Lukas

there are 2 certificates in the MDS matching the certificate issuer name: ``` -- CN: GoTrust FIDO2 Root CA 2 -- Serial Number: 1 (0x1) -----BEGIN CERTIFICATE----- MIIBqDCCAU+gAwIBAgIBATAKBggqhkjOPQQDAjA7MSAwHgYDVQQDDBdHb1RydXN0 IEZJRE8yIFJvb3QgQ0EgMjEXMBUGA1UECgwOR29UcnVzdElEIEluYy4wIBcNMjEw MzAyMDYyMzE3WhgPMjA1MTAyMjMwNjIzMTdaMDsxIDAeBgNVBAMMF0dvVHJ1c3Qg...

ask [email protected] 😉

it's a bit of a surprise what you'll get from windows hello. If you get "none", there is no certificate. if you get "packed", it's normally self-signed, so there is...

you should only generate one registration, it's not possible to compare different registrations. For verification, there is another function. check out workflow and sample code at https://github.com/lbuchs/WebAuthn/blob/master/_test/server.php.

You can't create own certificates, except you're a hardware manufacturer. Certificates are issued by hardware manufacturer, e.g. by yubico, to verify that the authenticator is original. If you e.g. use...

this library does not query the metadata service, this library does not contain any certificate in its [source](https://github.com/lbuchs/WebAuthn/tree/master/src). The certificates you can select at the demo page are just some...

FIDO Alliance Metadata Service is not a live api, its designed for periodically downloading metadata. So a library querying the mds and save the certificates in some folder would be...

as if I have written before, the certificate is not matching with the one in the demo app. As this seems to be a issue confusing many, I've updated my...

@My1 ~~thats maybe the wrong way. Just add no root certificate but select all format, because browser will not switch to "none" for sure. e.g. Android always use android-safetynet format,...

so why checking a root certificate if you proceed anyway?