CTAP1

CTAP1, or Client-To-Authenticator Protocol 1, is a protocol used in the FIDO U2F (Universal 2nd Factor) framework to facilitate communication between a client (such as a web browser or operating system) and a security key or other authenticator. CTAP1 defines the commands and message formats used during registration and authentication with a relying party, enabling hardware keys to provide a second factor for login.

In practice, CTAP1 is the USB HID-based protocol that carries the U2F operations. The two principal operations

CTAP1 messages include a challenge parameter and an application parameter, and the device signs data with its

CTAP1 is largely superseded by CTAP2, which underpins WebAuthn and supports multiple transports (USB, NFC, BLE).