keepassxc icon indicating copy to clipboard operation
keepassxc copied to clipboard
verified publisher icon keepassxreboot

Passkeys: Add publicKey to register response

Open varjolintu opened this issue 3 months ago • 4 comments

Adds a DER SubjectPublicKeyInfo to the passkey registration response. We are currently not writing this, even if It is part of the specification https://w3c.github.io/webauthn/#sctn-public-key-easy:

User agents MUST be able to return a non-null value for getPublicKey() when the credential public key has a COSEAlgorithmIdentifier value of: -7 (ES256), where kty is 2 (with uncompressed points) and crv is 1 (P-256). -257 (RS256). -8 (EdDSA), where crv is 6 (Ed25519).

Fixes a passkey creation on Logitech site https://id.logi.com.

Testing strategy

Manually with: https://github.com/keepassxreboot/keepassxc-browser/pull/2782 Tested https://webauthn.io with all three different algorithms to verify the response has the new publicKey in base64 format in the browser logs.

Type of change

  • ✅ Bug fix (non-breaking change that fixes an issue)

varjolintu avatar Nov 29 '25 08:11 varjolintu

Need to add some exceptions for Botan 2.

varjolintu avatar Nov 29 '25 08:11 varjolintu

Can we add a test for this response?

droidmonkey avatar Nov 29 '25 14:11 droidmonkey

Can we add a test for this response?

I'll try. We use predefined values for the keys so it should be possible.

EDIT: We are not actually creating any keys in the tests so.. I'll try to modify the tests so we can create actual keys with const predefined data.

varjolintu avatar Nov 29 '25 14:11 varjolintu

Modified the testRegister() unit test. It is using a new variable for const data when creating an actual ECDSA private key. Cleaned up the variable names a bit. All didn't match with the ones specified in header files.

And of course the private key data changes affected to some other tests too.

varjolintu avatar Nov 29 '25 16:11 varjolintu