Add FIDO to improve hardware wallet support

[hitchhooker]

If anyone has tried to onload their friends to use kusama securely with their ledgers, they know it is just pain in the ass UX. Setting up android phone and QR scanner can also be complicated and expensive. I did myself hold myself back start experiencing on kusama for over half a year before getting myself ledger wallet to feel secure enough to not lose money experiencing. Ledger support turned out to be absolutely terrible and feels like it is never going to getting there to be used for hundreds of different parachains.
Could there be a possibility to add FIDO for wallet authentication instead of or with password?

[jacogr]

It has been in the back of my mind for a while (actually specifically since it would be of a help to me).

But just "there in the back of my mind", have not looked into it at depth at all. Will mark it for a future investigation, but no commitment as to aye/nay.

[hitchhooker]

https://www.npmjs.com/package/fido2-lib seems quite fit library for it and pseudocode i was thinking:

1. wallet generates a symmetric key that will be used to encrypt the data.
2. walllet generates a nonce challenge and sends it to the client along with a request to encrypt the symmetric key using the client's FIDO2 key.
3. client uses its FIDO2 key to encrypt the symmetric key, along with the challenge and other data, to create a signature.
4. client sends the encrypted symmetric key and signature back to the server.
5. wallet verifies the signature and, if it is valid, uses the encrypted symmetric key to decrypt the data.

you think this kind of logic would work and made sense for me to work it further?

[jacogr]

Seems sensible. (Just bear in mind that there is no "server" in the traditional sense - in this case the "client" is the "UI part", where the "server" is the extension backend part)