From 6737d23798f11e8574086464eeb7a5adfbc81a0c Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Wed, 20 Nov 2024 19:31:50 +0100 Subject: [PATCH] Add test vectors --- index.bs | 507 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 507 insertions(+) diff --git a/index.bs b/index.bs index 14d9102eb..daa04ce98 100644 --- a/index.bs +++ b/index.bs @@ -9246,6 +9246,513 @@ The recommended range and default for a WebAuthn ceremony timeout is * Recommended default value: 300000 milliseconds (5 minutes). +# Test Vectors # {#sctn-test-vectors} + +[INFORMATIVE] + +This section lists example values that may be used to validate implementations. + +All random values are deterministically generated using HKDF-SHA-256 [[RFC5869]] +from the base input key material denoted in CDDL as `'WebAuthn test vectors'`, +or equivalently as `h'576562417574686e207465737420766563746f7273'`. +ECDSA signatures use a deterministic nonce [[RFC6979]]. +The RSA key in the examples is constructed from the two smallest Mersenne primes 2p - 1 such that p ≥ 1024. + + +## Attestation trust root certificate ## {#sctn-test-vectors-attestation-root-cert} + +All examples that include [=attestation=] use the attestation trust root certificate +given as `attestation_ca_cert` below, encoded in X.509 DER [[RFC5280]]: + + +attestation_ca_key = h'7809337f05740a96a78eedf9e9280499dcc8f2aa129616049ec1dccfe103eb2a' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'00', info='Attestation CA', L=32) +attestation_ca_serial_number = h'ed7f905d8bd0b414d1784913170a90b6' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'01', info='Attestation CA', L=16) +attestation_ca_cert = h'30820207308201ada003020102021100ed7f905d8bd0b414d1784913170a90b6300a06082a8648ce3d0403023062311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331253023060355040b0c1c41757468656e74696361746f72204174746573746174696f6e204341310b30090603550406130241413020170d3234303130313030303030305a180f33303234303130313030303030305a3062311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331253023060355040b0c1c41757468656e74696361746f72204174746573746174696f6e204341310b30090603550406130241413059301306072a8648ce3d020106082a8648ce3d030107034200043269300e5ff7b699015f70cf80a8763bf705bc2e2af0c1b39cff718b7c35880ca30f319078d91b03389a006fdfc8a1dcd84edfa07d30aa13474a248a0dab5baaa3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e0416041445aff715b0dd786741fee996ebc16547a3931b1e300a06082a8648ce3d04030203480030450220483063b6bb08dcc83da33a02c11d2f42203176893554d138c614a36908724cc8022100f5ef2c912d4500b3e2f5b591d0622491e9f220dfd1f9734ec484bb7e90887663' + + + +## Test Vectors for [=[WRPS]=] ## {#sctn-test-vectors-rp} + +This section lists example values that may be used to validate [=[WRP]=] implementations. + +Examples are given in pseudocode as pairs of [=registration ceremony|registration=] +and [=authentication ceremonies=] done with the same [=credential=], +with byte string literals and comments in CDDL [[RFC8610]] notation. +The examples are not exhaustive and do not include [=WebAuthn extensions=]. + +Registration examples include the {{PublicKeyCredentialCreationOptions/challenge}} input, +intermediate pseudo-random values, +and the {{AuthenticatorAttestationResponse/attestationObject}} and {{AuthenticatorResponse/clientDataJSON}} outputs. +Authentication examples include the {{PublicKeyCredentialRequestOptions/challenge}} input, +intermediate pseudo-random values, +and the {{AuthenticatorAssertionResponse/authenticatorData}}, {{AuthenticatorAssertionResponse/signature}} +and {{AuthenticatorResponse/clientDataJSON}} outputs. +Other cryptographically unrelated inputs and outputs are not included. + +All examples use the [=RP ID=] `example.org`, the {{CollectedClientData/origin}} `https://example.org` +and, where applicable, the {{CollectedClientData/topOrigin}} `https://example.com`. + +Note that although the examples include [=credential private keys=] and [=attestation private keys=] for reproducibility, +these would normally not be shared with the [=[RP]=]. + + +### ES256 Credential with No Attestation ### {#sctn-test-vectors-none-es256} + +[=registration ceremony|Registration=]: + +credential_private_key = h'00c30fb78531c464d2b6771dab8d7b603c01162f2fa486bea70f283ae556e130' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'00', info='none.ES256', L=32) +aaguid = h'6e68e7a58484a3264f66b77f5d6dc5bc' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'01', info='none.ES256', L=16) +credential_id = h'f9aec6fc9e70fb8022f14956ed67010c19875786e07cf7ed142d6cf41a7bf5e9' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'02', info='none.ES256', L=32) + +; auth_data_UV_BE_BS determines the UV, BE and BS bits of the authenticator data flags, but BS is set only if BE is +auth_data_UV_BE_BS = h'06' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'03', info='none.ES256', L=1) +challenge = h'8446ccb9ab1db374750b2367ff6f3a1fb14b893372950a0a795df5e3a995c353' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'04', info='none.ES256', L=32) +client_data_gen_flags = h'f9' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'05', info='none.ES256', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +extra_client_data = h'bac89435a89550bda8c99dfa860362b5' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'06', info='none.ES256', L=16) +clientDataJSON = h'7b2274797065223a22776562617574686e2e637265617465222c226368616c6c656e6765223a226845624d756173647333523143794e6e5f3238364837464c69544e796c516f4b6556333134366d5677314d222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73652c22657874726144617461223a22636c69656e74446174614a534f4e206d617920626520657874656e6465642077697468206164646974696f6e616c206669656c647320696e20746865206675747572652c207375636820617320746869733a20757369554e616956554c326f795a333668674e6974513d3d227d' +attestation_private_key = h'39c0e7521417ba54d43e8dc95174f423dee9bf3cd804ff6d65c857c9abf4d408' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'07', info='none.ES256', L=32) +attestation_cert_serial_number = h'4a95623d5723fd8697042ef5b36624ce' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'08', info='none.ES256', L=16) +attestationObject = h'a363666d74646e6f6e656761747453746d74a068617574684461746158a4bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b545000000006e68e7a58484a3264f66b77f5d6dc5bc0020f9aec6fc9e70fb8022f14956ed67010c19875786e07cf7ed142d6cf41a7bf5e9a5010203262001215820cfc8407a04dfa9f6e03fbeaed5bd8c8d228f0935ad341351f0d98cd2d4dcdfa82258200c448c016a91ad80916969daf80498667373b628991ad0083644603b6787e10a' + + +[=authentication ceremony|Authentication=]: + +; auth_data_UV_BS sets the UV and BS bits of the authenticator data flags, but BS is set only if BE was set in the registration +auth_data_UV_BS = h'38' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'09', info='none.ES256', L=1) +challenge = h'eb4380b9dece113645d11ebf201ed62a81ff36a5077ace6398954d108e6d43e1' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0a', info='none.ES256', L=32) +client_data_gen_flags = h'4c' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0b', info='none.ES256', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +authenticatorData = h'bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b50100000000' +clientDataJSON = h'7b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a2236304f417564374f45545a463052365f494237574b6f485f4e7155486573356a6d4a564e45493574512d45222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73657d' +signature = h'30450220715e21c6b13c98ad23c568cd72fd5f7188b3fd13f0a86135358c7c3335bcda1f022100f97a04b666149747295c6d65d4e3f6d645d6d15f7a52070f643ce06ad2dd5cc9' + + + +### ES256 Credential with Self Attestation ### {#sctn-test-vectors-packed-self-es256} + +[=registration ceremony|Registration=]: + +credential_private_key = h'7869c2b772d4b58eba9378cf8f29e26cf935aa77df0da89fa99c0bdc0a76f7e5' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'00', info='packed-self.ES256', L=32) +aaguid = h'b4bbfa5d68e1693b6ef5a19a0e60ef7e' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'01', info='packed-self.ES256', L=16) +credential_id = h'db1e8841e85c572bc6e8565f5880ae590e92f5b084c610b02900abb05974b50c' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'02', info='packed-self.ES256', L=32) + +; auth_data_UV_BE_BS determines the UV, BE and BS bits of the authenticator data flags, but BS is set only if BE is +auth_data_UV_BE_BS = h'53' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'03', info='packed-self.ES256', L=1) +challenge = h'df850e09db6afbdfab51697791506cfc39477f1f43a67c235794f4d802c8683f' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'04', info='packed-self.ES256', L=32) +client_data_gen_flags = h'45' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'05', info='packed-self.ES256', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +extra_client_data = h'fdaea3fadada4376c28aec68bbdb3f6f' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'06', info='packed-self.ES256', L=16) +clientDataJSON = h'7b2274797065223a22776562617574686e2e637265617465222c226368616c6c656e6765223a223334554f436474712d392d7255576c336b5642735f446c4866783944706e776a5635543032414c49614438222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73652c22657874726144617461223a22636c69656e74446174614a534f4e206d617920626520657874656e6465642077697468206164646974696f6e616c206669656c647320696e20746865206675747572652c207375636820617320746869733a205f61366a2d747261513362436975786f7539735f62773d3d227d' +attestationObject = h'a363666d74667061636b65646761747453746d74a263616c67266373696758473045022100a5d57ae67a212ea7e0812a37f3c692ae39062bc948132f14c433d21bfbe1bf6302203b22120bd5d958defb4ab1bd91577a1114152cbe6e31b3568881695aa6238b6a68617574684461746158a4bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b54100000000b4bbfa5d68e1693b6ef5a19a0e60ef7e0020db1e8841e85c572bc6e8565f5880ae590e92f5b084c610b02900abb05974b50ca501020326200121582093f1794dea21617508ffbd343b034424782e9182774f027037bb3ff00f9ac674225820203cb763815962c1af3b82a5ef102d4e739a69d94ef639a95d486b525ab895cf' + + +[=authentication ceremony|Authentication=]: + +; auth_data_UV_BS sets the UV and BS bits of the authenticator data flags, but BS is set only if BE was set in the registration +auth_data_UV_BS = h'44' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'07', info='packed-self.ES256', L=1) +challenge = h'1f54787ee3296594c03c12aef796c630c7510c32ca8a12927f61ac17ba82d4b5' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'08', info='packed-self.ES256', L=32) +client_data_gen_flags = h'81' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'09', info='packed-self.ES256', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +extra_client_data = h'a131beb78762e3666ee614e625001d65' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0a', info='packed-self.ES256', L=16) +authenticatorData = h'bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b50500000000' +clientDataJSON = h'7b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a224831523466754d705a5a544150424b75393562474d4d645244444c4b69684b536632477346377143314c55222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73652c22657874726144617461223a22636c69656e74446174614a534f4e206d617920626520657874656e6465642077697468206164646974696f6e616c206669656c647320696e20746865206675747572652c207375636820617320746869733a206f54472d7434646934325a753568546d4a5141645a513d3d227d' +signature = h'3045022100a9d7fd6cddcdb9e37499bd15c9dfc27920ce6a5744c2cfdf715f13f9a275b79902201503b3c7d97b038df7a9fabd33a213318a764dc9425b93a4e9136cba863f5a09' + + + +### ES256 Credential with "crossOrigin": true in clientDataJSON ### {#sctn-test-vectors-none-es256-crossOrigin} + +[=registration ceremony|Registration=]: + +credential_private_key = h'3be5aacd03537142472340ab5969f240f1d87716e20b6807ac230655fa4b3b49' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'00', info='none.ES256.crossOrigin', L=32) +aaguid = h'96c940e769bd9f1237c119f144fa61a4' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'01', info='none.ES256.crossOrigin', L=16) +credential_id = h'711e35dc96fcdc0323683caea542985134c2014a80d1ec92fdb94b58e9cf25d9' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'02', info='none.ES256.crossOrigin', L=32) + +; auth_data_UV_BE_BS determines the UV, BE and BS bits of the authenticator data flags, but BS is set only if BE is +auth_data_UV_BE_BS = h'cd' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'03', info='none.ES256.crossOrigin', L=1) +challenge = h'883f4f6014f19c09d87aa38123be48d090282eed5c5f4a780d7bb83e678b8977' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'04', info='none.ES256.crossOrigin', L=32) +client_data_gen_flags = h'6e' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'05', info='none.ES256.crossOrigin', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +clientDataJSON = h'7b2274797065223a22776562617574686e2e637265617465222c226368616c6c656e6765223a2269443950594254786e416e5965714f4249373549304a416f4c7531635830703444587534506d654c695863222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a747275657d' +attestation_private_key = h'27267b59e97ed06fa8626e3ba2a4182787f9023c75a26e79013b210880f45e87' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'06', info='none.ES256.crossOrigin', L=32) +attestation_cert_serial_number = h'876aa517ba83fdee65fcffdbca4c84ee' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'07', info='none.ES256.crossOrigin', L=16) +attestationObject = h'a363666d74646e6f6e656761747453746d74a068617574684461746158a4bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b54d0000000096c940e769bd9f1237c119f144fa61a40020711e35dc96fcdc0323683caea542985134c2014a80d1ec92fdb94b58e9cf25d9a5010203262001215820b804e0b6f775fc28d69bc27faa5d28ab01f2f0f2946cbc24bcc44dfb12a73d422258208f9808760f5de0ea8778f33b9df119da4466f642d1d0a16e1ee161fe15dbf152' + + +[=authentication ceremony|Authentication=]: + +; auth_data_UV_BS sets the UV and BS bits of the authenticator data flags, but BS is set only if BE was set in the registration +auth_data_UV_BS = h'57' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'08', info='none.ES256.crossOrigin', L=1) +challenge = h'f76a5c4d50f401bcbeab876d9a3e9e7eec091757368d5b15ca4017371d55b650' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'09', info='none.ES256.crossOrigin', L=32) +client_data_gen_flags = h'0c' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0a', info='none.ES256.crossOrigin', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +authenticatorData = h'bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b51d00000000' +clientDataJSON = h'7b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a2239327063545644304162792d713464746d6a36656675774a463163326a567356796b41584e783156746c41222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a747275657d' +signature = h'3044022008ff34d2fc22a5aff511771a3bc20d0e64d6e3e4814d7d08d020506713eb0f970220567a16e4104e27784ea9e22c9f954c009fe26ca600668190c2190c2411ded0bc' + + + +### ES256 Credential with "topOrigin" in clientDataJSON ### {#sctn-test-vectors-none-es256-topOrigin} + +[=registration ceremony|Registration=]: + +credential_private_key = h'4e1f4c6198699e33c14f192153f49d7e0e8e3577d5ac416c5f3adc92a41f27e5' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'00', info='none.ES256.topOrigin', L=32) +aaguid = h'a2d6de40ab974b80d8c1ef78c6d43000' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'01', info='none.ES256.topOrigin', L=16) +credential_id = h'543f24526ceb534a9ba8197b6dfd6e6b743e78f431741fc13ae3552a6e920e91' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'02', info='none.ES256.topOrigin', L=32) + +; auth_data_UV_BE_BS determines the UV, BE and BS bits of the authenticator data flags, but BS is set only if BE is +auth_data_UV_BE_BS = h'97' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'03', info='none.ES256.topOrigin', L=1) +challenge = h'b8ad59b996047ab18e2ceb57206c362da57458793481f4a8ebf101c7ca7cc0f1' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'04', info='none.ES256.topOrigin', L=32) +client_data_gen_flags = h'a0' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'05', info='none.ES256.topOrigin', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +clientDataJSON = h'7b2274797065223a22776562617574686e2e637265617465222c226368616c6c656e6765223a22754b315a755a59456572474f4c4f7458494777324c61563057486b306766536f365f454278387038775045222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a747275652c22746f704f726967696e223a2268747470733a2f2f6578616d706c652e636f6d227d' +attestation_private_key = h'd54a5c8ca4b62a8e3bb321e3b2bc73856f85a10150db2939ac195739eb1ea066' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'06', info='none.ES256.topOrigin', L=32) +attestation_cert_serial_number = h'773c8a221c7c1ebe80fa5bd0fcd9b711' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'07', info='none.ES256.topOrigin', L=16) +attestationObject = h'a363666d74646e6f6e656761747453746d74a068617574684461746158a4bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b54500000000a2d6de40ab974b80d8c1ef78c6d430000020543f24526ceb534a9ba8197b6dfd6e6b743e78f431741fc13ae3552a6e920e91a5010203262001215820876d8a7492b0e764d2e567c4796ffecdd17b082ee58116bfeaaca284a4fa4a2f2258201d951bb48338b343a7b9f710a09d77970028af412062c5a1beb9ee6b21cb9a99' + + +[=authentication ceremony|Authentication=]: + +; auth_data_UV_BS sets the UV and BS bits of the authenticator data flags, but BS is set only if BE was set in the registration +auth_data_UV_BS = h'52' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'08', info='none.ES256.topOrigin', L=1) +challenge = h'9f6ee023043a88068447eb11cc0fba3349ac58a102914481760ac2ab4576d375' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'09', info='none.ES256.topOrigin', L=32) +client_data_gen_flags = h'2c' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0a', info='none.ES256.topOrigin', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +authenticatorData = h'bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b50100000000' +clientDataJSON = h'7b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a226e3237674977513669416145522d73527a412d364d306d73574b45436b5553426467724371305632303355222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a747275652c22746f704f726967696e223a2268747470733a2f2f6578616d706c652e636f6d227d' +signature = h'304402205113f0a1f9fa46d8f8efb3f1939f695423c6c43b5de72d683216addabb792953022050652d985e142751e0d5e2cc0a9073ed48c47b8684d7eefe4e3862ca7c6d450b' + + + +### ES256 Credential with very long credential ID ### {#sctn-test-vectors-none-es256-long-credential-id} + +[=registration ceremony|Registration=]: + +credential_private_key = h'1113c7265ccf5e65124282fa1d7819a7a14cb8539aa4cdbec7487e5f35d8ec6c' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'00', info='none.ES256.long-credential-id', L=32) +aaguid = h'6fd2149bb5f1597fe549b138794bde61' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'01', info='none.ES256.long-credential-id', L=16) +credential_id = h'90622d4f42a790bd5febfe545485cce5046ac9e2ac8a09ec6ba01fdb3aa3ed2678255aece6ea92c2a34e739c8db91ca27684d82edcbc4f7c319a1e4b29e9968be0736eaa8f9d545e598c82f144828220dd8cc6512277a719267c4dd5191fd39ee8fa330241ca118e99da34a2753147fa91e44ce567d8baf6059e6d4f90b83c95b25ae7c43b0afbe4cb58a9eb34600a0c1e97a6a004a30c379f890440699d8b2b4f4b222de39ff7366a69af97037c910ad268563c83edd83938b8595f25e58f6b94a7229e3a1ca18de641867f3da89d409188baa1d1f74b9c26affdd6b240cd6ab310194c98fe134fa8c688dbe11f217ee2afc1b420a9ec381103759a750ce3df399bdf5ab3ceaa1e7ce8c4226160a7e89bb390672b932f2be7d7db7642e71c470bf8a7dadb807e3ae21077309556eb7a9f51656587eace26d62014d51952bb1d17129c201433bd9716cdb27e7d25a7d3930c892f96a8465ced268e1e5f4a193431c9babf1930df6871f79b8d48eefad05f94d6f01fedc0708dbde13583ad1e9d94fb525464c077cd908cb1f0eb867033a831a7ebb5ef3f584d7bf2ec00ff8cc70780b872f7b9d8a20593eaf715ee20c8a46d7504ea24750c93bfc971e7a2437c4c4dc69fdf9c0c835fcf63f94969ecfae7c283b9257411c6b6b783eadb474d32663ceaa5d7bbacae1897f5a73e289e1d1a5e7e449eec86c0fcb9621720ebd3520e863f65b297549a145ac29e2ab199b29d63a6ee9b28a803e413bd83889010e18edfa30ba29adb9368d80fec7ec3f68b7d82889eec6377493f9ae8b334fb64992bd4baedf8c96a52d6b2b1e4c70faee95d8745be7e31478a271b2402d7a3e825c026b25e6b17475cb4ed7660b8c956d1ad89d85e08fa1b32e2bfea59674e024287fcad4de44a2bdbce06feaf43b61473634a1178a51fc9d2e77b841b58f28f7dd80cc5e15a2a1b930bdf6d261e87b160732d82ed672a7d4bcf9ec19cf8c6d6aa5763eaac28699c7081601da1c3aec0a1757ca24eb9dd36bbac78a2d0390329740f88d74cd9ffdffe4a2bf7052d1dac84a2d9296ca1edba82d5a99d0920926475e88b4e52bbaa5840a263baaf18712d027190e02fc336f48385c234c4cd9ab765e7df9870be843f90dfe546f239caf489b248f078495443188a5b5a62efc10e0afa83a135b46c89ed0fd17727052b5a3ef51671685b720e6cd92163c993f6083862b6ddc445c54f120a3593edaf263f4be3466be7682f84ce0a5b08246c728945b53e7ed3b824f75dc9da830002372a02d3237a7bdfa6aa57ad4ba0db8170182c9d872375bc2485e756da8b9653ac281df4d8ad2452e430dad1df3e28a49a29a7781ec488313a9ab44959b136f23d94bb8abb97e92fde902eca1f1739ee90527e9a9cb310bd5787afb4e2342ce41763c1a55f4b73aca5c8c500037017d6c4ea' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'02', info='none.ES256.long-credential-id', L=1023) + +; auth_data_UV_BE_BS determines the UV, BE and BS bits of the authenticator data flags, but BS is set only if BE is +auth_data_UV_BE_BS = h'8f' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'03', info='none.ES256.long-credential-id', L=1) +challenge = h'3a761a4e1674ad6c4305869435c0eee9c286172c229bb91b48b4ada140c08634' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'04', info='none.ES256.long-credential-id', L=32) +client_data_gen_flags = h'69' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'05', info='none.ES256.long-credential-id', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +extra_client_data = h'ef1deba56dce48f674a447ccf63b9599' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'06', info='none.ES256.long-credential-id', L=16) +clientDataJSON = h'7b2274797065223a22776562617574686e2e637265617465222c226368616c6c656e6765223a224f6e596154685a3072577844425961554e63447536634b47467977696d376b62534c53746f554441686a51222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73652c22657874726144617461223a22636c69656e74446174614a534f4e206d617920626520657874656e6465642077697468206164646974696f6e616c206669656c647320696e20746865206675747572652c207375636820617320746869733a20377833727057334f53505a307045664d396a75566d513d3d227d' +attestation_private_key = h'80e1176ea0267659367abcd51a54266c17460fcba0d4e8fa2903896fbc37dbd2' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'07', info='none.ES256.long-credential-id', L=32) +attestation_cert_serial_number = h'e5f5adf44211248bb70cdc88c2cfb875' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'08', info='none.ES256.long-credential-id', L=16) +attestationObject = h'a363666d74646e6f6e656761747453746d74a0686175746844617461590483bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b54d000000006fd2149bb5f1597fe549b138794bde6103ff90622d4f42a790bd5febfe545485cce5046ac9e2ac8a09ec6ba01fdb3aa3ed2678255aece6ea92c2a34e739c8db91ca27684d82edcbc4f7c319a1e4b29e9968be0736eaa8f9d545e598c82f144828220dd8cc6512277a719267c4dd5191fd39ee8fa330241ca118e99da34a2753147fa91e44ce567d8baf6059e6d4f90b83c95b25ae7c43b0afbe4cb58a9eb34600a0c1e97a6a004a30c379f890440699d8b2b4f4b222de39ff7366a69af97037c910ad268563c83edd83938b8595f25e58f6b94a7229e3a1ca18de641867f3da89d409188baa1d1f74b9c26affdd6b240cd6ab310194c98fe134fa8c688dbe11f217ee2afc1b420a9ec381103759a750ce3df399bdf5ab3ceaa1e7ce8c4226160a7e89bb390672b932f2be7d7db7642e71c470bf8a7dadb807e3ae21077309556eb7a9f51656587eace26d62014d51952bb1d17129c201433bd9716cdb27e7d25a7d3930c892f96a8465ced268e1e5f4a193431c9babf1930df6871f79b8d48eefad05f94d6f01fedc0708dbde13583ad1e9d94fb525464c077cd908cb1f0eb867033a831a7ebb5ef3f584d7bf2ec00ff8cc70780b872f7b9d8a20593eaf715ee20c8a46d7504ea24750c93bfc971e7a2437c4c4dc69fdf9c0c835fcf63f94969ecfae7c283b9257411c6b6b783eadb474d32663ceaa5d7bbacae1897f5a73e289e1d1a5e7e449eec86c0fcb9621720ebd3520e863f65b297549a145ac29e2ab199b29d63a6ee9b28a803e413bd83889010e18edfa30ba29adb9368d80fec7ec3f68b7d82889eec6377493f9ae8b334fb64992bd4baedf8c96a52d6b2b1e4c70faee95d8745be7e31478a271b2402d7a3e825c026b25e6b17475cb4ed7660b8c956d1ad89d85e08fa1b32e2bfea59674e024287fcad4de44a2bdbce06feaf43b61473634a1178a51fc9d2e77b841b58f28f7dd80cc5e15a2a1b930bdf6d261e87b160732d82ed672a7d4bcf9ec19cf8c6d6aa5763eaac28699c7081601da1c3aec0a1757ca24eb9dd36bbac78a2d0390329740f88d74cd9ffdffe4a2bf7052d1dac84a2d9296ca1edba82d5a99d0920926475e88b4e52bbaa5840a263baaf18712d027190e02fc336f48385c234c4cd9ab765e7df9870be843f90dfe546f239caf489b248f078495443188a5b5a62efc10e0afa83a135b46c89ed0fd17727052b5a3ef51671685b720e6cd92163c993f6083862b6ddc445c54f120a3593edaf263f4be3466be7682f84ce0a5b08246c728945b53e7ed3b824f75dc9da830002372a02d3237a7bdfa6aa57ad4ba0db8170182c9d872375bc2485e756da8b9653ac281df4d8ad2452e430dad1df3e28a49a29a7781ec488313a9ab44959b136f23d94bb8abb97e92fde902eca1f1739ee90527e9a9cb310bd5787afb4e2342ce41763c1a55f4b73aca5c8c500037017d6c4eaa50102032620012158208570e2a2eebbc3fc33faae35cae0509fea002faf2a66719104bdd1e716b3d60422582097946b3b71e5bfb919acfbc7cc35c0900f7160011982360f07a787ab610c96ba' + + +[=authentication ceremony|Authentication=]: + +; auth_data_UV_BS sets the UV and BS bits of the authenticator data flags, but BS is set only if BE was set in the registration +auth_data_UV_BS = h'fa' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'09', info='none.ES256.long-credential-id', L=1) +challenge = h'5bae46281f432f1ac4969c16e55f67d899edccd524caa23cdddf7fc973b649c1' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0a', info='none.ES256.long-credential-id', L=32) +client_data_gen_flags = h'7a' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0b', info='none.ES256.long-credential-id', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +authenticatorData = h'bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b51900000000' +clientDataJSON = h'7b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a22573635474b4239444c7872456c7077573556396e324a6e747a4e556b797149383364395f79584f32536345222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73657d' +signature = h'30460221009de28bde7345f6d3e95f5f7ef18a7a1da2c5f07e26c0f28364c62d4b460e6556022100d218112c00fb8bbbd7e9d99d7efb85ca7ed06af4fdd16c5a917199688393f064' + + + +### Packed Attestation with ES256 Credential ### {#sctn-test-vectors-packed-es256} + +[=registration ceremony|Registration=]: + +credential_private_key = h'c1184a5fddf8045e13dc47f54b61f5a656b666b59018f16d870e9256e9952012' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'00', info='packed.ES256', L=32) +aaguid = h'36ed7bea2357cefa8c4ec7e134f3312d' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'01', info='packed.ES256', L=16) +credential_id = h'8d43dfe2d1dd1f8d8fbd1ce6cc48908c70cc185b6ba1a4dfa951f08e1157ab61' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'02', info='packed.ES256', L=32) + +; auth_data_UV_BE_BS