PassKeys decoded attestation has no statement

Hi,

I'm decoding an attestationObject created with ASAuthorizationPlatformPublicKeyCredentialRegistration, but the results have no statement:

{'fmt': 'none', 'attStmt': {}, 'authData': '.....data here.......'}

The whole credentialRegistration.rawAttestationObject is 182 bytes

I'm expecting to see keys like: sig, x5c, alg, certInfo, pubArea etc, but the dictionary is empty, any ideas why it would be empty?

Expected Keys: https://github.com/duo-labs/py_webauthn/blob/9d81f2ea12d247b034714aac73701dce32cd67c8/webauthn/helpers/parse_attestation_statement.py#L4

Up vote post of ChrisAtWork Down vote post of ChrisAtWork
58 views
Posted by
ChrisAtWork
Reply
Add a Comment

Replies

hmmm, as noted here: https://developer.apple.com/forums/thread/708982 the engineer states passkeys have no statement...confusing

Posted by
ChrisAtWork
Up vote reply of ChrisAtWork Down vote reply of ChrisAtWork

  • Yep, this is expected. Attestation statements were designed in the spec to attest to specific properties of the authenticator, under the assumption the credential would only live on that one authenticator. When credentials can sync to other authenticators which may have different properties, the current attestation statement design doesn't have a way to express this.

    Frameworks Engineer
Add a Comment

I've found the key in the authData section

Posted by
ChrisAtWork
Up vote reply of ChrisAtWork Down vote reply of ChrisAtWork
Add a Comment