Skip to content

Passkeys: Add publicKey to register response #12757

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
varjolintu wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

Passkeys: Add publicKey to register response #12757

varjolintu wants to merge 4 commits into from
+53 −31

Conversation

@varjolintu
Copy link
Member

@varjolintu varjolintu commented Nov 29, 2025
edited
Loading

Adds a DER SubjectPublicKeyInfo to the passkey registration response. We are currently not writing this, even if It is part of the specification https://w3c.github.io/webauthn/#sctn-public-key-easy:

User agents MUST be able to return a non-null value for getPublicKey() when the credential public key has a COSEAlgorithmIdentifier value of:
-7 (ES256), where kty is 2 (with uncompressed points) and crv is 1 (P-256).
-257 (RS256).
-8 (EdDSA), where crv is 6 (Ed25519).

Fixes a passkey creation on Logitech site https://id.logi.com.

Testing strategy

Manually with: keepassxreboot/keepassxc-browser#2782
Tested https://webauthn.io with all three different algorithms to verify the response has the new publicKey in base64 format in the browser logs.

Type of change

  • ✅ Bug fix (non-breaking change that fixes an issue)

@varjolintu varjolintu added this to the v2.7.12 milestone Nov 29, 2025
@varjolintu varjolintu added feature: Passkeys pr: bugfix Pull request fixes a bug labels Nov 29, 2025
This was referenced Nov 29, 2025
Merged
Open
@varjolintu varjolintu force-pushed the fix/passkeys_add_spki_publickey_to_response branch from 017fc17 to fee044d Compare November 29, 2025 08:46
@varjolintu
Copy link
Member Author

varjolintu commented Nov 29, 2025

Need to add some exceptions for Botan 2.

@droidmonkey
Copy link
Member

droidmonkey commented Nov 29, 2025

Can we add a test for this response?

@varjolintu
Copy link
Member Author

varjolintu commented Nov 29, 2025
edited
Loading

Can we add a test for this response?

I'll try. We use predefined values for the keys so it should be possible.

EDIT: We are not actually creating any keys in the tests so.. I'll try to modify the tests so we can create actual keys with const predefined data.

@varjolintu varjolintu force-pushed the fix/passkeys_add_spki_publickey_to_response branch from 06ecbea to d0735de Compare November 29, 2025 16:12
@varjolintu
Copy link
Member Author

varjolintu commented Nov 29, 2025
edited
Loading

Modified the testRegister() unit test. It is using a new variable for const data when creating an actual ECDSA private key. Cleaned up the variable names a bit. All didn't match with the ones specified in header files.

And of course the private key data changes affected to some other tests too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@droidmonkey droidmonkey droidmonkey approved these changes

Assignees

No one assigned

Labels

feature: Passkeys pr: bugfix Pull request fixes a bug

Projects

None yet

Milestone

v2.7.12

Development

Successfully merging this pull request may close these issues.

2 participants

@varjolintu @droidmonkey