Re: [webauthn] Signature format needs to be defined from Adam Langley via GitHub on 2018-02-15 (public-webauthn@w3.org from February 2018)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Thu, 15 Feb 2018 18:54:58 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-366025885-1518720897-sysbot+gh@w3.org>

@akshayku's "sig" value, above is certainly DER encoded. For other browsers I'm testing the [`signature`](https://w3c.github.io/webauthn/#dom-authenticatorassertionresponse-signature) member of [`AuthenticatorAssertionResponse`](https://w3c.github.io/webauthn/#authenticatorassertionresponse):

1. From Firefox Nightly (build 20180215103933): DER (`304502203da08`&hellip;)
1. From Chrome built this week: DER (`3045022100e99cf4f33b092`&hellip;)

The reason that I concluded that concatenating r & s might be "correct" is that, when creating a public key, the [type of the key](https://w3c.github.io/webauthn/#credential-params) is specified as a [`COSEAlgorithmIdentifier`](https://w3c.github.io/webauthn/#typedefdef-cosealgorithmidentifier). Specifically, I'm using -7 for `ES256`. The [registry](https://www.iana.org/assignments/cose/cose.xhtml#algorithms) references [RFC 8152](https://tools.ietf.org/html/rfc8152#section-8.1) for this which says to concatenate to serialise a signature.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/799#issuecomment-366025885 using your GitHub account

Received on Thursday, 15 February 2018 18:55:03 UTC