Replies: 1 comment 4 replies
-
|
Your best bet is to take the Within its list of "metadata statements" you'll likely find a statement for a given {
"aaguid": "c5ef55ff-ad9a-4b9f-b580-adebafe026d0",
"metadataStatement": {
"legalHeader": "https://fidoalliance.org/metadata/metadata-statement-legal-header/",
"aaguid": "c5ef55ff-ad9a-4b9f-b580-adebafe026d0",
"description": "YubiKey Series 5Ci",
"authenticatorVersion": 50200,
"protocolFamily": "fido2",
"schema": 3,
"upv": [
{
"major": 1,
"minor": 0
}
],
"authenticationAlgorithms": [
"ed25519_eddsa_sha512_raw",
"secp256r1_ecdsa_sha256_raw"
],
"publicKeyAlgAndEncodings": ["cose"],
"attestationTypes": ["basic_full"],
"userVerificationDetails": [
[
{
"userVerificationMethod": "presence_internal"
},
{
"userVerificationMethod": "passcode_internal",
"caDesc": {
"base": 64,
"minLength": 4,
"maxRetries": 8,
"blockSlowdown": 0
}
},
{
"userVerificationMethod": "none"
}
]
],
"keyProtection": ["hardware", "secure_element"],
"matcherProtection": ["on_chip"],
"cryptoStrength": 128,
"attachmentHint": ["external", "wired"],
"tcDisplay": [],
"attestationRootCertificates": [
"MIIDHjCCAgagAwIBAgIEG0BT9zANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDAwMDAwMFowLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBSb290IENBIFNlcmlhbCA0NTcyMDA2MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/jwYuhBVlqaiYWEMsrWFisgJ+PtM91eSrpI4TK7U53mwCIawSDHy8vUmk5N2KAj9abvT9NP5SMS1hQi3usxoYGonXQgfO6ZXyUA9a+KAkqdFnBnlyugSeCOep8EdZFfsaRFtMjkwz5Gcz2Py4vIYvCdMHPtwaz0bVuzneueIEz6TnQjE63Rdt2zbwnebwTG5ZybeWSwbzy+BJ34ZHcUhPAY89yJQXuE0IzMZFcEBbPNRbWECRKgjq//qT9nmDOFVlSRCt2wiqPSzluwn+v+suQEBsUjTGMEd25tKXXTkNW21wIWbxeSyUoTXwLvGS6xlwQSgNpk2qXYwf8iXg7VWZAgMBAAGjQjBAMB0GA1UdDgQWBBQgIvz0bNGJhjgpToksyKpP9xv9oDAPBgNVHRMECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAjvjuOMDSa+JXFCLyBKsycXtBVZsJ4Ue3LbaEsPY4MYN/hIQ5ZM5p7EjfcnMG4CtYkNsfNHc0AhBLdq45rnT87q/6O3vUEtNMafbhU6kthX7Y+9XFN9NpmYxr+ekVY5xOxi8h9JDIgoMP4VB1uS0aunL1IGqrNooL9mmFnL2kLVVee6/VR6C5+KSTCMCWppMuJIZII2v9o4dkoZ8Y7QRjQlLfYzd3qGtKbw7xaF1UsG/5xUb/Btwb2X2g4InpiB/yt/3CpQXpiWX/K4mBvUKiGn05ZsqeY1gx4g0xLBqcU9psmyPzK+Vsgw2jeRQ5JlKDyqE0hebfC1tvFu0CCrJFcw=="
],
