0.1.22 • Published 1 year ago
@millabs.net/cosepublickey v0.1.22
COSE public key and WebAuthn signature validation tool for Node.js.
Installation
This is a Node.js module available through the npm registry.
Before installing, download and install Node.js.
Installation is done using the
npm install
command:
$ npm install @millabs.net/cosepublickey
Features
- Verify WebAuthn responses with a COSE public key
- Base64url encoded string
- Create surrogate EC2, RSA public key pairs
Usage
$ npm install @millabs.net/cosepublickey
Import the modules
const { decodeCoseKey } = require('@millabs.net/cosepublickey')
// or
import { decodeCoseKey } from "millabs.net/cosepublickey"
Functions
Decoding COSE public key, verifying signature
import { decodeCoseKey } from "millabs.net/cosepublickey";
// from credential registration
const cosePublicKey = "pQECAyYgASFYIOsjOxr8AJ3mxXq3drCFKE3XcHf_mkNVU5QXXPP-TEdpIlggdoGVNDpRuJ9Y6LAlKPIxRsgz3N2-oDPVQJKU_a6AlSY";
// from webauthn assertion resonse
const assertion = {
"id": "Aad50Szy7ZFb8f7wdfMmFO2dUdQB8StMrYBbhJprTCJIKVdbIiMs9dAATKOvUpoKfmyh662ZsO1J5PQUsi9yKNumDR-ZD4wevDYZnwprytGf5rn6ydyxQQtBYPSwS8u23FdVBxBqHa8",
"response": {
"authenticatorData": "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MBAAAABQ",
"signature": "MEUCIQDZS-GaglyXcCj6A49Z-xVQBAKobVU6_RXSepXnAq5QpwIgd-5TaWuMJsEjowbzWzC8js70YwsS7RQ_A4vJteBda7Q",
"clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiVXJQOW1mRWlDUDZqTFYyQUNxd2dPZ3hzeHkySnNvTWJla3hjdUY5cFdRSSIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6NDIwMCIsImNyb3NzT3JpZ2luIjpmYWxzZX0"
},
"type": "public-key"
}
const { authenticatorData, clientDataJSON, signature } = assertion.response;
const clientDataHash = crypto.createHash("SHA-256").update(Buffer.from(clientDataJSON, "base64url")).digest();
const signatureBase = new Uint8Array([...Buffer.from(authenticatorData, "base64url"), ...clientDataHash]);
const coseKey = await decodeCoseKey(cosePublicKey);
const verified = coseKey.verify(signatureBase, signature);
decodeCoseKey(cosePublicKey).then((coseKey) => {
const verified = coseKey.verify(signatureBase, signature);
});
Public Key Credential Parameters
import { coseAlgorithm, pubKeyCredParams } from "millabs.net/cosepublickey";
console.log(pubKeyCredParams());
// [ { type: 'public-key', alg: -7 }, { type: 'public-key', alg: -257 } ]
console.log(pubKeyCredParams([coseAlgorithm.PS256, coseAlgorithm.ES384]));
// [ { type: 'public-key', alg: -37 }, { type: 'public-key', alg: -35 } ]
console.log(pubKeyCredParams([-35, -7]));
// [ { type: 'public-key', alg: -35 }, { type: 'public-key', alg: -7 } ]
People
The original author and maintainer of this module is Robert Burckner
License
0.1.22
1 year ago
0.1.21
1 year ago
0.1.20
1 year ago
0.1.19
1 year ago
0.1.18
1 year ago
0.1.17
1 year ago
0.1.16
1 year ago
0.1.15
1 year ago
0.1.14
1 year ago
0.1.13
1 year ago
0.1.12
1 year ago
0.1.11
1 year ago
0.1.9
1 year ago
0.1.8
1 year ago
0.1.7
1 year ago
0.1.6
1 year ago
0.1.5
1 year ago
0.1.4
1 year ago
0.1.3
1 year ago
0.1.2
1 year ago
0.1.1
1 year ago
0.1.0
1 year ago