FIDO2 Identity Key
Hardware-anchored sovereign identity — any FIDO2 device + PIN or biometric
Device Status
Status: Not connected
Credential: None
P_root: Not derived
Step 1: Enroll Identity Key
Insert your FIDO2 device and click Enroll. Windows will prompt for your PIN or fingerprint.
Step 2: Authenticate & Derive P_root
Authenticate with your enrolled device to derive your sovereign identity prime.
Derived Identity
Enroll and authenticate to see identity details.
Security Model
| Factor 1 | Physical FIDO2 device (something you have) |
| Factor 2 | PIN or biometric (something you know/are) |
| Key storage | Non-exportable, inside secure element |
| P_root storage | Volatile memory only — derived on each session |
| Payload | 400 bytes (constant, regardless of identity complexity) |