W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2020

Re: [webauthn] Provide the public key in `AuthenticatorAttestationResponse` (#1363)

From: Craig Francis via GitHub <sysbot+gh@w3.org>
Date: Tue, 28 Jan 2020 17:25:18 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-579362684-1580232317-sysbot+gh@w3.org>
Thanks @grzuy, sorry for the guesswork - as you can probably tell, I'm not familiar with Ruby.

I'm just trying to work out what the best export format(s) would be.

My understanding of the "COSE Key Format" is that it's still effectively binary, so I assume you would need something like base64 encoding to get it back to your server, where it will be stored, and later used for verification (would that need a server side CBOR decoder as well?).

So I'm wondering, do you think the "COSE Key Format" is the best approach for all Ruby projects? or are there better formats?

Ideally it would allow the transfer (browser to server), storage, and signature verification steps to be done using as few steps/dependencies as possible.

In the PHP world, I can pass the PEM encoded value directly to the server via a POST request, store it in the database, and pass it directly to OpenSSL with no extra dependencies (I'm still not sure if that's safe to do, but I will be checking that soon).

GitHub Notification of comment by craigfrancis
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1363#issuecomment-579362684 using your GitHub account
Received on Tuesday, 28 January 2020 17:25:20 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:38:37 UTC