TPM attestation Signature Encoding Error

144 views
Skip to first unread message

MANIRATHNAM V

unread,
Nov 24, 2023, 3:02:15 PM11/24/23
to fido...@fidoalliance.org
Hi Team , we have planned to implement passkey feature through windows ,but verifying the signature over the certinfo in TPM attestation using alg identifier present in the public key label RS256 showing signature encoding error ,but at the same time verifying by using SHA1withRSA,its verified.can you kindly explain ,why we facing this issue ,i just googled and i got the result as encoding structure must be adhered to ASN .1 rules.so kindly explain how to handle this issue.

Nasir Hayat Project Managment Services Est

unread,
Nov 24, 2023, 3:08:30 PM11/24/23
to FIDO Dev (fido-dev), MANIRATHNAM V

Arshad Noor

unread,
Nov 24, 2023, 5:08:55 PM11/24/23
to MANIRATHNAM V, fido...@fidoalliance.org
RS256 implies that the algorithm is using an RSA signature with the
SHA256 digest (aka hash); that signature-digest combination is
completely different from using an RSA signature with a SHA1 digest.

If an attestation certificate is showing an SHA256 label, but verifying
correctly with a SHA1 digest, then the attestation certificate is wrong.
It needs to be corrected by either changing the label to specify it is
using SHA1withRSA in the signing algorithm, or it should change the
signature algorithm to correspond to the label.

Arshad Noor
StrongKey
> --
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fido-dev+u...@fidoalliance.org
> <mailto:fido-dev+u...@fidoalliance.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAPzqBv2pcV71a43RD0v2HDvyn7rJhdKfDOL9bA0f34jiJ0dvOw%40mail.gmail.com <https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAPzqBv2pcV71a43RD0v2HDvyn7rJhdKfDOL9bA0f34jiJ0dvOw%40mail.gmail.com?utm_medium=email&utm_source=footer>.

MANIRATHNAM V

unread,
Nov 25, 2023, 1:07:16 AM11/25/23
to fido...@fidoalliance.org
Any reply on this?

Tammy Walker

unread,
Nov 25, 2023, 2:54:45 AM11/25/23
to FIDO Dev (fido-dev), MANIRATHNAM V
Definitely need regulatory rules for fingerprinting.
Check root certificates, perhaps a way to bring uniformity and also a better way to match. 
Outdated or unknown root certificates that all have differentorigins, and different standards, do not help.
ISO standard introductionwould be best guess, and of course, a way to implementacross.

Emil Lundberg

unread,
Nov 27, 2023, 4:37:33 AM11/27/23
to Arshad Noor, MANIRATHNAM V, fido...@fidoalliance.org
It could be that the credential public key uses RSA with SHA256, but the attestation key uses RSA with SHA1. This would mean that you would need to use SHA1 to verify the attestation signature, but any subsequent assertion signatures must be verified with SHA256.

Would you mind sharing an attestation object that exhibits the issue?

Emil Lundberg

Senior Software Engineer | Yubico




To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/d0b0ce79-a926-4f4f-a180-f8457925573a%40strongkey.com.
Reply all
Reply to author
Forward
0 new messages