herrjemand
/ verify.packed.webauthn.js
Last active
April 4, 2024 15:09
WebAuthn Packed attestation verification sample in NodeJS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const crypto = require('crypto'); | |
| const base64url = require('base64url'); | |
| const cbor = require('cbor'); | |
| const jsrsasign = require('jsrsasign'); | |
| const elliptic = require('elliptic'); | |
| const NodeRSA = require('node-rsa'); | |
| let COSEKEYS = { | |
| 'kty' : 1, | |
| 'alg' : 3, |
herrjemand
/ verify.apple.attestation.js
Last active
October 14, 2023 18:01
Snippet code to verify apple anonymous attestation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const crypto = require('crypto'); | |
| const base64url = require('base64url'); | |
| const cbor = require('cbor'); | |
| const asn1 = require('@lapo/asn1js'); | |
| const jsrsasign = require('jsrsasign'); | |
| /* Apple Webauthn Root | |
| * Original is here https://www.apple.com/certificateauthority/Apple_WebAuthn_Root_CA.pem | |
| */ | |
| let appleWebAuthnRoot = 'MIICEjCCAZmgAwIBAgIQaB0BbHo84wIlpQGUKEdXcTAKBggqhkjOPQQDAzBLMR8wHQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MjEzMloXDTQ1MDMxNTAwMDAwMFowSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEGA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABCJCQ2pTVhzjl4Wo6IhHtMSAzO2cv+H9DQKev3//fG59G11kxu9eI0/7o6V5uShBpe1u6l6mS19S1FEh6yGljnZAJ+2GNP1mi/YK2kSXIuTHjxA/pcoRf7XkOtO4o1qlcaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJtdk2cV4wlpn0afeaxLQG2PxxtcwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cAMGQCMFrZ+9DsJ1PW9hfNdBywZDsWDbWFp28it1d/5w2RPkRX3Bbn/UbDTNLx7Jr3jAGGiQIwHFj+dJZYUJR786osByBelJYsVZd2GbHQu209b5 |
herrjemand
/ BLE Services map
Created
July 1, 2018 13:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| 0x1800: 'org.bluetooth.service.generic_access', // Generic Access | |
| 0x1811: 'org.bluetooth.service.alert_notification', // Alert Notification Service | |
| 0x1815: 'org.bluetooth.service.automation_io', // Automation IO | |
| 0x180F: 'org.bluetooth.service.battery_service', // Battery Service | |
| 0x1810: 'org.bluetooth.service.blood_pressure', // Blood Pressure | |
| 0x181B: 'org.bluetooth.service.body_composition', // Body Composition | |
| 0x181E: 'org.bluetooth.service.bond_management', // Bond Management Service | |
| 0x181F: 'org.bluetooth.service.continuous_glucose_monitoring', // Continuous Glucose Monitoring | |
| 0x1805: 'org.bluetooth.service.current_time', // Current Time Service |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "description": "UNOFFICIAL Apple Anonymous Attestation WebAuthn FIDO2 Authenticator", | |
| "aaguid": "f24a8e70-d0d3-f82c-2937-32523cc4de5a", | |
| "protocolFamily": "fido2", | |
| "authenticatorVersion": 2, | |
| "upv": [ | |
| { | |
| "major": 1, | |
| "minor": 0 | |
| } |
herrjemand
/ platformAuthenticatorAvailable.js
Created
January 1, 2022 13:56
Check if WebAuthn API available, and if platform authenticator is supported
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const isWebAuthnSupported = () => { | |
| return !!window.PublicKeyCredential | |
| } | |
| const isPlatformAuthenticatorSupported = () => { | |
| if (!isWebAuthnSupported()) { | |
| return Promise.reject(new Error("WebAuthn API is not available")) | |
| } | |
| if (!PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable) { |
herrjemand
/ assertion-cred.json
Last active
January 28, 2022 11:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "rawId": "Aad50Szy7ZFb8f7wdfMmFO2dUdQB8StMrYBbhJprTCJIKVdbIiMs9dAATKOvUpoKfmyh662ZsO1J5PQUsi9yKNumDR-ZD4wevDYZnwprytGf5rn6ydyxQQtBYPSwS8u23FdVBxBqHa8", | |
