Chromium wants RS256 in addition to ES256 #28

holic · 2024-10-02T15:37:56Z

publicKey.pubKeyCredParams is missing at least one of the default algorithm identifiers: ES256 and RS256. This can result in registration failures on incompatible authenticators. See https://chromium.googlesource.com/chromium/src/+/main/content/browser/webauth/pub_key_cred_params.md for details

webauthn-p256/src/credential.ts

Lines 174 to 179 in f63da18

    
           pubKeyCredParams: [ 
        
             { 
        
               type: 'public-key', 
        
               alg: -7, // p256 
        
             }, 
        
           ],

If left unspecified, Chrome uses the default values of ES256 (-7) and RS256 (-257).

In some situations, a Relying Party developer might choose to augment this list with other identifiers. However, developers should be aware that excluding either of the default identifiers has compatibility risks. In particular, RS256 is necessary for compatibility with Microsoft Windows platform authenticators. ES256 is a widely supported algorithm and is compatible with most other platform authenticators and roaming authenticators.

Would it make sense to add RS256?

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Chromium wants RS256 in addition to ES256 #28

Chromium wants RS256 in addition to ES256 #28

holic commented Oct 2, 2024

Chromium wants RS256 in addition to ES256 #28

Chromium wants RS256 in addition to ES256 #28

Comments

holic commented Oct 2, 2024