The data you are looking for is hash(authenticatorData + clientDataJSON), so hash(signedData) from the gist. You don’t need the clientDataHash at all.
Check out the verification procedure https://www.w3.org/TR/webauthn/#sctn-packed-attestation, particularly #3 with self attestation.
I also recommend checking out this project: https://github.com/MasterKale/SimpleWebAuthn
-aseigler
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit
https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/e6cb814f-f150-4d1a-be50-f34ad344537en%40fidoalliance.org.
Sorry, wow, got that spectacularly wrong. Way too little coffee.
You’re doing everything right up to the key handling. Not following what is going on there.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/DM6PR04MB60747B185B36497BEE8C5788BC529%40DM6PR04MB6074.namprd04.prod.outlook.com.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/DM6PR04MB6074B2716D7EEE6085E62920BC529%40DM6PR04MB6074.namprd04.prod.outlook.com.
Emil Lundberg
Software Developer | Yubico
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CANMnvkxiqo3B%2BU0XC8n9aYcr2WWdNdmDVeww0UMNK1JORv4fRg%40mail.gmail.com.