@motebit/crypto-webauthn 1.0.3 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -1
- package/package.json +3 -3
package/README.md
CHANGED
|
@@ -34,13 +34,21 @@ v1 accepts `fmt: "packed"` only. Other formats (`tpm`, `android-key`, `android-s
|
|
|
34
34
|
|
|
35
35
|
A verifier that dynamically fetches the FIDO Metadata Service has no sovereign story. The pinned root set is the self-attesting contract — third parties audit `DEFAULT_FIDO_ROOTS` and know which vendor roots this library accepts. Rotations land as additive constants.
|
|
36
36
|
|
|
37
|
+
## Lower-level primitives
|
|
38
|
+
|
|
39
|
+
Beyond `webauthnVerifier`, the package exports the parser + pinned-root constants for advanced consumers:
|
|
40
|
+
|
|
41
|
+
- `verifyWebAuthnAttestation(...)` — bare-metal entry: takes the parsed attestation object + caller-supplied roots and returns the structured verification result. `webauthnVerifier` is a thin curry over this.
|
|
42
|
+
- `parseWebAuthnAttestationObjectCbor(bytes)` — parse the raw CBOR object the browser emits into a typed `{ fmt, attStmt, authData }` structure.
|
|
43
|
+
- `WEBAUTHN_FMT_PACKED` — the canonical fmt-string constant (`"packed"`) used to dispatch by attestation format.
|
|
44
|
+
- `APPLE_WEBAUTHN_ROOT_PEM`, `YUBICO_FIDO_ROOT_PEM`, `MICROSOFT_TPM_ROOT_PEM` — the pinned vendor roots, exported for audit and for `HardwareVerifierBundleConfig.webauthnRootPems` overrides in `@motebit/verify`.
|
|
45
|
+
|
|
37
46
|
## Related
|
|
38
47
|
|
|
39
48
|
- [`@motebit/crypto`](https://www.npmjs.com/package/@motebit/crypto) — dispatcher (pure permissive-floor; zero deps)
|
|
40
49
|
- [`@motebit/crypto-appattest`](https://www.npmjs.com/package/@motebit/crypto-appattest) — iOS sibling
|
|
41
50
|
- [`@motebit/crypto-android-keystore`](https://www.npmjs.com/package/@motebit/crypto-android-keystore) — Android sibling (canonical sovereign-verifiable Android primitive)
|
|
42
51
|
- [`@motebit/crypto-tpm`](https://www.npmjs.com/package/@motebit/crypto-tpm) — TPM 2.0 sibling
|
|
43
|
-
- [`@motebit/crypto-play-integrity`](https://www.npmjs.com/package/@motebit/crypto-play-integrity) — _(deprecated — see `crypto-android-keystore`)_
|
|
44
52
|
- [`@motebit/verify`](https://www.npmjs.com/package/@motebit/verify) — canonical CLI bundling the platform leaves with motebit defaults
|
|
45
53
|
|
|
46
54
|
## License
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@motebit/crypto-webauthn",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.5",
|
|
4
4
|
"description": "Apache-2.0 verifier for W3C WebAuthn packed-attestation hardware-attestation credentials — offline chain verification against pinned FIDO vendor roots (Apple, Yubico, Microsoft). Plugs into @motebit/crypto's HardwareAttestationVerifiers dispatcher to validate browser-attested motebit identities.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -53,8 +53,8 @@
|
|
|
53
53
|
"dependencies": {
|
|
54
54
|
"@peculiar/x509": "^1.12.0",
|
|
55
55
|
"cbor2": "^1.9.0",
|
|
56
|
-
"@motebit/protocol": "1.
|
|
57
|
-
"@motebit/crypto": "1.
|
|
56
|
+
"@motebit/protocol": "1.3.0",
|
|
57
|
+
"@motebit/crypto": "1.3.0"
|
|
58
58
|
},
|
|
59
59
|
"devDependencies": {
|
|
60
60
|
"@noble/curves": "~1.9.0",
|