determines the UV, BE and BS bits of the authenticator data flags, but BS is set only if BE is +auth_data_UV_BE_BS = h'f5' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'03', info='packed.ES256', L=1) +challenge = h'876ca4f52071c3e9b25509ef2cdf7ed64212b46e115d3763b4a7e2b71ea2b146' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'04', info='packed.ES256', L=32) +client_data_gen_flags = h'c9' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'05', info='packed.ES256', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +extra_client_data = h'4f6622191ac5f0b3ca943c64085d6172' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'06', info='packed.ES256', L=16) +clientDataJSON = h'7b2274797065223a22776562617574686e2e637265617465222c226368616c6c656e6765223a226832796b39534278772d6d7956516e764c4e392d316b4953744734525854646a744b666974783669735559222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73652c22657874726144617461223a22636c69656e74446174614a534f4e206d617920626520657874656e6465642077697468206164646974696f6e616c206669656c647320696e20746865206675747572652c207375636820617320746869733a205432596947527246384c504b6c44786b4346316863673d3d227d' +attestation_private_key = h'ec2804b222552b4b277d1f58f8c4343c0b0b0db5474eb55365c89d66a2bc96be' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'07', info='packed.ES256', L=32) +attestation_cert_serial_number = h'88c220f83c8ef1feafe94deae45faad0' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'08', info='packed.ES256', L=16) +attestationObject = h'a363666d74667061636b65646761747453746d74a363616c67266373696758473045022100e874452ef6ccc7c4c03794ab129ac0c81e3a129f087d40e56cef40df5246070502207b8a42d26bd5b240fa97404256d527b27f631bb18ea5cf025aa96d147a469864637835638159022530820221308201c8a00302010202110088c220f83c8ef1feafe94deae45faad0300a06082a8648ce3d0403023062311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331253023060355040b0c1c41757468656e74696361746f72204174746573746174696f6e204341310b30090603550406130241413020170d3234303130313030303030305a180f33303234303130313030303030305a305f311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b30090603550406130241413059301306072a8648ce3d020106082a8648ce3d03010703420004a91ba4389409dd38a428141940ca8feb1ac0d7b4350558104a3777a49322f3798440f378b3398ab2d3bb7bf91322c92eb23556f59ad0a836fec4c7663b0e4dc3a360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e04160414a589ba72d060842ab11f74fb246bdedab16f9b9b301f0603551d2304183016801445aff715b0dd786741fee996ebc16547a3931b1e300a06082a8648ce3d040302034700304402201726b9d85ecd8a5ed51163722ca3a20886fd9b242a0aa0453d442116075defd502207ef471e530ac87961a88a7f0d0c17b091ffc6b9238d30f79f635b417be5910e768617574684461746158a4bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b5450000000036ed7bea2357cefa8c4ec7e134f3312d00208d43dfe2d1dd1f8d8fbd1ce6cc48908c70cc185b6ba1a4dfa951f08e1157ab61a5010203262001215820d929edcf6627c74f7ba4cba265ed884d27110056b5c6dee6e3fcd13d1c6356322258203c489c0daaf3d8bac3230df46fe4ad9021bb0511134fee98653f4fe12de320d1' + + +[=authentication ceremony|Authentication=]: + +; auth_data_UV_BS sets the UV and BS bits of the authenticator data flags, but BS is set only if BE was set in the registration +auth_data_UV_BS = h'b1' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'09', info='packed.ES256', L=1) +challenge = h'75c416ad06a84859f788a637e150a6bc890e23f0e0821f72144d1ae6630fdf9e' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0a', info='packed.ES256', L=32) +client_data_gen_flags = h'01' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0b', info='packed.ES256', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +extra_client_data = h'463ea0d175cdd886dfb46f40ea53ae5e' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0c', info='packed.ES256', L=16) +authenticatorData = h'bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b50100000000' +clientDataJSON = h'7b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a22646351577251616f53466e33694b59333456436d76496b4f495f44676768397946453061356d4d50333534222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73652c22657874726144617461223a22636c69656e74446174614a534f4e206d617920626520657874656e6465642077697468206164646974696f6e616c206669656c647320696e20746865206675747572652c207375636820617320746869733a20526a36673058584e3249626674473941366c4f7558673d3d227d' +signature = h'304402205369085b0365b5178f509d9e3d5ef9ff85bc835865c5e4b834887944b339bb7f02206bba3a999c082ce27cea5638ffb264b97282bf22abad96241e51c42421f6383b' + + + +### Packed Attestation with ES384 Credential ### {#sctn-test-vectors-packed-es384} + +[=registration ceremony|Registration=]: + +credential_private_key = h'567b030b3e186bc1d169dd45b79f9e0d86f1fd63474da3eade5bdb8db379a0c322e450a02bbf449c6c87b7ea5e73c680' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'00', info='packed.ES384', L=48) +aaguid = h'271e37d309c558c0f35222b37abba750' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'01', info='packed.ES384', L=16) +credential_id = h'323e40c432d63ee032c967eab90f58c60c80c43a2de7e227fb62265192e8e4b2' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'02', info='packed.ES384', L=32) + +; auth_data_UV_BE_BS determines the UV, BE and BS bits of the authenticator data flags, but BS is set only if BE is +auth_data_UV_BE_BS = h'e9' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'03', info='packed.ES384', L=1) +challenge = h'953ae2dd9f28b1a1d5802c83e1f65833bb9769a08de82d812bc27c13fc6f06a9' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'04', info='packed.ES384', L=32) +client_data_gen_flags = h'db' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'05', info='packed.ES384', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +extra_client_data = h'8d979fbb6e49c4eeb5925a2bca0fcdb0' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'06', info='packed.ES384', L=16) +clientDataJSON = h'7b2274797065223a22776562617574686e2e637265617465222c226368616c6c656e6765223a226c547269335a386f736148566743794434665a594d3775586161434e364332424b384a38455f787642716b222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73652c22657874726144617461223a22636c69656e74446174614a534f4e206d617920626520657874656e6465642077697468206164646974696f6e616c206669656c647320696e20746865206675747572652c207375636820617320746869733a206a5a65667532354a784f36316b6c6f7279675f4e73413d3d227d' +attestation_private_key = h'3d0a5588bb87ebb1d4cee4a1807c1b7c5cbf3a06c8064118120ed58e94ba6215' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'07', info='packed.ES384', L=32) +attestation_cert_serial_number = h'ff41c3d25dbd8966fb61e28ef5e47041' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'08', info='packed.ES384', L=16) +attestationObject = h'a363666d74667061636b65646761747453746d74a363616c67266373696758483046022100e79c40e5210a8376ec5b372411171c26390d740adf882dd2b8e49eaab02163ab022100eabe7b7c825aea57cc29928ead7499c9a4590fffeb070095b6ef8381a7acaf37637835638159022530820221308201c8a003020102021100ff41c3d25dbd8966fb61e28ef5e47041300a06082a8648ce3d0403023062311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331253023060355040b0c1c41757468656e74696361746f72204174746573746174696f6e204341310b30090603550406130241413020170d3234303130313030303030305a180f33303234303130313030303030305a305f311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b30090603550406130241413059301306072a8648ce3d020106082a8648ce3d030107034200048c7e4e131c8cb262167a9cc2a42d4f5fb1972a896832fbbc39169d91e844fbb786499692337d2ce86b92fb467c0a02cb5b4194b53f0bff558bb29f1a956948dca360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e041604140ba66fd95eee482af6d9fd39f5086707a9797984301f0603551d2304183016801445aff715b0dd786741fee996ebc16547a3931b1e300a06082a8648ce3d040302034700304402210092c43b08c35cc6383b5a92badba50c31d200d204f205779b81f905684225568b021f0a9a180789bfc5f9bb2580ccc00f60b45714c59a998ceca8fd56493dbfcb3c68617574684461746158c5bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b54900000000271e37d309c558c0f35222b37abba7500020323e40c432d63ee032c967eab90f58c60c80c43a2de7e227fb62265192e8e4b2a5010203382220022158307b56ef259ecb00535beafc007c45872bfb6810fd185329c5b5c1d2251b89b33fdc63d73ab93e4dfa4f68fd831e7d1e3c225830b206922b0f3b7585a24b1d6b32472255d3e3b3da8990cb17f21f8f1a9120d80206c3a5271611fd0a8e1cbe09fc63b268' + + +[=authentication ceremony|Authentication=]: + +; auth_data_UV_BS sets the UV and BS bits of the authenticator data flags, but BS is set only if BE was set in the registration +auth_data_UV_BS = h'0c' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'09', info='packed.ES384', L=1) +challenge = h'af39f78252f66b2ba544cf3da1890d23b86ebd04ab31555a862c03dbc9bb8eb0' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0a', info='packed.ES384', L=32) +client_data_gen_flags = h'ef' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0b', info='packed.ES384', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +extra_client_data = h'8052afdbc2c6cf063daa6b42a96d9cca' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0c', info='packed.ES384', L=16) +authenticatorData = h'bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b50d00000000' +clientDataJSON = h'7b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a22727a6e33676c4c326179756c524d38396f596b4e49376875765153724d5656616869774432386d376a7241222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73652c22657874726144617461223a22636c69656e74446174614a534f4e206d617920626520657874656e6465642077697468206164646974696f6e616c206669656c647320696e20746865206675747572652c207375636820617320746869733a2067464b7632384c477a775939716d74437157326379673d3d227d' +signature = h'3066023100be28c0911459ab7bc2be6c08980605866bbe2eff292591e95cc474d888845bbdb1d956c39cf71bfc44a7a14841cdf76a0231009acf5b458424a635842f0bcf56ed7ba8d1fd6fcea90fc3e3cdc1bbec7b118a1f19dcddd610974f36683c140f7b654f09' + + + +### Packed Attestation with ES512 Credential ### {#sctn-test-vectors-packed-es512} + +[=registration ceremony|Registration=]: + +credential_private_key = h'4ee220cd92b07e11451cb4c201c5755bd879848e492a9b12d79135c62764dc2fd28ead4808cafe5ad1de8fa9e08d4a8eeafea4dfb333877b02bc503f475d3b0c13' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'00', info='packed.ES512', L=65) +aaguid = h'f11120594f6a4944ac3ba59adbbc5b85' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'01', info='packed.ES512', L=16) +credential_id = h'6dcf05ccb7c036e588a48dc2203291bcc30c0cb72d0f0ea6be980dd6c0db4e57' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'02', info='packed.ES512', L=32) + +; auth_data_UV_BE_BS determines the UV, BE and BS bits of the authenticator data flags, but BS is set only if BE is +auth_data_UV_BE_BS = h'a3' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'03', info='packed.ES512', L=1) +challenge = h'39d8ce6a3cf61025775083a738e5c254631413010baddb28c8361f4be2b09ba48532260848a1f6b66faffebc6378db05e5dc456862f3453127059985c0301baf6c9f5c0d24bd623ddb22f01526f6c3142f82eea6ccd05b669323cf82ed2a73a4da3d60f427392fa91f30b45a46fc35101feeb4d96e2f7a2cda3bb62180595508' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'04', info='packed.ES512', L=128) +client_data_gen_flags = h'd1' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'05', info='packed.ES512', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +extra_client_data = h'cf2828fa18e0b82113afcbf0ca492e99' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'06', info='packed.ES512', L=16) +clientDataJSON = h'7b2274797065223a22776562617574686e2e637265617465222c226368616c6c656e6765223a224f646a4f616a7a324543563355494f6e4f4f584356474d554577454c7264736f79445966532d4b776d3653464d695949534b4832746d2d765f72786a654e73463564784661474c7a5254456e425a6d4677444162723279665841306b7657493932794c7746536232777851766775366d7a4e42625a704d6a7a344c744b6e4f6b326a3167394363354c366b664d4c52615276773145425f75744e6c754c336f73326a75324959425a565167222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73652c22657874726144617461223a22636c69656e74446174614a534f4e206d617920626520657874656e6465642077697468206164646974696f6e616c206669656c647320696e20746865206675747572652c207375636820617320746869733a207a79676f2d686a677543455472387677796b6b756d513d3d227d' +attestation_private_key = h'ffbc89d5f75994f52dc5e7538ee269402d26995d40c16fb713473e34fca98be4' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'07', info='packed.ES512', L=32) +attestation_cert_serial_number = h'8a128b7ebe52b993835779e6d9b81355' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'08', info='packed.ES512', L=16) +attestationObject = h'a363666d74667061636b65646761747453746d74a363616c67266373696758473045022100b8329062ff473357aa1f583e8eadee82e88ecab957f4935d575edd67666d26bb02201d33d1b6c08b5d129f663d7256d7b417c705eda6a127ca5b80550c57034c81a2637835638159022730820223308201c8a0030201020211008a128b7ebe52b993835779e6d9b81355300a06082a8648ce3d0403023062311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331253023060355040b0c1c41757468656e74696361746f72204174746573746174696f6e204341310b30090603550406130241413020170d3234303130313030303030305a180f33303234303130313030303030305a305f311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b30090603550406130241413059301306072a8648ce3d020106082a8648ce3d03010703420004940b68885291536e2f7c60c05acfb252e7eebcf4304425dd93ab7b1962f20492bf18dc0f12862599e81fb764ac92151f9a78fcbb35d7a26c8c52949b18133c06a360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e041604143ffad863abcd3dc5717b8a252189f41af97e7f31301f0603551d2304183016801445aff715b0dd786741fee996ebc16547a3931b1e300a06082a8648ce3d0403020349003046022100832c8b64c4f0188bd32e1bec63e13301cdc03165d3ef840d1f3dabb9a5719f83022100add57a9d5bedec98f29222dfc97ea795d055ee13a02a153d02be9ce00aedeb9168617574684461746158e9bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b54100000000f11120594f6a4944ac3ba59adbbc5b8500206dcf05ccb7c036e588a48dc2203291bcc30c0cb72d0f0ea6be980dd6c0db4e57a501020338232003215842003535c56f7c9cd6571bc7b332dc4f4b320cf45d6ccc61475c79c349965d3cf0f97df6f11e5078980b91796246bef83d7b6a4f23c420dab30637afa222f9f70cd22e22584201a0f2ed0c154fe9acb0f472595bb3bbca874918217d6d3267d4b0d85656fc8afb67f60d5b0a559454a8e2b7970ba87c19f3eb4518bed06708015dd3fe4443b39481' + + +[=authentication ceremony|Authentication=]: + +; auth_data_UV_BS sets the UV and BS bits of the authenticator data flags, but BS is set only if BE was set in the registration +auth_data_UV_BS = h'08' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'09', info='packed.ES512', L=1) +challenge = h'ac6836bd58ad3ee52b769db41078f6045059bde06f801bda8f942710e20c3902cb97d1703b443cf1e3670d503e9930378c1686eab6431d713383b578cf7a4c386e552bbd32e648004be7f55c0d33c03a255c8c51b5a1c1b80b856c5afb3c2608d06deacb3f798ceca92f81058ee6c3b9a2facdb17934275aa18b4e13e9451294' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0a', info='packed.ES512', L=128) +client_data_gen_flags = h'52' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0b', info='packed.ES512', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +authenticatorData = h'bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b50100000000' +clientDataJSON = h'7b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a227247673276566974507555726470323045486a324246425a76654276674276616a35516e454f494d4f514c4c6c3946774f30513838654e6e4456412d6d5441336a42614736725a444858457a673756347a33704d4f4735564b373079356b6741532d66315841307a77446f6c584978527461484275417546624672375043594930473371797a39356a4f79704c3445466a75624475614c367a6246354e4364616f59744f452d6c46457051222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73657d' +signature = h'30818802420097f455146b40ea35b533eaed3d10eea650ccc750f8fdd2cdaf99bd8f510cdbc5724ac299d15851acb7cda4d5224e5d472d8eacd3060fa7c25333c620f1a0b4b1ca024201d01204c5a9f2a09bab910912c55e94021f91960f8e11ccee709ddcce4a6fe4ec7d5a8a60dda1535f5681a4b701bd04d6e22f93b208a71920fc26d1a45bf22fd637' + + + +### Packed Attestation with RS256 Credential ### {#sctn-test-vectors-packed-rs256} + +[=registration ceremony|Registration=]: + +; The two smallest Mersenne primes 2^p - 1 where p >= 1024 +private_key_p = 2^1279 - 1 = h'7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +private_key_q = 2^2203 - 1 = h'07ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +aaguid = h'bea8f0770009bd57f2c0df6fea9f743a' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'00', info='packed.RS256', L=16) +credential_id = h'1ca8b19982910a8aefd21b6ce4d505417922af8d6bb3a9beaa037b1257c0f3e6' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'01', info='packed.RS256', L=32) + +; auth_data_UV_BE_BS determines the UV, BE and BS bits of the authenticator data flags, but BS is set only if BE is +auth_data_UV_BE_BS = h'42' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'02', info='packed.RS256', L=1) +challenge = h'992a18acc83f67533600c1138a4b4c4bd236de13629cf025ed17cb00b00b74df' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'03', info='packed.RS256', L=32) +client_data_gen_flags = h'7e' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'04', info='packed.RS256', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +clientDataJSON = h'7b2274797065223a22776562617574686e2e637265617465222c226368616c6c656e6765223a226d536f59724d675f5a314d32414d4554696b744d5339493233684e696e50416c3752664c414c414c644e38222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73657d' +attestation_private_key = h'08a1322d5aa5b5b40cd67c2cc30b038e7921d7888c84c342d50d79f0c5fc3464' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'05', info='packed.RS256', L=32) +attestation_cert_serial_number = h'1f6fb7a5ece81b45896b983a995da5f3' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'06', info='packed.RS256', L=16) +attestationObject = h'a363666d74667061636b65646761747453746d74a363616c6726637369675846304402205c3ff7a023187f3293a42310216c5afdb8fc10444efd24519f96d4ff9c828dde02200879d199f9b9ffa495a745593d73bbd80610472ecbec8d2feaa76ca4021e12ee637835638159022630820222308201c7a00302010202101f6fb7a5ece81b45896b983a995da5f3300a06082a8648ce3d0403023062311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331253023060355040b0c1c41757468656e74696361746f72204174746573746174696f6e204341310b30090603550406130241413020170d3234303130313030303030305a180f33303234303130313030303030305a305f311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b30090603550406130241413059301306072a8648ce3d020106082a8648ce3d03010703420004b7b36b7542a11120b443c794d0c99fdc25a06b76586413d81e086163ef6fe147a557afc34e2861d9057d6d465d4705a0310550bdeeb5f35ee35b9425ab859981a360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e04160414fb37b647bccfb9e54d989eaaacc1633868703fb3301f0603551d2304183016801445aff715b0dd786741fee996ebc16547a3931b1e300a06082a8648ce3d0403020349003046022100b86bc129d92afca7d9869a39f70f139a305b4073a39eb654d81424bed5757d91022100cf9f7c60cab7c4a7d3e7f0020f281a93d4fd0a9f95121b989f56932a68885fba68617574684461746159021bbfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b54100000000bea8f0770009bd57f2c0df6fea9f743a00201ca8b19982910a8aefd21b6ce4d505417922af8d6bb3a9beaa037b1257c0f3e6a4010303390100205901b403fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012143010001' + + +[=authentication ceremony|Authentication=]: + +; auth_data_UV_BS sets the UV and BS bits of the authenticator data flags, but BS is set only if BE was set in the registration +auth_data_UV_BS = h'29' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'07', info='packed.RS256', L=1) +challenge = h'0e53e5ab03396e94a74939561a26ec32ab94eb09428816d49161a5f35361842b' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'08', info='packed.RS256', L=32) +client_data_gen_flags = h'ba' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'09', info='packed.RS256', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +authenticatorData = h'bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b50100000000' +clientDataJSON = h'7b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a22446c506c71774d356270536e53546c57476962734d71755536776c43694262556b57476c38314e68684373222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73657d' +signature = h'02238462144cf5b235f4bb8dc357d925ac3db8a0885b8ece67f4108ac83c6cbdde97d09db17ee07598a6487984271e50490341fc4f8671f12f8fc98495cc99dc0d76edcc7c2f56770ce8dde2b1f0631b4fb15db2a085b85459e7f30d61438db99c44b7652980c507908177bd4d0a389134ddcfb92b39ab043a370aef02e478eeb0c1d8cc1aead4dd302c13582a00a8a246dbbf04ffa4d7b0bd26e8e0151b39bc09851da417219f579cccaebce56a13b8e89977fbe97a09bd2575250c6ca76a517c702b9c37ff1868ee6f12b7b2daada4cd23a11a5a2148fd59d66a68d73148d2b15bd836ac906810126bfd7809306fb8d9e30ee3b82fb6dbaf0d918400cc8583f503358de39eda75203bf8c6c9b8abefe21fd23ad1be9cdf65927050fed9efbedb342673b6d7736d09ccff280422609228666e1db82bb096ce950859b76509714637c2c82566c2803d5df34be9876eebfac9e7ddbc0dd1e5c5d30c0ad67a41751c65cf82da501f46bb7ed43af882dac1d6203f0241eb9375a0dde36eaf407d39cdb215026e37f8d28a94b3a61354b0c12a454cf29d64313910d8008b82fc9ba91a23b309e6eae5cfecfa0dd59e15a42073e57388' + + + +### Packed Attestation with Ed25519 Credential ### {#sctn-test-vectors-packed-ed25519} + +[=registration ceremony|Registration=]: + +private_key = h'560c73a09ce7a1586d61c1d6e41fef149be523e220fc9f385d38ab23702ebf1b' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'00', info='packed.Ed25519', L=32) +aaguid = h'c87fce9e9cd283d272a2418d9683366f' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'01', info='packed.Ed25519', L=16) +credential_id = h'4112300f99fc731e85a68742ceebd2925712bc37f10c8e6c415c1031ba8b2108' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'02', info='packed.Ed25519', L=32) + +; auth_data_UV_BE_BS determines the UV, BE and BS bits of the authenticator data flags, but BS is set only if BE is +auth_data_UV_BE_BS = h'db' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'03', info='packed.Ed25519', L=1) +challenge = h'164009ea09faae7c397bc3e2ad0e7ec0e97a93e0e25d3e38209ee57117e88667' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'04', info='packed.Ed25519', L=32) +client_data_gen_flags = h'c6' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'05', info='packed.Ed25519', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +clientDataJSON = h'7b2274797065223a22776562617574686e2e637265617465222c226368616c6c656e6765223a22466b414a36676e36726e7735653850697251352d774f6c366b2d446958543434494a376c6352666f686d63222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73657d' +attestation_private_key = h'e85af897f4cfd3508cb1505accb04b885c281366700cb2552e50a628ef5401cc' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'06', info='packed.Ed25519', L=32) +attestation_cert_serial_number = h'673ee7fd94405de523fd84a088ab082d' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'07', info='packed.Ed25519', L=16) +attestationObject = h'a363666d74667061636b65646761747453746d74a363616c67266373696758483046022100bbb812aadc28f9fdb2cdf462e80e9ba88dc927b1505919518aa23b1a405bb4d1022100ef3d6c9b7f3aa0d54b427205b50ab472b4b9364a8d4e76275d34f21ebb194bad637835638159022430820220308201c7a0030201020210673ee7fd94405de523fd84a088ab082d300a06082a8648ce3d0403023062311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331253023060355040b0c1c41757468656e74696361746f72204174746573746174696f6e204341310b30090603550406130241413020170d3234303130313030303030305a180f33303234303130313030303030305a305f311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b30090603550406130241413059301306072a8648ce3d020106082a8648ce3d0301070342000430c817713601dee867e103f4c5079185a9d625e7b9989121aa25be035aacd9233952ccb78db189151b69d3f7c5ba468bc746f229d5c37a6f386f23bc40efa630a360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e04160414b26b3b932a1156defc0b17aca35ba8868ebc23c9301f0603551d2304183016801445aff715b0dd786741fee996ebc16547a3931b1e300a06082a8648ce3d0403020347003044022007fe518ed4cf69cb6227a1d47761eafe336bf1b877a2269dfec3cf2c4d1a113102200d5e564fdab17f3c47ae9aeaf71a6977bc385c498ebf59bd8d27edb1694c89596861757468446174615881bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b55900000000c87fce9e9cd283d272a2418d9683366f00204112300f99fc731e85a68742ceebd2925712bc37f10c8e6c415c1031ba8b2108a4010103272006215820b62ed483bb39ce5fd5b67850f3e8d415456dd4f8c3728b5eefb6ded99bcb7bec' + + +[=authentication ceremony|Authentication=]: + +; auth_data_UV_BS sets the UV and BS bits of the authenticator data flags, but BS is set only if BE was set in the registration +auth_data_UV_BS = h'6e' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'08', info='packed.Ed25519', L=1) +challenge = h'3790da8b2b72ee8ce19761787ad38cbfaa697eb3ca013a1342988756b98785ab' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'09', info='packed.Ed25519', L=32) +client_data_gen_flags = h'de' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0a', info='packed.Ed25519', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +authenticatorData = h'bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b50d00000000' +clientDataJSON = h'7b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a224e35446169797479376f7a686c32463465744f4d763670706672504b41546f545170694856726d48686173222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73657d' +signature = h'1a487f145f90a22935a28b6515b6140ace55fab6e5fae42eeef66e13fe279068e3b820072fddc205e7e3a756f0d80e167920004adfecc2106021c3a46f87820f' + + + +### TPM Attestation with ES256 Credential ### {#sctn-test-vectors-tpm-es256} + +[=registration ceremony|Registration=]: + +credential_private_key = h'cfc82cdf1ceee876120aa88f0364f0910193460cfb97a317b2fe090694f9a299' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'00', info='tpm.ES256', L=32) +aaguid = h'80c60805e564f6d33e7abdff9d32e3db' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'01', info='tpm.ES256', L=16) +credential_id = h'846cba8a07a4eceb4ab3e2cb87b6030e900e57de34b51dbd5906795194fcf3d5' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'02', info='tpm.ES256', L=32) + +; auth_data_UV_BE_BS determines the UV, BE and BS bits of the authenticator data flags, but BS is set only if BE is +auth_data_UV_BE_BS = h'4b' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'03', info='tpm.ES256', L=1) +challenge = h'ec27bec7521c894bbb821105ea3724c90e770cf1fa354157ef18d0f18f78bea9' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'04', info='tpm.ES256', L=32) +client_data_gen_flags = h'af' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'05', info='tpm.ES256', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +extra_client_data = h'6210f09e0ce7593e851a880a4bdde2d2' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'06', info='tpm.ES256', L=16) +clientDataJSON = h'7b2274797065223a22776562617574686e2e637265617465222c226368616c6c656e6765223a223743652d783149636955753767684546366a636b79513533445048364e55465837786a513859393476716b222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73652c22657874726144617461223a22636c69656e74446174614a534f4e206d617920626520657874656e6465642077697468206164646974696f6e616c206669656c647320696e20746865206675747572652c207375636820617320746869733a20596844776e677a6e57543646476f674b5339336930673d3d227d' +attestation_private_key = h'311fc42da0ab10c43a9b1bf3a75e34e2f1fa192195f8864aa4c5118a8b378676' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'07', info='tpm.ES256', L=32) +attestation_cert_serial_number = h'00093b66c21d5b5e89f7a07082118907' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'08', info='tpm.ES256', L=16) +attestationObject = h'a363666d746374706d6761747453746d74a663616c67266373696758473045022005aef20a467cf1dc0f2db3e03975c4dbe3528ab0f2273a37edce7ae187132d84022100c4e09164f08ef5595af1ef6ad905d7cacddf0e15bac5aabf977b38014a0a642a6376657263322e30637835638159023830820234308201dba003020102020f093b66c21d5b5e89f7a07082118907300a06082a8648ce3d0403023062311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331253023060355040b0c1c41757468656e74696361746f72204174746573746174696f6e204341310b30090603550406130241413020170d3234303130313030303030305a180f33303234303130313030303030305a30003059301306072a8648ce3d020106082a8648ce3d03010703420004fdcbcb6c44d227a2724f597ffba7649c239a008e8f60be3863b7b5b3853d7a6463a6c6ae9b7cd2ff89e9a6582483e0f957a6f97504f19531186f58c79c93f48ea381d33081d0300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e0416041432da86a1e871dc93aee3000ae42b69217313bb3a301f0603551d2304183016801445aff715b0dd786741fee996ebc16547a3931b1e30100603551d250409300706056781050803305e0603551d110101ff04543052a450304e314c3014060567810502010c0b69643a30303030303030303014060567810502030c0b69643a3030303030303030301e060567810502020c15576562417574686e207465737420766563746f7273300a06082a8648ce3d0403020347003044022039aa348e54bf4cdf7795e4e9f51822be64b72133d21c5cb46acbe5f13defaa3d022021b767fdee411aebaad9b26f0001c37d67124871ddeb7b887bb83acd2c25eeb1677075624172656158560023000b00040000000000100010000300100020f844c590ad44f71d8fbc058f0e4f394fb81a0ce400f1e212ade73f1e5d56beb600203c118efb4a09eeac041c661ff38322e750a1eb81c0f2e5e87d86d081cd7f5d9f6863657274496e666f5869ff544347801700000020efc87a2ef218b6b69dcd9a14ac2142f5a6b94f69c9fe34cb583db56eab462037000000000000000011111111222222223300000000000000000022000ba3ff75055ce7a534d9ba0a08078ef6af6b5f6c24734d35076cb54b5eac9c8645000068617574684461746158a4bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b5490000000080c60805e564f6d33e7abdff9d32e3db0020846cba8a07a4eceb4ab3e2cb87b6030e900e57de34b51dbd5906795194fcf3d5a5010203262001215820f844c590ad44f71d8fbc058f0e4f394fb81a0ce400f1e212ade73f1e5d56beb62258203c118efb4a09eeac041c661ff38322e750a1eb81c0f2e5e87d86d081cd7f5d9f' + + +[=authentication ceremony|Authentication=]: + +; auth_data_UV_BS sets the UV and BS bits of the authenticator data flags, but BS is set only if BE was set in the registration +auth_data_UV_BS = h'86' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'09', info='tpm.ES256', L=1) +challenge = h'87240b9a62115dec2e7609da643c5efe9a362039d5b5ca5fd978c995565e2019' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0a', info='tpm.ES256', L=32) +client_data_gen_flags = h'65' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0b', info='tpm.ES256', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +extra_client_data = h'845b4dabef76d333191dd1cf1ccc6e77' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0c', info='tpm.ES256', L=16) +authenticatorData = h'bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b50d00000000' +clientDataJSON = h'7b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a226879514c6d6d49525865777564676e615a4478655f706f3249446e567463706632586a4a6c565a6549426b222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73652c22657874726144617461223a22636c69656e74446174614a534f4e206d617920626520657874656e6465642077697468206164646974696f6e616c206669656c647320696e20746865206675747572652c207375636820617320746869733a206846744e712d3932307a4d5a48644850484d787564773d3d227d' +signature = h'3045022100f5e6e13be821a0f92c392368cfc1fddee2ce285101d31edde42e630a5f1b26930220608f176bffb5bb77fb07dc3c86c71c71d79121bf08a569d772cfb5cadbbf80ab' + + + +### Android Key Attestation with ES256 Credential ### {#sctn-test-vectors-android-key-es256} + +[=registration ceremony|Registration=]: + +credential_private_key = h'3de1f0b7365dccde3ff0cbf25e26ffa7baff87ef106c80fc865dc402d9960050' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'00', info='android-key.ES256', L=32) +aaguid = h'd4328d911acb0ebcc42aad29b29ffb55' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'01', info='android-key.ES256', L=16) +credential_id = h'73702b5b3b7914c9accccbf0dd8ee9cf35980a1ba6783f38b6cfade304dff72a' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'02', info='android-key.ES256', L=32) + +; auth_data_UV_BE_BS determines the UV, BE and BS bits of the authenticator data flags, but BS is set only if BE is +auth_data_UV_BE_BS = h'55' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'03', info='android-key.ES256', L=1) +challenge = h'ade9705e1ce7085b899a540d02199bf81144635e76fc5242d20aa08744098bdf' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'04', info='android-key.ES256', L=32) +client_data_gen_flags = h'0a' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'05', info='android-key.ES256', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +clientDataJSON = h'7b2274797065223a22776562617574686e2e637265617465222c226368616c6c656e6765223a2272656c7758687a6e4346754a6d6c514e41686d622d424645593135325f464a43306771676830514a693938222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73657d' +attestation_cert_serial_number = h'1e7475c966f1aa0e6cae460c640b0d1c' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'06', info='android-key.ES256', L=16) +attestationObject = h'a363666d746b616e64726f69642d6b65796761747453746d74a363616c67266373696758483046022100f714c80521e01912512c1060c3af2eb72d3c50c920c6983cbbcca9c70a94b5e1022100f843d24a88a1f4760e708c1e843029d229e35885377484336eb5d152d0b06d5f637835638159026e3082026a30820210a00302010202101e7475c966f1aa0e6cae460c640b0d1c300a06082a8648ce3d0403023062311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331253023060355040b0c1c41757468656e74696361746f72204174746573746174696f6e204341310b30090603550406130241413020170d3234303130313030303030305a180f33303234303130313030303030305a305f311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b30090603550406130241413059301306072a8648ce3d020106082a8648ce3d030107034200045c51e8955081f6cc26557439b79653189a471e5103934489a51b2413d5ad573f23126fe1143fd42f504db909a84b2403e5f9ce9eb76522737e33b386a646b914a381a83081a5300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e04160414f0e9ebef33022d1433f95a39c2ffc6f431eacd0d301f0603551d2304183016801445aff715b0dd786741fee996ebc16547a3931b1e3045060a2b06010401d679020111043730350202012c0201000201000201000420d830d3391507beb7aae42af48f463f7aaa1a4472667203c81484bd7163a54b28040030003000300a06082a8648ce3d040302034800304502202dcabe29693e13d6cf7bb378df714a731aa19d01507c572e28b7a280b3de565602210091a3601b368f5c5ee32cb1e21db63e46c87dcabb2fcd1f08a1b3a0d46c9f668e68617574684461746158a4bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b54500000000d4328d911acb0ebcc42aad29b29ffb55002073702b5b3b7914c9accccbf0dd8ee9cf35980a1ba6783f38b6cfade304dff72aa50102032620012158205c51e8955081f6cc26557439b79653189a471e5103934489a51b2413d5ad573f22582023126fe1143fd42f504db909a84b2403e5f9ce9eb76522737e33b386a646b914' + + +[=authentication ceremony|Authentication=]: + +; auth_data_UV_BS sets the UV and BS bits of the authenticator data flags, but BS is set only if BE was set in the registration +auth_data_UV_BS = h'1f' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'07', info='android-key.ES256', L=1) +challenge = h'e4ee05ca9dbced74116540f24ed9adc62aae8507560522844ffa7eea14f7af86' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'08', info='android-key.ES256', L=32) +client_data_gen_flags = h'43' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'09', info='android-key.ES256', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +extra_client_data = h'ab127107eff182bc3230beb5f1dad29c' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0a', info='android-key.ES256', L=16) +authenticatorData = h'bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b50500000000' +clientDataJSON = h'7b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a22354f344679703238375851525a55447954746d74786971756851645742534b45545f702d36685433723459222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73652c22657874726144617461223a22636c69656e74446174614a534f4e206d617920626520657874656e6465642077697468206164646974696f6e616c206669656c647320696e20746865206675747572652c207375636820617320746869733a2071784a78422d5f78677277794d4c3631386472536e413d3d227d' +signature = h'304502210090f85100c6aa43a189da1c56c233e156ed55f69cd4da33216ff06c849a572cec022053302acf7b035ad75ada3ea5460da0a00ef8ea35ddfa7763382684deaa11267a' + + + +### Apple Anonymous Attestation with ES256 Credential ### {#sctn-test-vectors-apple-es256} + +[=registration ceremony|Registration=]: + +credential_private_key = h'f7f688213852007775009cf8c096fda89d60b9a9fb5a50dd81dd9898af5a0609' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'00', info='apple.ES256', L=32) +aaguid = h'de987bd9d43eeb44728ce0b14df11209' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'01', info='apple.ES256', L=16) +credential_id = h'5f3a7b82a4fa125eeb51b167216dc7f40bc2ceef0f7f13917768834f4ad01721' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'02', info='apple.ES256', L=32) + +; auth_data_UV_BE_BS determines the UV, BE and BS bits of the authenticator data flags, but BS is set only if BE is +auth_data_UV_BE_BS = h'4e' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'03', info='apple.ES256', L=1) +challenge = h'748210a20076616a733b2114336fc3842046375c2e043c7072b67c28c92713fd' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'04', info='apple.ES256', L=32) +client_data_gen_flags = h'9c' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'05', info='apple.ES256', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +clientDataJSON = h'7b2274797065223a22776562617574686e2e637265617465222c226368616c6c656e6765223a22644949516f6742325957707a4f7945554d325f44684342474e3177754244787763725a384b4d6b6e455f30222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73657d' +attestation_cert_serial_number = h'2a28566322e1cf4345cf1e7f273062cc' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'06', info='apple.ES256', L=16) +attestationObject = h'a363666d74656170706c656761747453746d74a1637835638159025c30820258308201fea00302010202102a28566322e1cf4345cf1e7f273062cc300a06082a8648ce3d0403023062311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331253023060355040b0c1c41757468656e74696361746f72204174746573746174696f6e204341310b30090603550406130241413020170d3234303130313030303030305a180f33303234303130313030303030305a305f311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b30090603550406130241413059301306072a8648ce3d020106082a8648ce3d03010703420004d1a9c9729591ebf0344971c8e7733885628a10f4b227c0906922c388d8278db29f71d02ae6c154b4348559fedcfd440ee094fc8191aebc3fe9e39f3ad5ba1e8fa38196308193300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e04160414d671e651a36297ecc9697f5f745e1bd7ac6322de301f0603551d2304183016801445aff715b0dd786741fee996ebc16547a3931b1e303306092a864886f76364080204263024a1220420489fd0c2d3ac5eff99d25dfe5ab6965bed5c2aa7d69b40d1f69ccbb1cd3bda09300a06082a8648ce3d040302034800304502201cf8cefe458ca6266f972a1e1a075512d1c635769bde6eb3e276583256aa8a8a022100cecc0e4b97a77dd50f2dd4fa46f114d0e2f1ebea2ea8a50e03fdba399a4f788c68617574684461746158a4bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b54d00000000de987bd9d43eeb44728ce0b14df1120900205f3a7b82a4fa125eeb51b167216dc7f40bc2ceef0f7f13917768834f4ad01721a5010203262001215820d1a9c9729591ebf0344971c8e7733885628a10f4b227c0906922c388d8278db22258209f71d02ae6c154b4348559fedcfd440ee094fc8191aebc3fe9e39f3ad5ba1e8f' + + +[=authentication ceremony|Authentication=]: + +; auth_data_UV_BS sets the UV and BS bits of the authenticator data flags, but BS is set only if BE was set in the registration +auth_data_UV_BS = h'39' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'07', info='apple.ES256', L=1) +challenge = h'd3eb2964641e26fed023403a72dde093b19c4ba9008c3f9dd83fcfd347a66d05' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'08', info='apple.ES256', L=32) +client_data_gen_flags = h'c2' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'09', info='apple.ES256', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +authenticatorData = h'bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b51900000000' +clientDataJSON = h'7b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a22302d73705a4751654a76375149304136637433676b37476353366b416a442d6432445f503030656d625155222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73657d' +signature = h'304602210089936fd5029f282413a7edb6fd28d66abff7b3a67d9becbcab30c95d34fee279022100dd7d149140fad109622d05cf99c9843d56a28ad17cca9327924813b8916a2d97' + + + +### FIDO U2F Attestation with ES256 Credential ### {#sctn-test-vectors-fido-u2f-es256} + +[=registration ceremony|Registration=]: + +credential_private_key = h'e074372990b9caa507a227dfc67b003780c45325380d1a90c20f81ed7d080c06' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'00', info='fido-u2f.ES256', L=32) +aaguid = h'51bd002938fa10b83683ac2a2032d0a7' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'01', info='fido-u2f.ES256', L=16) +credential_id = h'006196e0420561d3c30d3ddc855b58ab7fe7a80c4040bba9dc17e1ff3ee573fa' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'02', info='fido-u2f.ES256', L=32) + +challenge = h'afb3c2efc054df425013d5c88e79c3c1872deca405492a4dc0867e742c6f4049' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'03', info='fido-u2f.ES256', L=32) +client_data_gen_flags = h'a4' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'04', info='fido-u2f.ES256', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +clientDataJSON = h'7b2274797065223a22776562617574686e2e637265617465222c226368616c6c656e6765223a22723750433738425533304a51453958496a6e6e4477596374374b51465353704e77495a2d6443787651456b222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73657d' +attestation_private_key = h'66fda477a2a99d14c5edd7c1041a297ba5f3375108b1d032b79429f42349ce33' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'05', info='fido-u2f.ES256', L=32) +attestation_cert_serial_number = h'04f66dc6542ea7719dea416d325a2401' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'06', info='fido-u2f.ES256', L=16) +attestationObject = h'a363666d74686669646f2d7532666761747453746d74a2637369675847304502204106b2bcd7c32cfb2e89b94c71b0968c38acb7e521064b3e5bd2ece0db82f615022100c2c4a7d9591cb63892f4ecda04cfc4df5b2be7ec5fdf60d1bba12d6f66c55cad637835638159022530820221308201c7a003020102021004f66dc6542ea7719dea416d325a2401300a06082a8648ce3d0403023062311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331253023060355040b0c1c41757468656e74696361746f72204174746573746174696f6e204341310b30090603550406130241413020170d3234303130313030303030305a180f33303234303130313030303030305a305f311e301c06035504030c15576562417574686e207465737420766563746f7273310c300a060355040a0c0357334331223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b30090603550406130241413059301306072a8648ce3d020106082a8648ce3d0301070342000456fffa7093dede46aefeefb6e520c7ccc78967636e2f92582ba71455f64e93932dff3be4e0d4ef68e3e3b73aa087e26a0a0a30b02dc2aa2309db4c3a2fc936dea360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e04160414420822eb1908b5cd3911017fbcad4641c05e05a3301f0603551d2304183016801445aff715b0dd786741fee996ebc16547a3931b1e300a06082a8648ce3d040302034800304502200d0b777f0a0b181ad2830275acc3150fd6092430bcd034fd77beb7bdf8c2d546022100d4864edd95daa3927080855df199f1717299b24a5eecefbd017455a9b934d8f668617574684461746158a4bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b5410000000051bd002938fa10b83683ac2a2032d0a70020006196e0420561d3c30d3ddc855b58ab7fe7a80c4040bba9dc17e1ff3ee573faa501020326200121582071894b9613ac48ad3a0e2058e0b76d59a9ba52fa17f91f13e7b608020ec505de2258204f07d23cbb5e2301bebb7004fe8fc4a8a68fb5adaf39e335c08aa783cb28800b' + + +[=authentication ceremony|Authentication=]: + +; auth_data_UV_BS sets the UV and BS bits of the authenticator data flags, but BS is set only if BE was set in the registration +auth_data_UV_BS = h'f9' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'07', info='fido-u2f.ES256', L=1) +challenge = h'2c3ed1a7de8b4fcf1f8157bc950f27fceb1aa0e3ec0243f3e302209c9a7eda4e' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'08', info='fido-u2f.ES256', L=32) +client_data_gen_flags = h'd1' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'09', info='fido-u2f.ES256', L=1) +; extra_client_data is included iff bit 0x01 of client_data_gen_flags is 1 +extra_client_data = h'6b83303e461c541a8a1475540e688c22' ; Derived by: HKDF-SHA-256(IKM='WebAuthn test vectors', salt=h'0a', info='fido-u2f.ES256', L=16) +authenticatorData = h'bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b50100000000' +clientDataJSON = h'7b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a224c4437527039364c54383866675665386c51386e5f4f73616f4f5073416b507a347749676e4a702d326b34222c226f726967696e223a2268747470733a2f2f6578616d706c652e6f7267222c2263726f73734f726967696e223a66616c73652c22657874726144617461223a22636c69656e74446174614a534f4e206d617920626520657874656e6465642077697468206164646974696f6e616c206669656c647320696e20746865206675747572652c207375636820617320746869733a2061344d77506b59635642714b46485655446d694d49673d3d227d' +signature = h'30450221009be9d57805847ac3e1ab0f385dfc652ae7ec300b9069aba0b48e9e6901847160022063772fbfabddde5cadca449cc7a648877a68b8a1b48cf91d7a66b108072c46c6' + + + # Acknowledgements # {#sctn-acknowledgements} We thank the following people for their reviews of, and contributions to, this specification: Yuriy Ackermann,