<p></p>
<p><b>@Ollrogge</b> commented on this pull request.</p>

<hr>

<p>In <a href="https://github.com/RIOT-OS/RIOT/pull/16489#discussion_r673221224">sys/fido2/ctap/ctap.c</a>:</p>
<pre style='color:#555'>> +    DEBUG("fido2_ctap: initialization successful \n");
+
+    return 0;
+}
+
+static void reset(void)
+{
+    g_state.initialized = CTAP_INITIALIZED_MARKER;
+    g_state.rem_pin_att = CTAP_PIN_MAX_ATTS;
+    g_state.pin_is_set = false;
+    g_state.rk_amount_stored = 0;
+    g_state.sign_count = 0;
+
+    g_rem_pin_att_boot = CTAP_PIN_MAX_ATTS_BOOT;
+
+    fido2_ctap_crypto_prng(g_state.cred_key, sizeof(g_state.cred_key));
</pre>
<p>No it is not expected. The CTAP spec just mentions the possibility of storing a credential on a server in encrypted form. It doesn't define how.</p>
<p>But to me it makes sense to initialize a new key in the reset method because this invalidates all credentials that are stored remotely since the Authenticator won't be able to decrypt them anymore with the new key. This to me is also part of the "factory default state".</p>
<p>I could also simply invalidate the old key (e.g. all 0) and initialize a new key the next time a credential needs to be stored remotely on a server.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/RIOT-OS/RIOT/pull/16489#discussion_r673221224">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ABE7WYHXYJAVF6MGDYGR3PLTYWHU5ANCNFSM45IUCTGA">unsubscribe</a>.<img src="https://github.com/notifications/beacon/ABE7WYA5DN7TNXAEPE4DOFLTYWHU5A5CNFSM45IUCTGKYY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOFJOJHOQ.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/RIOT-OS/RIOT/pull/16489#discussion_r673221224",
"url": "https://github.com/RIOT-OS/RIOT/pull/16489#discussion_r673221224",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>