search

StrongKey / fido2

Open-source FIDO server, featuring the FIDO2 standard. https://demo4.strongkey.com/getstarted/#/openapi/fido
204 stars 59 forks source link

Invalid code for ECDSA using secp256k1 curve and SHA-256 (ES256K) #138

Closed GramThanos closed 3 years ago

GramThanos commented 3 years ago

The algorithm ecdsa-p256k-sha256 is configured with the code -43 and next to it there is a commend saying TODO remove this note when number is officially decided (https://github.com/StrongKey/fido2/blob/d99b1db563529746ee9b2ce481914bc6e8ac0215/server/fidoserverbeans/src/main/java/com/strongkey/skfs/utilities/SKFSCommon.java)

Since at IANA's registry (https://www.iana.org/assignments/cose/cose.xhtml), ECDSA using secp256k1 curve and SHA-256 is assigned the code -47 and the code -43 is assigned to SHA-2 384-bit Hash, I think this can now be corrected.

push2085 commented 3 years ago

Hi @GramThanos , Thank you for bringing that to our attention. We will update it in the next release.

Thank you