"icon": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAfCAYAAACGVs+MAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAHYYAAB2GAV2iE4EAAAbNSURBVFhHpVd7TNV1FD/3d59weQSIgS9AQAXcFLAQZi9fpeVz1tY/WTZr5Wxpc7W5knLa5jI3Z85srS2nM2sjtWwZS7IUH4H4xCnEQx4DAZF74V7us885v9/lInBvVJ/B4Pv9nu/5nu/5nvM556fzA/Qv0Hb/IrX3VFKPo45cnm4inUIWYwLFRmZQUuwjFG/N1iRHh1EZ0NRVRudqt1Bd+2nSKyS/Ohys0+lk3e/3kQ9qvD4ZUta4VVSUuY0eipyiThAfocoORVgDuuw3qKRiAd3rbcEtjTjYIof6WaHsCmzVPWCMx+cgh8tLqWMKaMWsUjLqo2RtJIQ0oOzmerpQu4esZgsONkGxH7d0kdvTT17s4OMU7VI8ZhjgGaM+Aq9iENu8Pif1udz07MwvKWf8GlVoCEY04PC5WdTaXYFbR8vNvL5+3Kgfb5xNMya9RamJiynaMlGTVtFlr6ba9u+pqnEX4uMuRRgjSYEhrN7utFFe6lqal7Nfkw5imAGHynPpbk8VmY0xstnptlFCVCYtzTuBN83QpMLjTtevdPzSUnJ7e8mkjxZ39fXbKDfldZqbvU+TUgGnBVF6fQ2iPHg4W16UWUwvzbk16sMZE+Pn0pvz7JSeuAyes8lcpCmaKuo/p+qWr2UcwIAHWrvP0YEzhXAtLAbssHhp7iGamvyijP8ryqrXUWX9XoowxyAufNBrp43POBFXZlkf8MDRiqcpyowAwpuz2x+fWvz/Dtde9smszygtcR6C1wbdzBl6Olq5WNYY4oGathJMrkTEx0jARSHAVs+5rYkQNXb+QgfPLsQ6gXyInsreQfmpm7RVFYfL86n1fiUOkYvShkUPxvbukzoy6K1ihM1ho3XzW6EvSfXA+dpiWGaWd+doXzLzmGwKYFLCAsRAlPBAhMlCFXU7tBUVPr8HgVcJHWq+F00plr+DMTdrP4zvxY11kNMhxT+SeTGg+d4V5LQJityUGJNB8VFZsjgYBZM/II/XCTkj0qyDOpF2AVQ17CIjUp/DnT1UkL5F5gdj+sS1wg1gE3gigm60fCXzSnPXbyAPbIXv+IDpE16ThaHIS9skyhlmME5F3cfqAKhq2C0E5PH1gYaXaLPDkZG0HDJOnKWHp51I0z5SOux8e1WAuZzdHQrTkp8TmjXoI+la0wGZszubqbO3ifQ6A/W7vVSYsV3mR0JKwkKc4WHiBkmR8I3CCgI87oOL4qzT5P+RUJBejEOgAPK8hYPzatM+eITp2IO9yTQmeromPRxx1qxAcsile/ubSeEbcWQGYECghcLY2HyKjogjH25hMpjpUv1Ougli4eh2eRw0O32bJjkyuCgNzg0vzlYMSiSs0uoo4MG7hMOjCEaX1yFE0nSvjBzuTnEpK86Z8IoqFAIubw8kg9ArEaREWSZI+jH4Xbp6g9E9EnJT3oaRzDN+MUJBQDHn56a8oUmEBusOxBs/N5+tJEbPkAFDj8UGvOs/IWvcSglGBhvS7/FTYfpWGYdDY8fPAxWSA35sTC4p4+Lm4AaqIoPeQtfufK6Jh0ZhxlbsUXOSmXNifD5ZTAkyDofbbcclxnA8WNAqxCbRNykhXxQpaDw67fXUYbsiG0Khtv2oeIvh8rhQMYOcEAqXG/eI+zngOc5yxr8q82IAM1c/FLFOplqu5eFQXrMZzGcVCjYbLWG5I4BT1euRrlbxtNOtMitDDEhLXIIynAAvuOEWE3X3NdAft94VgaG42XIQt0ZX6PeCE/qQFe9rK6Hx7YU50KvH7fW4fS+q7KKBJxsggBX5pSAGh1jIrVh5zQ6w3RfaahBXm/aCbCZTjCUFUTyWZqW9p62MjJPXVqOrPgMO4Nv74Gkf+owftNVBDQnjFJqHSw17pXvhWW5KZqe/Q49N/USTCAVWoQXFIHBHXXe3FPrUDsuGDmtF/hHKTHpekxhiAOPI+SJq6S6HF4I9YWzkBJTo46iUMzWp8Pir/RiduLxKYsSksV8vLlOQvhGX2YlR0OBhBjC+u/gEcvY0ApK7Yk41NxjPSQnWFHTF66UrjgevB8Cu5a+l2vYSRPtuVDo73hhdMSHnUX7tTjsVZGxAl/WptiOIEQ1gnL29mX6/tR1tmlkYj8W4X+CSjWcUDGY1NpS/C7hSKqiMLM/l2QmSWZ73Ddz+gio8BCENYPQ46qnkzwXUbqvBkxjUQsWfZFgbuo3rAf+wN7jOO90+ynx4Pi3L+0nYL1SchDUgAP4gPV/7Id1q+1HShmuGkIqWRPgyxMFqP8HfjTnjXwY5bQfbJct6OIzKgMHotF/He1egsaxHSqG6wfdmQ5x8NyTFFqBcp2iSowHR3yk5+36hF7vXAAAAAElFTkSuQmCC",
"authenticatorGetInfo": {
"versions": ["U2F_V2", "FIDO_2_0", "FIDO_2_1_PRE"],
"extensions": ["credProtect", "hmac-secret"],
"aaguid": "c5ef55ffad9a4b9fb580adebafe026d0",
"options": {
"plat": false,
"rk": true,
"clientPin": true,
"up": true,
"credentialMgmtPreview": true
},
