You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A raw cryptographic signature must assert the integrity of both the client data and the authenticator data. Thus, an authenticator SHALL compute a signature over the concatenation of the authenticatorData and the clientDataHash.
It may go without saying, but for the sake of clarity and consistency, I believe the wording should be:
/.../ compute a signature over the SHA256 HASH OF THE concatenation of the authenticatorData /.../
The text was updated successfully, but these errors were encountered:
It may go without saying, but for the sake of clarity and consistency, I believe the wording should be:
/.../ compute a signature over the SHA256 HASH OF THE concatenation of the authenticatorData /.../
Actually, performing the hash over the input message (the "concatenation of the authenticatorData and the clientDataHash" in this case) is inherently a part of the signature algorithm (whether RSA [1] or ECDSA [2]). Note that the U2F spec says only " signature. This is a ECDSA signature (on P-256) over the following byte string ..." (e.g., in section 4.3).
If folks feel strongly about it we can add a Note explaining this, but I'm not sure it is necessary.
I just noticed the following in section 5.2.2:
A raw cryptographic signature must assert the integrity of both the client data and the authenticator data. Thus, an authenticator SHALL compute a signature over the concatenation of the authenticatorData and the clientDataHash.
It may go without saying, but for the sake of clarity and consistency, I believe the wording should be:
/.../ compute a signature over the SHA256 HASH OF THE concatenation of the authenticatorData /.../
The text was updated successfully, but these errors were encountered: