Consider supporting the optional Curve25519 cipher

fxamacker / webauthn

WebAuthn server library decoupled from http for easy intergration, provides WebAuthn registration and authentication for clients using FIDO2 keys, FIDO U2F keys, TPM, etc.

Apache License 2.0

41 stars 6 forks source link

Consider supporting the optional Curve25519 cipher #1

Open SEJeff opened 5 years ago

SEJeff commented 5 years ago

From the FIDO 2 specification ed25519 is Recommended:

Name: Ed25519
Value: 6
Description: Edwards-curve Digital Signature Algorithm on curve 25519
Reference: [RFC8032]
Status: Recommended

It isn't in the supports ciphers in the README or anywhere in the source. Just thought I'd add this here as a "nice to have". Thanks!

x448 commented 5 years ago

Do you have a FIDO2 key that supports ed25519? If so, can you provide test data with embedded certs using ed25519? Thanks in advance!

mitar commented 1 year ago

So Yubikeys now use Ed25519 with -8 code. I tried to register:

const COSEAlgEdDSA = -8
webauthn.RegisterSignatureAlgorithm(COSEAlgEdDSA, x509.PureEd25519, x509.Ed25519, 0)

but it does not work. It seems the rest of the code does not support it (for example, assumes there is always a hash involved).