Add QR support

[eonist]

A passkey QR code contains important information for establishing a secure connection between your device and a website or service. Let's break down what this QR code typically contains:

Key Components

The passkey QR code usually includes:

1. Public Key Information

   • The public key associated with your passkey
   • This key is used for authentication but cannot be used to access your account

2. Domain Information

   • The domain name or URL of the website you're trying to authenticate with
   • This ensures the passkey is specific to that particular site

3. Challenge Information

   • A unique challenge or nonce to prevent replay attacks
   • This ensures the passkey is used only once for this specific authentication attempt

Technical Details

• The QR code encodes this information in a machine-readable format
• It's typically using a URL-based encoding scheme
• The encoded data might include additional metadata and security measures

Purpose of the QR Code

The QR code serves several purposes:

• Easy scanning: Allows users to quickly scan and authenticate with their device
• Security: Contains all necessary information for secure authentication in one compact form
• Standardization: Uses a widely recognized format (QR codes) for cross-platform compatibility

How It Works

When you scan the QR code:

1. Your device decodes the information from the QR code
2. It uses the public key to establish a cryptographic connection
3. The challenge information is verified to ensure it's a new, valid request
4. If everything checks out, your device authenticates you securely

Remember that while the QR code contains sensitive information, it doesn't compromise the security of your passkey. The public key in the QR code can only be used for authentication, not to access your account or sensitive data.

Citations: