CTAP2 — the protocol behind WebAuthn.
CTAP2 is the FIDO Alliance Client-To-Authenticator Protocol. The browser uses it to talk to USB-HID, NFC, and BLE roaming authenticators. WebAuthn is the API; CTAP2 is the wire. They were co-designed; you can't ship a level-2 WebAuthn RP without understanding what the authenticator is doing on the other side.
Transports
Direct USB
Uses the FIDO HID profile (vendor-specific HID device with a fixed report format). Frame size 64 bytes; long messages are CHUNK-ed across CONT frames.
ISO/IEC 14443-4
The authenticator presents itself as a Type-A or Type-B PICC. WebAuthn maps to APDU exchanges via a FIDO-specific AID. ATR negotiation, NDEF discovery, full APDU stack.
FIDO BLE profile
GATT service with FIDO control characteristic. Power-conscious; uses ATT MTU and queued indications.
Cross-device (caBLE)
QR-code initiated, BLE proximity-checked, end-to-end encrypted. Lets a phone authenticate a laptop session.
CTAP2 message envelope
Use the CBOR decoder to walk any CTAP2 request or response payload. Use the SW1/SW2 lookup for the NFC / APDU envelope status words.
PIN/UV protocol — what the authenticator actually does
CTAP2.1 specifies two PIN/UV protocols that handle PIN setup, change, and the per-session pinUvAuthToken handshake. The protocols never transmit the PIN in the clear — they use ECDH to establish a shared secret with the authenticator, and AES-encrypt the PIN under that secret.
- PIN/UV Protocol 1 — AES-CBC + HMAC. Older deployments.
- PIN/UV Protocol 2 — AES-CBC + HMAC with separate keys; AAD support. CTAP2.1 default.
The PIN never leaves the client. After successful authentication, the authenticator emits a pinUvAuthToken — a short-lived secret that subsequent CTAP2 commands use to authorise sensitive operations (credential management, factory reset).