- From: Nico Caille via GitHub <sysbot+gh@w3.org>
- Date: Mon, 08 Jun 2020 06:52:37 +0000
- To: public-webauthn@w3.org
nicocaille has just created a new issue for https://github.com/w3c/webauthn:
== registration of EdDSA credentials without resident keys fails ==
Hello,
I managed to register a credential from the command line using the `libfido2` library with the `eddsa` option as the device i use supports it (yubikey 5 with firmware 5.2.4). If i seed manually the RP with this credential (`credentialId` and `publicKey`) I can log in via Webauthn with the following options on the `pubKeyCredParams`:
```
pubKeyCredParams: [
{
alg: -8,
type: "public-key"
},
{
alg: -7,
type: "public-key"
}
]
```
Now if I want to register the key directly from the web interface, i put the same algorithms for the `pubKeyCredParams` along the others required fields:
```
const publicKeyCredentialCreationOptions = {
attestation: "direct",
authenticatorSelection: {
authenticatorAttachment: "cross-platform",
requireResidentKey: false,
userVerification: 'discouraged'
},
pubKeyCredParams: [
{
alg: -8,
type: "public-key"
},
{
alg: -7,
type: "public-key"
}
],
...,
...
};
navigator.credentials.create({
publicKey: publicKeyCredentialCreationOptions
}).then(...
```
Altough i give priority to `EdDSA` in the options, the key only registers with an `ECDSA` credential and if I remove the `alg: -7;` part from the options, then the whole registration fails as the key doesn't blink.
Is that a normal behavior for the registration of `EdDSA` credentials or am I missing something?
I've tried with `requireResidentKey: true,` and this time it works, i end up with an `EdDSA` credential, but I m not interested in the resident key features, i want simple credentials as in the first use case.
Thanks
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1437 using your GitHub account
Received on Monday, 8 June 2020 06:52:38 UTC