Re: [webauthn] Signature format needs to be defined

@akshayku's "sig" value, above is certainly DER encoded. For other browsers I'm testing the [`signature`](https://w3c.github.io/webauthn/#dom-authenticatorassertionresponse-signature) member of [`AuthenticatorAssertionResponse`](https://w3c.github.io/webauthn/#authenticatorassertionresponse):

1. From Firefox Nightly (build 20180215103933): DER (`304502203da08`…)
1. From Chrome built this week: DER (`3045022100e99cf4f33b092`…)

The reason that I concluded that concatenating r & s might be "correct" is that, when creating a public key, the [type of the key](https://w3c.github.io/webauthn/#credential-params) is specified as a [`COSEAlgorithmIdentifier`](https://w3c.github.io/webauthn/#typedefdef-cosealgorithmidentifier). Specifically, I'm using -7 for `ES256`. The [registry](https://www.iana.org/assignments/cose/cose.xhtml#algorithms) references [RFC 8152](https://tools.ietf.org/html/rfc8152#section-8.1) for this which says to concatenate to serialise a signature.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/799#issuecomment-366025885 using your GitHub account

Received on Thursday, 15 February 2018 18:55:03 UTC