Questions about the largeBlobKey

36 views
Skip to first unread message

czwm...@gmail.com

unread,
Sep 29, 2021, 8:22:14 PMSep 29
to FIDO Dev (fido-dev)
Hi,

The largeBlobKey form the response of the getAssertion is a plaintext. Is the largeblobkey  Equivalent to the user Info only protecting by uv? Don't need to be encrypted?



Thanks.

Adam Langley

unread,
Oct 4, 2021, 4:07:12 PMOct 4
to FIDO Dev (fido-dev), czwm...@gmail.com
On Wednesday, September 29, 2021 at 5:22:14 PM UTC-7 czwm...@gmail.com wrote:
The largeBlobKey form the response of the getAssertion is a plaintext. Is the largeblobkey  Equivalent to the user Info only protecting by uv? Don't need to be encrypted?

If the platform is allowed to assert the credential then it is allowed to receive the large blob key. So, on the one hand, a credential that is only used with UP can have large-blob data associated with it and thus the large blob key doesn't require UV. On the other, if one wishes to restrict the large-blob data for a credential, the credential can be created with credProtect level three.


Cheers

AGL 
Reply all
Reply to author
Forward
0 new messages