WebAuthn-“凭证公共密钥”的字节长度。 [英] WebAuthn - byte length of the "credential public key"
问题描述
在WebAuthn中,身份验证器数据包含可变长度的认证凭据数据,后跟扩展名(如果有):
In WebAuthn, the authenticator data contains the variable length attested credential data followed by the extensions, if any:
经认证的凭据数据凭据公钥字段而使变量>>。
The attested credential data is made variable because of the credential public key field which is a CBOR map.
如果存在扩展名,如何提前知道此字段的字节长度,以便我可以将该字段截断的不带扩展名传递给CBOR库?
In case there are extensions, how to know in advance the byte length of this field, so that I can pass this field truncated without the extensions to a CBOR library?
我正在使用的CBOR库似乎无法处理额外的字节,而且我对CBOR的了解还不足以知道是否有一个技巧可以根据其第一个字节(或其他任何技巧)来计算映射的字节长度。 / p>
The CBOR library I am using doesn't seem to handle extra bytes, and I don't know CBOR enough to know if there's a trick to compute the byte length of a map from its first bytes (or any other trick).
推荐答案
据我了解,存在
From what I understand there is no way to know in advance without using a CBOR decoder (or COSE Key parser) supporting "extra bytes" first, to determine where the "credential public key data" ends and where "extension data" starts.
确定经认证的凭据数据的长度,该变量为
涉及到在给定
前面的credentialId的长度的情况下确定credentialPublicKey的起始位置,然后确定
credentialPublicKey的长度(另请参见[RFC8152]的第7节)。
Determining attested credential data's length, which is variable, involves determining credentialPublicKey’s beginning location given the preceding credentialId’s length, and then determining the credentialPublicKey’s length (see also Section 7 of [RFC8152]).
FWIW,也在WebAuthn规范的GitHub问题中进行了讨论, https:// github.com/w3c/webauthn/issues/1012
FWIW, discussed in WebAuthn spec's GitHub issue also https://github.com/w3c/webauthn/issues/1012
这篇关于WebAuthn-“凭证公共密钥”的字节长度。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
