W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2021

[webauthn] Support for raw cryptographic signatures (#1611)

From: Daniel via GitHub <sysbot+gh@w3.org>
Date: Fri, 07 May 2021 15:11:31 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-879186453-1620400289-sysbot+gh@w3.org>
cybercent has just created a new issue for https://github.com/w3c/webauthn:

== Support for raw cryptographic signatures ==
## Issue To Be Solved
Allow raw cryptographic signatures using Webauthn.

## Suggest A Solution
Allow user to request raw signature of the RP challenge from the hardware key.

Add a new  extension: `rawSignature`:
```js 
var options = {
  // The challenge is produced by the server; see the Security Considerations
  challenge: new Uint8Array([8,18,33 /* 29 more random bytes generated by the server */]),
  timeout: 120000,  // 2 minutes
  allowCredentials: [acceptableCredential1, acceptableCredential2],
  extensions: { 'rawSignature': true }
};
```


```js
PublicKeyCredential {
    id: 'ADSUllKQmbqdGtpu4sjseh4cg2TxSvrbcHDTBsv4NSSX9...',
    rawId: ArrayBuffer(59),
    rawSignature: "the raw signature of the challenge"
    ..
}
```
## Context
With the rise of web applications that use blockchains as a backend, instead of a centralized database, 
users are required to authenticate to these websites using a private key.

The private key is used to create a raw signature that is passed along by the website to the underlying blockchain for authentication.

There is no easy way for a user to use a private key in a browser, so websites require users to store their private keys in the browser cache, which is highly insecure and leads to data loss.
Example:
<img width="362" alt="Screenshot 2021-05-07 at 15 35 06" src="https://user-images.githubusercontent.com/195806/117458360-83496c80-af4a-11eb-90b8-1c9a8e759e80.png">
Website: https://www.sign-art.app

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1611 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 7 May 2021 15:11:33 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:43 UTC