Closed balazserdeszlogmein closed 1 year ago
The fido2-cred
output contains a PEM-encoded public key, itself encoded in the SubjectPublicKeyInfo format. Furthermore, libfido2's API allows you to pick a suitable serialization yourself, depending on your needs.
I see @GregDomzalski has got you covered in your other issue, so I'll be closing this.
[Note: this has also been posted on the .NET SDK as an issue here.]
Hi,
I have noticed a possible compatibility issue between this library and your .NET SDK.
I am creating (registering) a U2F credential with the libfido2 command line tool like this on a macOS operating system.
bash
then bash:
which results in a file called "cred" in the following format:
Then, we also have a credential assertion (authentication) application, written with this .NET SDK, roughly doing the following on a Windows operating system:
C#
C#
When passing the credential id (private key handle) created on macOS with
fido2-cred
, calling the lastsession.Authenticate
function throws an error, namelynew ArgumentException(ExceptionMessages.UnsupportedAlgorithm);
in line 401 of the EcdsaVerify.cs file, because at line 368 in theprivate static ECDsa ConvertPublicKey(ReadOnlyMemory<byte> encodedEccPoint)
the(encodedEccPoint.Span[0] == EncodedPointTag)
condition is not met.Based on this, what we realized after a while, is that if we base64 decode the string of the credential id (key handle), prepend a 04 byte, then base64 encode it back to a string, the above will work and the authentication is going to be successful. Why is there a difference between the U2F implementation for LibFido2 and the .NET SDK?
Let me know if anything else is needed from my side to investigate this issue.
Thanks in advance, Balazs