ORHESTRA — WebAuthn PRF Pre-Flight Test

Determines whether your Ledger (or other FIDO2 authenticator) supports the WebAuthn prf / hmac-secret extension — the cryptographic foundation of ORHESTRA's per-user encryption.

0. Environment

1. Register a test credential (with PRF requested)

Click the button, then touch / unlock your Ledger when prompted. This creates a temporary FIDO2 credential and asks the authenticator whether it supports PRF.

not run

2. Derive PRF output (first call)

Touch your Ledger when prompted. We pass a fixed salt and ask the authenticator to derive a deterministic 32-byte secret from your credential + salt.

waiting

3. Derive PRF output again (determinism check)

Same credential, same salt, second touch. The 32 bytes must be identical to step 2 for PRF to be usable as an encryption-key source.

waiting

Verdict

Run steps 1 → 2 → 3.

What to send back

After running all three steps, copy this block and paste it back in chat:

(report will appear here)