help with get assertion response
47 views
Skip to first unread message
Levi
Sep 14, 2023, 4:07:55 AM9/14/23
to FIDO Dev (fido-dev)
hi team,
so i've managed to register with make credential response using es256 keys.
now i'm trying to authenticate through get assertion request and i'm unable to authnticate.
what i know by now is that i should send an
PublicKeyCredentialDescriptor that signs the challenge let's say mine looks like this:
{id: [16, 166, 234, 146, 19, 201, 116, 47, 116, 178, 34, 146, 179, 32, 207, 64], type: public-key}
and authData let's saymine looks like this:
[16, 166, 234, 146, 19, 201, 116, 47, 116, 178, 34, 146, 179, 32, 207, 64 , 38, 42, 148, 193, 169, 80, 160, 57, 127, 41, 37, 11, 96, 132, 30, 240, 29, 0, 0, 0, 0]
(32 first bytes are rpid hash then 1 byte of flags and last 4 bytes are signCounter as its the first getAssertion)
and signature of authData || clientDataHash ( || for concat operation).
my question is as follows:
1. should i hash (authData || clientDataHash) before signing?
2. what is the signature format? is it R || S? is it DER?
and signature of authData || clientDataHash ( || for concat operation).
my question is as follows:
1. should i hash (authData || clientDataHash) before signing?
2. what is the signature format? is it R || S? is it DER?
cause for now i'm unable to authenticate and i don't know what am i doing wrong.
Adam Langley
Sep 14, 2023, 9:36:46 AM9/14/23
to FIDO Dev (fido-dev), Levi
On Thursday, September 14, 2023 at 1:07:55 AM UTC-7 Levi wrote:
hi team,so i've managed to register with make credential response using es256 keys.now i'm trying to authenticate through get assertion request and i'm unable to authnticate.what i know by now is that i should send an PublicKeyCredentialDescriptor that signs the challenge let's say mine looks like this:{id: [16, 166, 234, 146, 19, 201, 116, 47, 116, 178, 34, 146, 179, 32, 207, 64], type: public-key}and authData let's saymine looks like this:[16, 166, 234, 146, 19, 201, 116, 47, 116, 178, 34, 146, 179, 32, 207, 64 , 38, 42, 148, 193, 169, 80, 160, 57, 127, 41, 37, 11, 96, 132, 30, 240, 29, 0, 0, 0, 0](32 first bytes are rpid hash then 1 byte of flags and last 4 bytes are signCounter as its the first getAssertion)
and signature of authData || clientDataHash ( || for concat operation).
my question is as follows:
1. should i hash (authData || clientDataHash) before signing?
The signature scheme should do the internally.
2. what is the signature format? is it R || S? is it DER?
DER.
Cheers
AGL
Reply all
Reply to author
Forward
0 new messages