Giter Club home page Giter Club logo

Comments (3)

benjamindoe avatar benjamindoe commented on July 20, 2024

Pin auth on windows 10 curently requires RS256. Currently, this lib doesn't support RS256 due to the difference in creating the public key
https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/windows-integration/web-authentication

There has recently been a commit to enable internal authenticators for authenticating, try updating your package and see if that helps?
a825098

from webauthn.

davidearl avatar davidearl commented on July 20, 2024

As of yesterday, Windows 10 has finally allowed me to update to 1903 which this functionality is in, and I have also acquired a USB fingerprint reader for it, which works with Windows Hello and does indeed work with webauthn.io. @benajamindoe is correct, the alg setting in the public key creation is different. Windows Hello seems to use -257, which apparently is RSA with SHA256 v1.5 for the fingerpirnt reader. Since the Yubico key still works with Windows Hello (it definitely now goes through it), my assumption is alg depends on the device (or driver) rather than Windows Hello itself.

I looked at the code for webauthn.io, and I can see what it is doing. It wouldn't be enormously hard, I think, to translate it into PHP for the same PK algorithms they support. The project is in Go, so we can't use it directly. Maybe there's a case for wrapping that in e.g. a REST interface for local use on the server as an alternative to re-coding in PHP, otherwise there will be constant catch-up needed. I am assuming the authors of webauthn.io are close to the webauthn project.

The github code in Go is here: https://github.com/duo-labs/webauthn and the critical file is https://github.com/duo-labs/webauthn/blob/master/protocol/webauthncose/webauthncose.go

They also seem to have separate code for Android. Though in earlier reports, it seems others have some success in using this library with an Android Pi fingerprint reader.

from webauthn.

benjamindoe avatar benjamindoe commented on July 20, 2024

my assumption is alg depends on the device (or driver) rather than Windows Hello itself.

So according to the spec you list the algs you want in priority order. However, the browser can chose which alg it wants to use. As browsers all go through Windows Security, it will be that which determines the alg used. From my tests, Windows Security will always favour Windows Hello above external authenticators

from webauthn.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.