- From: certainlyNotHeisenberg via GitHub <sysbot+gh@w3.org>
- Date: Thu, 08 Apr 2021 21:08:34 +0000
- To: public-webauthn@w3.org
I thought that might be true, but when I read the details of `largeBlob` it seems tailored to adding a (relatively small) amount of data at registration to be stored in the authenticator. The use case in mind seems to be certificates. What I'm hoping for is the ability to use the private keys for more (ideally all possible) cryptographic operations that key can be used for. Mobile apps can do this through the OS, e.g. an iOS app can trigger a Face ID check and then pass a bunch of data to the Secure Enclave to be signed, encrypt that data (with another key tied to the Secure Enclave, though not stored there because of technical subtleties), and receive the result back. It can also receive data encrypted with the public key and use the private key decryupt it. That sort of thing. It's always seemed odd to me that web apps can't do this also, but it's because they don't expose access to key pair generation and usage the way mobile OSs do for mobile apps. WebAuthn seems like a partial step in this direction but maybe not a full step, unless there actually is a way to use the keys more generally. -- GitHub Notification of comment by certainlyNotHeisenberg Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1595#issuecomment-816201866 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 8 April 2021 21:08:36 UTC