[webauthn] RS256 test vector has seemingly incorrect key size of 3482 bits (#2333) from Trent Shailer via GitHub on 2025-09-26 (public-webauthn@w3.org from September 2025)

From: Trent Shailer via GitHub <noreply@w3.org>
Date: Fri, 26 Sep 2025 07:17:25 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-3456098523-1758871043-noreply@w3.org>

TrentShailer has just created a new issue for https://github.com/w3c/webauthn:

== RS256 test vector has seemingly incorrect key size of 3482 bits ==
I'm using the test vectors for my personal implementation of a relying party, but ran into some issues with the RS256 test vector. I couldn't create a key from RSA parameters due to the modulus not being an expected length.

The public key size of the [RS256 test vector](https://www.w3.org/TR/webauthn-3/#sctn-test-vectors-packed-rs256) seems to be 3482 bits rather than 2048 I would expect for an RS256 key.

In `test-vectors/webauthn-test-vectors.py`, on line 770 after the private key is generated, I added:

```diff
    pri_key = rsa.RSAPrivateNumbers(
        p=pri_key_p,
        q=pri_key_q,
        d=pri_key_d,
        dmp1=rsa.rsa_crt_dmp1(pri_key_d, pri_key_p),
        dmq1=rsa.rsa_crt_dmq1(pri_key_d, pri_key_q),
        iqmp=rsa.rsa_crt_iqmp(pri_key_p, pri_key_q),
        public_numbers=rsa.RSAPublicNumbers(e=pub_key_e, n=pri_key_p * pri_key_q)
    ).private_key()
+   print(f"RSA_BITS = {pri_key.public_key().key_size}")
    public_key = cose_class.from_cryptography_key(pri_key.public_key())

```
Which prints `RSA_BITS = 3482`.

I'm reasonably new to cryptography at this level, so is this just a misunderstanding on my end?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2333 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 26 September 2025 07:17:26 UTC