Re: [webauthn] Decoding attestationObject (#1614) from Adam Langley via GitHub on 2021-06-02 (public-webauthn@w3.org from June 2021)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Wed, 02 Jun 2021 19:10:31 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-853315173-1622661030-sysbot+gh@w3.org>

The authenticator data contains a non-CBOR prefix, optionally followed by a CBOR structure for the extensions. You should not need exceptions to CBOR parsing to parse it, but you will need to remove the non-CBOR prefix first.

The CBOR itself is a subset of full CBOR and a greatly reduced parser is sufficient: https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html#ctap2-canonical-cbor-encoding-form

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1614#issuecomment-853315173 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 2 June 2021 19:11:22 UTC