Re: [webauthn] PROPOSAL: Add support for general (hardware backed) cryptographic signatures and key exchange (#1608)

> > @Firstyear we only need to sign using asymmetric algorithms (ECDSA p256) a small piece of data. There is no verification needed. Also `nonces` are always present in the data to be signed, they are required to prevent replay attacks.
> Webauthn allows ECDSA p256R1, ECDSA p384R1, ECDSA p521R1, RSA with a combination of hash and padding schemes, EdDSA, and probably more.
> You don't know what algorithms an authenticator may have (but you can select authenticators at webauthn registration based on this). I think for your use case, you may find it unviable/unworkable given the focus of webauthn for authentication over production of arbitrary key signatures, and you may be better to investigate CTAP or other interactions directly (see openssh and how they use ctap for key storage).

@Firstyear ECDSA p256 was an example, p384, p512 can also be used, others too.
Webauthn has a `pubKeyCredParams` option with an `alg` param, which allows me to filter on what algorithm I want to use.

GitHub Notification of comment by cybercent
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Friday, 7 May 2021 13:28:40 UTC