| "id": "Aad50Szy7ZFb8f7wdfMmFO2dUdQB8StMrYBbhJprTCJIKVdbIiMs9dAATKOvUpoKfmyh662ZsO1J5PQUsi9yKNumDR-ZD4wevDYZnwprytGf5rn6ydyxQQtBYPSwS8u23FdVBxBqHa8", | |
| "response": { | |
| "authenticatorData": "zHUM-fXe8fPTc7IQdAU8xhonRmZeDznRqJqecdVRcUMFYfOzqg", | |
| "signature": "MEUCIHxzf1KZNJTb831gqw0oit-6ms8DoSXLaM8zyZ4Q6iyjAiEAwbguOZU2iJae_I8-Q7qlFwR45isZ-XYVMDgU2SkABU8", | |
| "userHandle": "Kosv9fPtkDoh4Oz7Yq_pVgWHS8HhdlCto5cR0aBoVMw", | |
| "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiRjVjSmhMRW00OFNpdGN6MzNiVm51NXpBMmEtRk5MYkxGbURfd1UwT1BIUSIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG53b3Jrcy5naXRodWIuaW8iLCJjcm9zc09yaWdpbiI6ZmFsc2V9" | |
| }, | |
| "getClientExtensionResults": {}, |
herrjemand
/ parsingCBORAttestationObject.js
Last active
January 28, 2022 11:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const base64url = require('base64url'); | |
| const cbor = require('cbor'); | |
| let attestationObject = 'o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjszHUM-fXe8fPTc7IQdAU8xhonRmZeDznRqJqecdVRcUNFYfOzo63OAAI1vMYKZIsLJfHwVQMAaAGnedEs8u2RW_H-8HXzJhTtnVHUAfErTK2AW4Saa0wiSClXWyIjLPXQAEyjr1KaCn5soeutmbDtSeT0FLIvcijbpg0fmQ-MHrw2GZ8Ka8rRn-a5-sncsUELQWD0sEvLttxXVQcQah2vpQECAyYgASFYIMG7Y3fOeGecLpfn7XF_sV4OTc41tsbEPSECGfCiK480IlggH9-qVehm6Gj25SyZau17mB5c0YoTWBZ8ngdEka4EqOY'; | |
| let attestationObjectBuffer = base64url.toBuffer(attestationObject); | |
| let ctapMakeCredResp = cbor.decodeAllSync(attestationObjectBuffer)[0]; |
herrjemand
/ decodingClientDataJSON.server.js
Last active
January 28, 2022 11:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const base64url = require('base64url'); | |
| let clientDataJSON = 'eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoib0dvd2lrQVZHcnZ4Y01uck50ODlCY0dsWnIwVVUwVWxfSm82U0R5RXJrTSIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG53b3Jrcy5naXRodWIuaW8iLCJjcm9zc09yaWdpbiI6ZmFsc2V9'; | |
| let clientData = JSON.parse(base64url.decode(clientDataJSON)); |
herrjemand
/ attestation-cred.json
Last active
January 28, 2022 11:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "rawId": "Aad50Szy7ZFb8f7wdfMmFO2dUdQB8StMrYBbhJprTCJIKVdbIiMs9dAATKOvUpoKfmyh662ZsO1J5PQUsi9yKNumDR-ZD4wevDYZnwprytGf5rn6ydyxQQtBYPSwS8u23FdVBxBqHa8", | |
| "id": "Aad50Szy7ZFb8f7wdfMmFO2dUdQB8StMrYBbhJprTCJIKVdbIiMs9dAATKOvUpoKfmyh662ZsO1J5PQUsi9yKNumDR-ZD4wevDYZnwprytGf5rn6ydyxQQtBYPSwS8u23FdVBxBqHa8", | |
| "response": { | |
| "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjszHUM-fXe8fPTc7IQdAU8xhonRmZeDznRqJqecdVRcUNFYfOzo63OAAI1vMYKZIsLJfHwVQMAaAGnedEs8u2RW_H-8HXzJhTtnVHUAfErTK2AW4Saa0wiSClXWyIjLPXQAEyjr1KaCn5soeutmbDtSeT0FLIvcijbpg0fmQ-MHrw2GZ8Ka8rRn-a5-sncsUELQWD0sEvLttxXVQcQah2vpQECAyYgASFYIMG7Y3fOeGecLpfn7XF_sV4OTc41tsbEPSECGfCiK480IlggH9-qVehm6Gj25SyZau17mB5c0YoTWBZ8ngdEka4EqOY", | |
| "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoib0dvd2lrQVZHcnZ4Y01uck50ODlCY0dsWnIwVVUwVWxfSm82U0R5RXJrTSIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG53b3Jrcy5naXRodWIuaW8iLCJjcm9zc09yaWdpbiI6ZmFsc2V9" | |
| }, | |
| "getClientExtensionResults": {}, | |
| "type": "public-key" | |
| } |
herrjemand
/ clientDataJSON.json
Last active
January 27, 2022 16:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "type": "webauthn.create", | |
| "challenge": "TQZxUxigOhELl6MFaxssL0SIRpTZOeqElDXWeA6PTKU", | |
| "origin": "https://webauthnworks.github.io", | |
| "crossOrigin": false | |
| } |
NewerOlder