@motebit/crypto-appattest 1.0.3 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -1
- package/package.json +3 -3
package/README.md
CHANGED
|
@@ -33,13 +33,21 @@ const result = await verify(credential, {
|
|
|
33
33
|
|
|
34
34
|
A verifier that dynamically fetches CA certificates has no sovereign story. The pinned root is the self-attesting contract — third parties audit `APPLE_APPATTEST_ROOT_PEM` and know what chain this library accepts. Zero network; chain path, clock-skew, and OID extraction are all deterministic from Apple's published spec.
|
|
35
35
|
|
|
36
|
+
## Lower-level primitives
|
|
37
|
+
|
|
38
|
+
Beyond `deviceCheckVerifier`, the package exports a few primitives for advanced consumers (test harnesses, third-party verifiers that want to plug pieces of the chain into their own dispatcher):
|
|
39
|
+
|
|
40
|
+
- `verifyAppAttestReceipt(...)` — bare-metal entry: takes the parsed receipt + caller-supplied trust roots and returns the structured verification result. `deviceCheckVerifier` is a thin curry over this.
|
|
41
|
+
- `parseAppAttestCbor(bytes)` — parse the raw CBOR Apple emits from `DCAppAttestService.attestKey` into a typed `AppAttestReceipt`. Used internally; exposed for test fixtures and inspection tools.
|
|
42
|
+
- `APPLE_APPATTEST_FMT` — the canonical fmt-string constant (`"apple-appattest"`) used to dispatch by attestation format. Exported so other dispatchers can pattern-match without hardcoding.
|
|
43
|
+
- `APPLE_APPATTEST_ROOT_PEM` — the pinned Apple App Attestation Root CA, exported for audit and for `HardwareVerifierBundleConfig.appAttestRootPem` overrides in `@motebit/verify`.
|
|
44
|
+
|
|
36
45
|
## Related
|
|
37
46
|
|
|
38
47
|
- [`@motebit/crypto`](https://www.npmjs.com/package/@motebit/crypto) — dispatcher (pure permissive-floor; zero deps)
|
|
39
48
|
- [`@motebit/crypto-android-keystore`](https://www.npmjs.com/package/@motebit/crypto-android-keystore) — Android sibling (canonical sovereign-verifiable Android primitive)
|
|
40
49
|
- [`@motebit/crypto-tpm`](https://www.npmjs.com/package/@motebit/crypto-tpm) — TPM 2.0 sibling
|
|
41
50
|
- [`@motebit/crypto-webauthn`](https://www.npmjs.com/package/@motebit/crypto-webauthn) — browser sibling
|
|
42
|
-
- [`@motebit/crypto-play-integrity`](https://www.npmjs.com/package/@motebit/crypto-play-integrity) — _(deprecated — see `crypto-android-keystore`)_
|
|
43
51
|
- [`@motebit/verify`](https://www.npmjs.com/package/@motebit/verify) — canonical CLI bundling the platform leaves with motebit defaults
|
|
44
52
|
|
|
45
53
|
## License
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@motebit/crypto-appattest",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.5",
|
|
4
4
|
"description": "Apache-2.0 verifier for Apple App Attest hardware-attestation credentials — offline chain verification against the pinned Apple App Attest root CA. Plugs into @motebit/crypto's HardwareAttestationVerifiers dispatcher to validate iOS device-attested motebit identities.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -54,8 +54,8 @@
|
|
|
54
54
|
"dependencies": {
|
|
55
55
|
"@peculiar/x509": "^1.12.0",
|
|
56
56
|
"cbor2": "^1.9.0",
|
|
57
|
-
"@motebit/protocol": "1.
|
|
58
|
-
"@motebit/crypto": "1.
|
|
57
|
+
"@motebit/protocol": "1.3.0",
|
|
58
|
+
"@motebit/crypto": "1.3.0"
|
|
59
59
|
},
|
|
60
60
|
"devDependencies": {
|
|
61
61
|
"@noble/curves": "~1.9.0",
|