[webauthn] Support for raw cryptographic signatures (#1611)

cybercent has just created a new issue for https://github.com/w3c/webauthn:

== Support for raw cryptographic signatures ==
## Issue To Be Solved
Allow raw cryptographic signatures using Webauthn.

## Suggest A Solution
Allow user to request raw signature of the RP challenge from the hardware key.

Add a new  extension: `rawSignature`:
var options = {
  // The challenge is produced by the server; see the Security Considerations
  challenge: new Uint8Array([8,18,33 /* 29 more random bytes generated by the server */]),
  timeout: 120000,  // 2 minutes
  allowCredentials: [acceptableCredential1, acceptableCredential2],
  extensions: { 'rawSignature': true }

PublicKeyCredential {
    id: 'ADSUllKQmbqdGtpu4sjseh4cg2TxSvrbcHDTBsv4NSSX9...',
    rawId: ArrayBuffer(59),
    rawSignature: "the raw signature of the challenge"
## Context
With the rise of web applications that use blockchains as a backend, instead of a centralized database, 
users are required to authenticate to these websites using a private key.

The private key is used to create a raw signature that is passed along by the website to the underlying blockchain for authentication.

There is no easy way for a user to use a private key in a browser, so websites require users to store their private keys in the browser cache, which is highly insecure and leads to data loss.
<img width="362" alt="Screenshot 2021-05-07 at 15 35 06" src="https://user-images.githubusercontent.com/195806/117458360-83496c80-af4a-11eb-90b8-1c9a8e759e80.png">
Website: https://www.sign-art.app

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1611 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 7 May 2021 15:11:33 UTC