-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Method to validate a public key #222
Comments
Indeed, it was changed in #139. It was a mistake on our side to, before v1.12.0, return "65-byte EC256 format" keys, because we wrongly assumed all authenticators would return EC256 keys. Now that more algs are supported, Relying Parties could e.g. receive RS256 keys, among others. By returning the unmodified "COSE key format" credential public key, is that this is possible.
|
Hi @lgarron, When you say "if a particular public key is valid", are you referring strictly to properly formatted COSE, or are you also referring to something which is more than that? |
FWIW: For webauthn-ruby/lib/webauthn/authenticator_attestation_response.rb Lines 84 to 87 in afeee9c
|
#284 was done in an attempt to satisfy, at least in part, this request. Closing for now. |
We validate public keys in our model for security key registrations.
This was easier when all public keys were a predictable 65-byte EC256 format. As of
v1.16.0
, it seems thatwebauthn-ruby
made a change to this format even for U2F keys.It would be useful to have a method to ask
webauthn-ruby
if a particular public key is valid, independent of any other context (i.e. without having to pass in a client response).The text was updated successfully, but these errors were encountered: