@millabs.net/cosepublickey v0.1.22

COSE public key and WebAuthn signature validation tool for Node.js.

Installation

This is a Node.js module available through the npm registry.

Before installing, download and install Node.js.

Installation is done using the npm install command:

$ npm install @millabs.net/cosepublickey

Features

• Verify WebAuthn responses with a COSE public key
• Base64url encoded string
• Create surrogate EC2, RSA public key pairs

Usage

$ npm install @millabs.net/cosepublickey

Import the modules

const { decodeCoseKey } = require('@millabs.net/cosepublickey')

// or

import { decodeCoseKey } from "millabs.net/cosepublickey"

Functions

Decoding COSE public key, verifying signature

import { decodeCoseKey } from "millabs.net/cosepublickey";

// from credential registration
const cosePublicKey = "pQECAyYgASFYIOsjOxr8AJ3mxXq3drCFKE3XcHf_mkNVU5QXXPP-TEdpIlggdoGVNDpRuJ9Y6LAlKPIxRsgz3N2-oDPVQJKU_a6AlSY";

// from webauthn assertion resonse
const assertion = {
  "id": "Aad50Szy7ZFb8f7wdfMmFO2dUdQB8StMrYBbhJprTCJIKVdbIiMs9dAATKOvUpoKfmyh662ZsO1J5PQUsi9yKNumDR-ZD4wevDYZnwprytGf5rn6ydyxQQtBYPSwS8u23FdVBxBqHa8",
  "response": {
    "authenticatorData": "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MBAAAABQ",
    "signature": "MEUCIQDZS-GaglyXcCj6A49Z-xVQBAKobVU6_RXSepXnAq5QpwIgd-5TaWuMJsEjowbzWzC8js70YwsS7RQ_A4vJteBda7Q",
    "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiVXJQOW1mRWlDUDZqTFYyQUNxd2dPZ3hzeHkySnNvTWJla3hjdUY5cFdRSSIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6NDIwMCIsImNyb3NzT3JpZ2luIjpmYWxzZX0"
  },
  "type": "public-key"
}

const { authenticatorData, clientDataJSON, signature } = assertion.response;
const clientDataHash = crypto.createHash("SHA-256").update(Buffer.from(clientDataJSON, "base64url")).digest();
const signatureBase = new Uint8Array([...Buffer.from(authenticatorData, "base64url"), ...clientDataHash]);

const coseKey = await decodeCoseKey(cosePublicKey);
const verified = coseKey.verify(signatureBase, signature);

decodeCoseKey(cosePublicKey).then((coseKey) => {
  const verified = coseKey.verify(signatureBase, signature);
});

Public Key Credential Parameters

import { coseAlgorithm, pubKeyCredParams } from "millabs.net/cosepublickey";

console.log(pubKeyCredParams());
// [ { type: 'public-key', alg: -7 }, { type: 'public-key', alg: -257 } ]

console.log(pubKeyCredParams([coseAlgorithm.PS256, coseAlgorithm.ES384]));
// [ { type: 'public-key', alg: -37 }, { type: 'public-key', alg: -35 } ]

console.log(pubKeyCredParams([-35, -7]));
// [ { type: 'public-key', alg: -35 }, { type: 'public-key', alg: -7 } ]

People

The original author and maintainer of this module is Robert Burckner

License

MIT