Very old TPMs might use RS1 (-65535). Most TPMs will use -257 (RS256), and there have been sightings of -7 (ES256) in the wild. Link below has samples of all 3. I would suggest supporting any algorithm
the TPM spec, WebAuthn spec, and COSE registry allow, it’s just easier that way. You might want to signal on abnormal or deprecated algorithms though.
https://github.com/go-webauthn/webauthn/blob/4fcf1372026490bd74b470cbcf4cf8194430274e/protocol/attestation_tpm_test.go#L42
-aseigler
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit
https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAPzqBv0THFbrgFydxk9mn%3D6p2UOXLzxGvvm%2BfCTiohwmwuHJBg%40mail.gmail.com.