We are using passkeys in our application. The issue is once we create the credentails using the window.navigator.credentials.create API. After getting the response which has attestation data the we decode it using the CBOR then we get authData which we decode again using CBOR decoder but in case Google Titan Key it's not able to decode the auth data. Getting error - Additional info not implemented: 29
Google Titan Key: Attestation data
59 Views Asked by Vivek Srivatava At
1
There are 1 best solutions below
Related Questions in SECURITY
- HTTPS configuration in Spring Boot, server returning timeout
- HSM ZKA control mask values
- OWASP Amass Subcommands
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- When sanitize/encode while implementing tags system like on SO
- spring security version in spring-boot-starter-security
- I am currently trying to implement a rudimentary firewall from a video I watched but the nimda worm detection is not working and i do not know why?
- Is it possible for `sudo` to fail temporarily with the correct password? Hacking suspected
- Is it viable proxying all my mobile apps requests, to some kind knowing that a request is coming from a secure source
- What abilities should I concentrate on while bug hunting, and how can I improve the quality of my bug bounty reports?
- System.ArgumentOutOfRangeException: I passed this error in every single program
- How to prevent users from creating custom client apps?
- Does server-side content security policy exist for youtube video player API, app, mod apks and website?
- Can we pass a hostname/IP address as a query string in a GET request in REST API
Related Questions in GOOGLE-CHROME-DEVTOOLS
- Is it possible to manipuate 3rd party Chrome Extensions Network Reqeuests?
- How do i load a Chrome extension when manifest.json is in a subfolder (app) instead of main folder
- Reading the user's console errors from a chrome extension
- Chrome Selenium CDP Bidi API - Next Commands sended to Target Session have no effect while the initial one does work
- When I'm typing an Xpath or CSS selector in the console why won't matching results appear while typing? Results only appear after pressing Enter
- JS throttling with Chrome Extension
- How can I disable livewire dev tools on production environment?
- Chrome Devtools how to send/edit websocket messages in binary?
- How do I use Chrome DevTools to remove the script that adds "promoted" labels to LinkedIn job postings?
- Interpreting Chrome memory tool's results for a memory leak?
- Google Chrome 123 Update: Chrome is making preflight check for document/Redirect type GET request
- Chrome DevTools font has been changed to Monospace after update
- Not able to add a custom header using declarative_net_request and rule resources in chrome extension
- Issue with AJAX Request Preview in Chrome DevTools Version 123.0.6312.59
- How do I dig deeper in the Performance panel for a function call that consumes a long time but 90% of the time was just waiting?
Related Questions in WEBAUTHN
- ChromeCustomTab passkeys unexpected behaviour on finger input
- How to Develop a FIDO2 Authenticator Android App
- Webauthn AuthenticatorAttestationResponse "getPublicKey" returns a restricted object?
- Webauthn: ReferenceError: Can't find variable: PublicKeyCredential
- Is it possible to use WebAuthn with a hard token over a remote desktop connection?
- Laravel WebAuthn: AttestationCancelled: The credentials creation was cancelled by the user or a timeout
- Using IP address as relying party ID in passkey
- WebAuthn exclude pin from options
- WebAuthn with Windows Hello: PIN prompt missing when allowCredentials specified, only device options shown
- Unable to show biometric authentication dialog using flutter webview
- How bad it is store data into webAuthN userHandle?
- Webauthn: How can I know if a wrong fingerprint/PIN/Pattern auth attempt was made
- Webauthn, how to know when to delete stale device credential on the server?
- Passkey creation with Google Credential Manager fails without an `authenticatorSelection` claim in the request
- Android not working as cross platform authenticator
Related Questions in FIDO
- How to Develop a FIDO2 Authenticator Android App
- What is the key difference between FIDO2 and FIDO UAF?
- How to correctly implement passkeys for web?
- Is it possible to use mobile phone as security key in SSH?
- Using IP address as relying party ID in passkey
- Can I use my own biometric authentication to the autofill extension?
- Google Titan Key: Attestation data
- FIDO2 authenticator simulator
- Automatic credential selection in WebAuthn authentication ceremony
- Is there a way to determine which keys exist on a device when using Apple's public-private key authentication?
- Is it allowed to use an IPv4 as rp_id in webauthn credential creation options?
- WEBAUTHN how can we detect that device is registered before to give to client side login or register page dynamically
- Can a web extension be used as an authenticator for FIDO?
- C++ - Is it possible to use libfido2 for other fido token brands except YubiKey?
- Getting unknown key type ed25519-sk on Mac M2 Ventura
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Additional Information value of 29 is reserved in the CBOR specification and in the current version of CBOR it would mean the data is malformed. In your case the parsing will have hit a value indicating a major type with the lower 5 bits set as
11101.As you say, your create command from WebAuthn gives you back an object in CBOR you decode. This has an
authDataentry however as per the Webauthn specification, 'authData' itself is not a CBOR object, only a part of it.The structure of authData is as follows
AttestedCredentialDataorExtensionsis includedAttestedCredentialDataif presentExtensionsas a CBOR map if presentThe
AttestedCredentialDatais then structured asaaguidCredentialIdLengthCredentialIdLengthbytes CredentialIDAs you can see only 2 potential objects in
authDatawould be in CBOR formatting while the rest is not. So to parse theauthDatayou would first need to parse it based on the definition above and then parse any CBOR object if they are present.For more details the definition of
authDatacan be found in the Webauthn Specification