发表新帖
发表新帖

WebAuthn - byte length of the “credential public key”

后端 未结
关注
1 1010
一整个雨季
一整个雨季 2021-01-21 17:18

In WebAuthn, the authenticator data contains the variable length attested credential data followed by the extensions, if any:

The attest

相关标签:
1条回答
  • 一个人的身影
    2021-01-21 17:41

    From what I understand there is no way to know in advance without using a CBOR decoder (or COSE Key parser) supporting "extra bytes" first, to determine where the "credential public key data" ends and where "extension data" starts.

    There is an extra note discussing exactly this in the WebAuthn Level 2 Draft.

    Determining attested credential data's length, which is variable, involves determining credentialPublicKey’s beginning location given the preceding credentialId’s length, and then determining the credentialPublicKey’s length (see also Section 7 of [RFC8152]).

    FWIW, discussed in WebAuthn spec's GitHub issue also https://github.com/w3c/webauthn/issues/1012

    0 讨论(0)
 看不清?
提交回复
热议问题