W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2020

Re: [webauthn] Provide the public key in `AuthenticatorAttestationResponse` (#1363)

From: CrazyChris75 via GitHub <sysbot+gh@w3.org>
Date: Mon, 21 Sep 2020 13:38:24 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-696120575-1600695503-sysbot+gh@w3.org>
Anybody have a working Java code snippet on how to verify the publicKey (from AuthenticatorAttestationResponse.getPublicKey()) on the Java server side?

This is what I have and it runs through but I always get isCorrect==false

byte[] clientDataJSON = Base64UrlUtil.decode(json.getAsString("response.clientDataJSON"));
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] clientDataHash = md.digest(clientDataJSON);
byte[] authenticatorData = Base64UrlUtil.decode(json.getAsString("response.authenticatorData"));
ByteBuffer signatureBase = ByteBuffer.allocate(authenticatorData.length+clientDataHash.length).put(authenticatorData).put(clientDataHash);

byte[] signature = Base64UrlUtil.decode(json.getAsString("response.signature"));

KeyFactory kf = KeyFactory.getInstance("EC");
X509EncodedKeySpec ks = new X509EncodedKeySpec(Base64UrlUtil.decode(<<publicKey from previous AuthenticatorAttestationResponse.getPublicKey()>>));
PublicKey publicKey = kf.generatePublic(ks);

Signature sig = Signature.getInstance("SHA256withECDSA");
boolean isCorrect = sig.verify(signature);

PS: AuthenticatorAttestationResponse.getPublicKey() is really great! I just spent 3 days trying to CBOR decode everything in Java on the server before I found this.

Any advice what I am missing in my code to verify the authenticatorData using the signature is highly appreciated!

GitHub Notification of comment by CrazyChris75
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1363#issuecomment-696120575 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 21 September 2020 13:38:26 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:41 UTC