I have created a key pair using a webauthn playground, and the public key it generates is:
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12_SHooAcAenEEhUaGH7woTdHC7sFYx9AjDbZWE3a6DakqFUFF6F7-AT-CGnD3I8_tdpDUkI8237YnvcFowgnuiZqCauigu7fOJOs5hVp5aHWMZW8Rz6YVMkOrFrrrey9DWnaCVmzxJwEEOTQUfjXP-wNsymuk-xzJM9WUOnDbDKMCuCppjFgrSGMSneyHw6cA4tqvpRC1oCi0Pdk2746dPZlWocL1MU8dt1p6dMKLw8jTyq1amkG37G5uW_81GuGaGsEAMtX5vBs_4rHzVH2p_oCe2mKRw2QtP2N9PhQMqyPb2D5RUD1Ye_T2gSrnCNcLXxDDzx3ftHy1cmOY8igQIDAQAB
I found some code on Stackoverflow to decode public keys. In this Typescript code, the type of the credentialPublicKey is Buffer.
const struct = cbor.decodeAllSync(credentialPublicKey)[0];
I've tried sending the credentialPublicKey as a buffer, string and hex string, but the function always throws an 'Insufficient data' error. My goal is to retrieve the two points needed to get the public key associated with a signed message. My questions are: 1) What do I need to understand about the formatting of the public key generated by webauthn and 2) how can I format this public key so that this function will execute correctly?
The result from
getPublicKeyis DER-encoded, not CBOR-encoded. It is a newer convenience method for reading the public key from the binary Attested Credential Data object, where it is inCOSE_Keyformat.For web clients of applications which do not care about attestations, this lets you more easily manipulate the key using things like the Web Crypto API, such as turning it into a JWK for a JSON API call to the backend. There are a variety of reasons that you might instead just send the response data to your backend directly to have it do the binary processing and cryptographic verification.