A deep technical analysis of Google's synced passkey architecture, specifically the cloud-based Google Authenticator component (enclave.ua5v.com). Covers the full lifecycle: device onboarding with TPM-backed identity and user-verification keys, security domain secrets, passkey creation and synchronization via WebauthnCredentialSpecifics, and the login assertion flow. Also details the secure communication protocol using OAuth2 tokens, WebSocket connections, Noise-NK handshake (P256/AESGCM/SHA256), and how device keys are signed using Windows CNG/TPM APIs. The post is Part 2 of a series, laying groundwork for upcoming attack vector analysis against passwordless systems.
Table of contents
Executive SummaryBackground on Passkey AuthenticationMeet the Invisible AuthenticatorOnboarding DeviceSynced Passkey in ActionCreating a Synced PasskeySecure Communication ProtocolConclusionAdditional ResourcesSort: