Table of Contents

Class PreviewSignExtension

Namespace
Yubico.YubiKey.Fido2
Assembly
Yubico.YubiKey.dll

CBOR encoder/decoder for the "previewSign" WebAuthn extension.

public static class PreviewSignExtension
Inheritance
object
PreviewSignExtension

Remarks

Wire format follows the previewSign extension specification: https://yubicolabs.github.io/webauthn-sign-extension/4/#sctn-sign-extension.

Methods

DecodeGeneratedKey(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>)

Decode the previewSign generated-key payload from the paired signed and unsigned extension output values.

public static PreviewSignGeneratedKey? DecodeGeneratedKey(ReadOnlyMemory<byte> signedOutputs, ReadOnlyMemory<byte> unsignedOutputs)

Parameters

signedOutputs ReadOnlyMemory<byte>

The CBOR-encoded signed previewSign output containing the algorithm.

unsignedOutputs ReadOnlyMemory<byte>

The CBOR-encoded unsigned previewSign output containing the attestation object.

Returns

PreviewSignGeneratedKey

A generated key container if the payload contains well formed generated key material.

Exceptions

Ctap2DataException

The payload contains malformed generated-key material.

DecodeSignature(ReadOnlyMemory<byte>)

Parse the signed previewSign extension output produced by the authenticator after a GetAssertion. The previewSign extension output is a CBOR map; its key 6 entry is the signature byte string.

public static byte[] DecodeSignature(ReadOnlyMemory<byte> previewSignAuthDataValue)

Parameters

previewSignAuthDataValue ReadOnlyMemory<byte>

Returns

byte[]

Exceptions

Ctap2DataException

The payload is malformed or missing the required signature.

EncodeGenerateKeyInput(ReadOnlySpan<CoseAlgorithmIdentifier>, PreviewSignOptions)

Encode the MakeCredential extension input map: {3:[algs], 4:flags}.

public static byte[] EncodeGenerateKeyInput(ReadOnlySpan<CoseAlgorithmIdentifier> algorithms, PreviewSignOptions flags)

Parameters

algorithms ReadOnlySpan<CoseAlgorithmIdentifier>

A list of acceptable signature algorithms, ordered from most preferred to least preferred.

flags PreviewSignOptions

The user presence (UP) and user verification (UV) policy for this signing key pair.

Returns

byte[]

The CBOR-encoded extension input.

EncodeSignInput(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, ReadOnlyMemory<byte>?)

Encode the GetAssertion extension input as a flat map. {2:keyHandle, 6:tbs, 7:additionalArgs?}.

public static byte[] EncodeSignInput(ReadOnlyMemory<byte> keyHandle, ReadOnlyMemory<byte> toBeSigned, ReadOnlyMemory<byte>? additionalArgs = null)

Parameters

keyHandle ReadOnlyMemory<byte>
toBeSigned ReadOnlyMemory<byte>
additionalArgs ReadOnlyMemory<byte>?

Returns

byte[]

Remarks

The map corresponds to the keyHandle, tbs, and optional additionalArgs fields of the AuthenticationExtensionsSignSignInputs dictionary. The toBeSigned and additionalArgs values are algorithm-specific signing inputs and are encoded unchanged.