Improve storage of U2F registrations
If I understand correctly how this works:
- we currently store the entire serialized U2F registration in the database, this includes the key handle, the public key, and the attestation certificate
- the attestation cert is only used at registration time, but not for validation, so we may not need to store it
- unfortunately the Go library we use to manipulate registrations can only deserialize the full U2F registration (via its Unmarshal method)
what we could do to improve the situation:
-
define our own format for storing U2F registrations in the database with just key handle and public key (as we did for app-specific passwords) -
write our own code (likely in ai3/go-common) to deserialize it into an u2f.Registration -
ensure the Python code for U2F registration in ai3/pannello is updated too