"maxMsgSize": 1200,
"pinUvAuthProtocols": [2, 1],
"maxCredentialCountInList": 8,
"maxCredentialIdLength": 128,
"transports": ["usb", "lightning"],
"algorithms": [
{
"type": "public-key",
"alg": -7
},
{
"type": "public-key",
"alg": -8
}
],
"minPINLength": 4,
"firmwareVersion": 328706
}
},
"statusReports": [
{
"status": "FIDO_CERTIFIED_L1",
"effectiveDate": "2020-05-12",
"certificationDescriptor": "YubiKey 5Ci",
"certificateNumber": "FIDO20020191017003",
"certificationPolicyVersion": "1.1.1",
"certificationRequirementsVersion": "1.3"
}
],
"timeOfLastStatusChange": "2020-05-12"
}Aside from that you can simply maintain your own map of aaguid to identifying information, but you'll have to compile and maintain that yourself. |
Beta Was this translation helpful? Give feedback.
-
|
I was just about to say "ouff, that sound like too much work" when I saw there already is a import metadataService from "@simplewebauthn/server/dist/metadata/metadataService";
// Fetching metadata for YubiKey 5 NFC
const metadata = await metadataService.getStatement("2fc0579f-8113-47ea-b116-bb5a8db9202a");
console.log(metadata);Is there any initialisation work that I've missed? The documentation says I need to register for a token but mds3 seems to have dropped that requirement (which seems to be reflected in your implementation). Help? |
Beta Was this translation helpful? Give feedback.
-
|
To answer my own question, this is what was missing: await metadataService.initialize({
mdsServers: [
{
url: "https://mds.fidoalliance.org/",
rootCertURL: "https://valid.r3.roots.globalsign.com/",
metadataURLSuffix: "",
},
]
});However it looks like the |
Beta Was this translation helpful? Give feedback.
-
|
Ok so after monkey-patching Looks like inlining the metadata is not the only thing that changed. For instance, FIDO_METADATA_ATTESTATION_TYPES.ATTESTATION_BASIC_FULL needs to be changed to |
Beta Was this translation helpful? Give feedback.
-
|
I created an issue for this: #143 |
Beta Was this translation helpful? Give feedback.
-
Is there a way to do this? We'd like to show a list of registered authenticators to our users, and having the manufacturer and model of the hardware key used would be pretty useful in this context. If I understand correctly, using the attestation type "direct" should yield this information, but I have no idea how you would extract it from the attestation data. @MasterKale Any ideas?
Beta Was this translation helpful? Give feedback.
All reactions