docs: add EdDSA/Ed25519 to allowed WebAuthn signature schemes#6239
Closed
sea-snake wants to merge 2 commits into
Closed
docs: add EdDSA/Ed25519 to allowed WebAuthn signature schemes#6239sea-snake wants to merge 2 commits into
sea-snake wants to merge 2 commits into
Conversation
The COSE parser and validator are being extended in dfinity/ic#10081 to accept Ed25519 WebAuthn keys (COSE kty=OKP, alg=EdDSA, crv=Ed25519), matching authenticators such as the NitroKey 3A. Update the interface specification to mirror that: list EdDSA on Ed25519 as a third allowed WebAuthn signature scheme, and clarify that EdDSA WebAuthn signatures use the raw 64-byte R || s encoding from RFC 8032 §5.1.6 rather than DER (which only applies to ECDSA). Refs: dfinity/internet-identity#3835
github-actions
Bot
added
the
interface-spec
Contributor
|
Moved to dfinity/developer-docs: dfinity/developer-docs#250 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Update the IC interface specification to allow EdDSA on curve Ed25519 as a third WebAuthn signature scheme (alongside ECDSA P-256 and RSA PKCS#1v1.5), mirroring the implementation change in dfinity/ic#10081.
Changes
docs/references/ic-interface-spec.md§Web Authentication: addEdDSA on curve Ed25519to the allowed-schemes list; clarify the signature encoding note to call out that Ed25519 WebAuthn signatures are the raw 64-byteR || sconcatenation from RFC 8032 §5.1.6 (not DER-wrapped, which only applies to ECDSA).docs/references/_attachments/interface-spec-changelog.md: new entry. The version number (0.61.0) is a placeholder — happy to adjust to whatever the maintainers prefer.Context
Was triggered by the implementation work in dfinity/ic#10081 to accept Ed25519 WebAuthn keys (e.g. NitroKey 3A authenticators emit
kty=OKP / alg=EdDSA / crv=Ed25519). Reviewer @eichhorl asked whether there's a corresponding spec PR — this is it.