Anúncios incomodam? Ir Sem anúncios Hoje 

WebAuthn Credential ID Generator

DesenvolvedorAleatórioSegurança

ANÚNCIO · REMOVER?

ENTRADA

SAÍDA

Lado cliente

ANÚNCIO · REMOVER?

Guia

WebAuthn Credential ID Generator

Generate cryptographically secure WebAuthn credential IDs in Base64url format, or decode existing credential IDs to inspect their raw bytes. Set the byte length (16–64 bytes), generate multiple IDs in a batch, and decode any Base64url credential ID to see its byte count and hex representation.

Como usar

Set the byte length (32 bytes recommended per FIDO2 spec), choose how many credential IDs to generate, then click Gerar. Each ID is displayed in Base64url format with a copy button. Use the decode section to inspect any existing credential ID.

Características

Configurable length – 16 to 64 bytes (32 bytes recommended by FIDO2)
Geração em lote – multiple IDs at once
Credential ID decoder – decode Base64url to hex and byte count
Base64url output – URL-safe, no padding, ready for WebAuthn APIs
Criptograficamente seguro – usa crypto.getRandomValues()
Somente no lado do cliente – IDs never leave your browser

ANÚNCIO · REMOVER?

 Perguntas frequentes

What is WebAuthn and what is a credential ID?

WebAuthn (Web Authentication API, W3C standard) enables passwordless authentication using public-key cryptography. When a user registers a passkey or security key, the authenticator generates a key pair and returns a credential ID — a unique opaque byte sequence that identifies the credential. The server stores the credential ID alongside the public key. During authentication, the server sends the credential ID to prompt the authenticator to sign a challenge with the corresponding private key.
Why must credential IDs be cryptographically random?

Predictable credential IDs would allow attackers to enumerate registered credentials, potentially discovering which users have registered passkeys and targeted phishing. The FIDO2 specification requires authenticator-generated credential IDs to be indistinguishable from random data. When generating credential IDs server-side for testing or mock authenticators, using a CSPRNG like crypto.getRandomValues() is mandatory.
What is Base64url encoding and why does WebAuthn use it?

Base64url is a URL-safe variant of Base64 that replaces + with -, / with _, and omits = padding. WebAuthn uses Base64url because credential IDs must be transmitted as JSON strings in the authenticatorData and clientDataJSON structures. Standard Base64 with + and / characters would require URL encoding in JSON contexts, adding complexity. Base64url keeps the data compact and safe for URLs, headers, and JSON without escaping.
How does WebAuthn differ from traditional password authentication?

WebAuthn uses asymmetric cryptography: the private key never leaves the authenticator (hardware security key or platform authenticator like Face ID/Touch ID), so there is nothing to steal from the server. The server stores only the public key and credential ID. Authentication proves possession of the private key by signing a server-generated challenge. Even if the server is breached, attackers gain only public keys — useless without the private key on the user’s device.