solo1
solo1 copied to clipboard
Add EdDSA/Minisign signatures to #397 (sign-hash/sign-file CTAP command)
This adds credential algorithm detection to #397 to also support EdDSA signatures. It also adds a trusted comment field to the request with key 3
. If provided with an EdDSA credential, a global signature on the main signature + trusted comment is included in the response with key 2
. The command now accepts 64-byte (512-bit) hashes in addition to 32-byte hashes. See #575 for more about Minisign and an earlier version using a FIDO2 extension instead of a custom CTAP command.
Potentially-breaking change from #397: EdDSA credentials used with sign-hash are not incorrectly treated as ES256 anymore. CTAP structures are backwards-compatible.
Update: now only accepts credentials with RP ID starting with solo-sign-hash:
.
See solokeys/solo-python#137 for the client PR.