cconcannon/titan_webauthn_attestation.md

## titan_webauthn_attestation.md

      
    Raw
  

              titan_webauthn_attestation.md
            
          
    Google Titan during WebAuthn

Direct Attestation Example

{
  "rawId": "cc8e0506939dd98c5c005c3fb2ad288df1d8651825ef98ebf33bcf53b54367b48ad622f8fe131bf16e9a901a8eefdd72848542f08004aa653cb7cfdebab28d6b",
  "response": {
    "attestationObject": {
      "fmt": "fido-u2f",
      "attStmt": {
        "sig": "304502210085f60818298b64648d278f0af229c67bf958981401c613de76ac1c89840902d3022063cb3807466d2d01201623bf6313e4809515de9c8117eb78d919462a3376581e",
        "x5c": [
          "3082015b30820100a003020102020102300a06082a8648ce3d0403023028311530130603550403130c5365637572697479204b6579310f300d060355040a1306476f6f676c653022180f32303030303130313030303030305a180f32303939313233313233353935395a3028311530130603550403130c5365637572697479204b6579310f300d060355040a1306476f6f676c653059301306072a8648ce3d020106082a8648ce3d030107034200040393af897be858e88c1953876a1a538477c4da6e6ea14acf0a2fd89a4dccf95878a8cd2929029cc1d794bffb9c37547cbbb5bb31ab3a6756acf74f123cecd45ca31730153013060b2b0601040182e51c020101040403020430300a06082a8648ce3d04030203490030460221008a80830707ece403b8db1469f7619cf4407958f96f030dbe73ad909196b9f20b0221008d44c1a6239f7fd7d57f3a855bedb6b87638b6da6fc52d1d6251ebfd5e6db227"
        ]
      },
      "authData": {
        "rpIdHash": "f95bc73828ee21f9fd3bbe72d97908013b0a3759e9aea3dae318766cd2e1ad",
        "flags": {
          "userPresent": true,
          "reserved1": false,
          "userVerified": false,
          "reserved2": "0",
          "attestedCredentialData": true,
          "extensionDataIncluded": false
        },
        "signCount": 0,
        "attestedCredentialData": {
          "aaguid": "0000000000000000",
          "credentialIdLength": 64,
          "credentialId": "cc8e56939dd98c5c05c3fb2ad288df1d8651825ef98ebf33bcf53b54367b48ad622f8fe131bf16e9a901a8eefdd72848542f0804aa653cb7cfdebab28d6b",
          "credentialPublicKey": {
            "kty": "EC",
            "alg": "ECDSA_w_SHA256",
            "crv": "P-256",
            "x": "3ls9YySkE8l2WgEHrmNhstklIMnEFTCYeoU0kUbg5wA=",
            "y": "4/ANhPP7vFv+F/4znpw3ysEGj2TXbyoWe8ifOwBuodE="
          }
        }
      }
    },
    "clientDataJSON": {
      "type": "webauthn.create",
      "challenge": "f_dKM6a1Tc8Ulh2S7rVuR5LzhEmfbVFWAPuphQvA4vk",
      "origin": "https://webauthn.me"
    }
  },
  "id": "zI4FBpOd2YxcAFw_sq0ojfHYZRgl75jr8zvPU7VDZ7SK1iL4_hMb8W6akBqO791yhIVC8IAEqmU8t8_eurKNaw",
  "type": "public-key"
}
X.509 Certificate (Decoded)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: CN=Security Key, O=Google
        Validity
            Not Before: Jan  1 00:00:00 2000 GMT
            Not After : Dec 31 23:59:59 2099 GMT
        Subject: CN=Security Key, O=Google
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub: 
                    04:03:93:af:89:7b:e8:58:e8:8c:19:53:87:6a:1a:
                    53:84:77:c4:da:6e:6e:a1:4a:cf:0a:2f:d8:9a:4d:
                    cc:f9:58:78:a8:cd:29:29:02:9c:c1:d7:94:bf:fb:
                    9c:37:54:7c:bb:b5:bb:31:ab:3a:67:56:ac:f7:4f:
                    12:3c:ec:d4:5c
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            1.3.6.1.4.1.45724.2.1.1: 
                ...0
    Signature Algorithm: ecdsa-with-SHA256
         30:46:02:21:00:8a:80:83:07:07:ec:e4:03:b8:db:14:69:f7:
         61:9c:f4:40:79:58:f9:6f:03:0d:be:73:ad:90:91:96:b9:f2:
         0b:02:21:00:8d:44:c1:a6:23:9f:7f:d7:d5:7f:3a:85:5b:ed:
         b6:b8:76:38:b6:da:6f:c5:2d:1d:62:51:eb:fd:5e:6d:b2:27