TPM Attestation Alg is -65535

64 views
Skip to first unread message

MANIRATHNAM V

unread,
Sep 8, 2024, 4:58:03 AMSep 8
to fido...@fidoalliance.org
Hi Team ,I'm Encountering ,Most of the TPM Enabled Windows Machines sending TPM Attestation signature algorithm is -65535 ,is there any chance TPM will send -257 or other COSE Algorithm identifiers. 

Alex Seigler

unread,
Sep 9, 2024, 9:24:52 AMSep 9
to MANIRATHNAM V, fido...@fidoalliance.org

Very old TPMs might use RS1 (-65535).  Most TPMs will use -257 (RS256), and there have been sightings of -7 (ES256) in the wild.  Link below has samples of all 3.  I would suggest supporting any algorithm the TPM spec, WebAuthn spec, and COSE registry allow, it’s just easier that way.  You might want to signal on abnormal or deprecated algorithms though.

https://github.com/go-webauthn/webauthn/blob/4fcf1372026490bd74b470cbcf4cf8194430274e/protocol/attestation_tpm_test.go#L42

-aseigler

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAPzqBv0THFbrgFydxk9mn%3D6p2UOXLzxGvvm%2BfCTiohwmwuHJBg%40mail.gmail.com.

Reply all
Reply to author
Forward
0 new messages