How to retrieve a symmetric key using Webauthn/CTAP HMAC-Secret extension in a web browser?
Question
I am trying to leverage the CTAP hmac-secret extension to retrieve a key for symmetric encryption in a web browser. I have Yubikey5 which implements this extension. I read through the CTAP specs, but I cannot find a reference how to do it once I get the assertion data.
Here's my simplified code:
var getCredentialDefaultArgs = {
publicKey: {
timeout: 60000,
allowCredentials: myCredentials,
challenge: myUint8Array,
extensions: {
hmacGetSecret: {
salt1: "01234567890ABCDEF"
}
}
}
}
navigator.credentials.get(getCredentialDefaultArgs)
.then((assertion) => {
console.log("assertion", assertion.response.authenticatorData);
// How do I get my symmetric secret from the authenticatorData ?
// log just shows: ArrayBuffer(37) {byteLength: 37}
})
.catch((err) => {
console.log("assertion error", err);
});
I have not been able to find a single working example in JavaScript that would utilize this feature in a web browser.
1 answers
solution1
0 2021-12-02 16:39:10
This extension is currently reserved only for platforms. WebAuthn does not have access to it. Might change in future.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.