CTAP2

CTAP2, or Client To Authenticator Protocol 2, is a core protocol in the FIDO2 standard that enables a client, such as a web browser or operating system, to communicate with a security authenticator. It expands on the earlier CTAP1/U2F approach to support the full WebAuthn framework, allowing credential creation (MakeCredential) and authentication (GetAssertion), as well as credential and device management features. CTAP2 is designed to work with both roaming authenticators (external keys) and platform authenticators built into devices.

The protocol operates over CTAPHID, the transport layer used for communication between the client and the authenticator.

Security features are central to CTAP2. The protocol supports user verification methods (for example, PIN or

Context and impact: CTAP2 is part of the FIDO2 effort in collaboration with the W3C, aimed at