Re: [webauthn] Can the private keys be used for other cryptographic operations? (#1595) from Adam Langley via GitHub on 2021-04-30 (public-webauthn@w3.org from April 2021)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Fri, 30 Apr 2021 22:58:17 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-830444616-1619823496-sysbot+gh@w3.org>

> We only need one feature: "sign this data with the private key associated with this public key".

If you need to control the whole signed message then WebAuthn doesn't support that, I'm afraid. However, you can put a hash of any data to be signed in the challenge passed to WebAuthn, which effetively signs the data. The downside is that verifiers need to understand the WebAuthn signed-data format.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1595#issuecomment-830444616 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 30 April 2021 22:58:19 UTC