuCZE/byXga4bEtbJUTfSpgJhOcValIiMKZNSd2GdWf6DuvXyeExCoh4Nhf/UHAgMBAAGjUjBQMB0GA1UdDgQWBBRF8QKXOMaOcIXO5bIjzLdQkbT5/zAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAU5gvAx9MD7+YaTqpPN0HIf5r/kGQwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgC0/3llomWy2uxI/Ce3Eoy6VIsIVghBGU+TIQyRT4yKFYZo9fWigyZy/Wsxh0FrQA88jvSFbMoU+5+1R34VzP4ThgJCAKlkK17HMrZqZBJX0S+hJHkMLmgZu3WY7iT6yzGJOHOpvdfF+8vjB72aJc35mKCcNbicQgBbc3kOvokvDiU3Brq+-----END CERTIFICATE-----"
}
}
}
}
}
}
To learn more about the SKFS FIDO Policy, check out the SKFS FIDO Policy JSON Schema.