diff --git a/apps/browser/src/vault/fido2/webauthn-utils.ts b/apps/browser/src/vault/fido2/webauthn-utils.ts index a26c56ea57..3227e5ef11 100644 --- a/apps/browser/src/vault/fido2/webauthn-utils.ts +++ b/apps/browser/src/vault/fido2/webauthn-utils.ts @@ -67,7 +67,7 @@ export class WebauthnUtils { }, getPublicKey(): ArrayBuffer { - return null; + return Fido2Utils.stringToBuffer(result.publicKey); }, getPublicKeyAlgorithm(): number { diff --git a/libs/common/src/vault/abstractions/fido2/fido2-authenticator.service.abstraction.ts b/libs/common/src/vault/abstractions/fido2/fido2-authenticator.service.abstraction.ts index 671c6cb9fe..438e13574d 100644 --- a/libs/common/src/vault/abstractions/fido2/fido2-authenticator.service.abstraction.ts +++ b/libs/common/src/vault/abstractions/fido2/fido2-authenticator.service.abstraction.ts @@ -109,6 +109,7 @@ export interface Fido2AuthenticatorMakeCredentialResult { credentialId: BufferSource; attestationObject: BufferSource; authData: BufferSource; + publicKey: BufferSource; publicKeyAlgorithm: number; } diff --git a/libs/common/src/vault/abstractions/fido2/fido2-client.service.abstraction.ts b/libs/common/src/vault/abstractions/fido2/fido2-client.service.abstraction.ts index 9bb346ccc5..6721e4b314 100644 --- a/libs/common/src/vault/abstractions/fido2/fido2-client.service.abstraction.ts +++ b/libs/common/src/vault/abstractions/fido2/fido2-client.service.abstraction.ts @@ -122,6 +122,7 @@ export interface CreateCredentialResult { clientDataJSON: string; attestationObject: string; authData: string; + publicKey: string; publicKeyAlgorithm: number; transports: string[]; } diff --git a/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts b/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts index 43b1c67f82..1b6d796ba9 100644 --- a/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts +++ b/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts @@ -109,6 +109,7 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr let keyPair: CryptoKeyPair; let userVerified = false; let credentialId: string; + let pubKeyDer: ArrayBuffer; const response = await userInterfaceSession.confirmNewCredential({ credentialName: params.rpEntity.name, userName: params.userEntity.displayName, @@ -126,7 +127,7 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr try { keyPair = await createKeyPair(); - + pubKeyDer = await crypto.subtle.exportKey("spki", keyPair.publicKey); const encrypted = await this.cipherService.get(cipherId); cipher = await encrypted.decrypt( await this.cipherService.getKeyForCipherKeyDecryption(encrypted) @@ -174,6 +175,7 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr credentialId: guidToRawFormat(credentialId), attestationObject, authData, + publicKey: pubKeyDer, publicKeyAlgorithm: -7, }; } finally { diff --git a/libs/common/src/vault/services/fido2/fido2-client.service.spec.ts b/libs/common/src/vault/services/fido2/fido2-client.service.spec.ts index 753c5800f7..9987e0066b 100644 --- a/libs/common/src/vault/services/fido2/fido2-client.service.spec.ts +++ b/libs/common/src/vault/services/fido2/fido2-client.service.spec.ts @@ -285,6 +285,7 @@ describe("FidoAuthenticatorService", () => { credentialId: guidToRawFormat(Utils.newGuid()), attestationObject: randomBytes(128), authData: randomBytes(64), + publicKey: randomBytes(64), publicKeyAlgorithm: -7, }; } diff --git a/libs/common/src/vault/services/fido2/fido2-client.service.ts b/libs/common/src/vault/services/fido2/fido2-client.service.ts index e377b47c54..324253c72e 100644 --- a/libs/common/src/vault/services/fido2/fido2-client.service.ts +++ b/libs/common/src/vault/services/fido2/fido2-client.service.ts @@ -199,6 +199,7 @@ export class Fido2ClientService implements Fido2ClientServiceAbstraction { attestationObject: Fido2Utils.bufferToString(makeCredentialResult.attestationObject), authData: Fido2Utils.bufferToString(makeCredentialResult.authData), clientDataJSON: Fido2Utils.bufferToString(clientDataJSONBytes), + publicKey: Fido2Utils.bufferToString(makeCredentialResult.publicKey), publicKeyAlgorithm: makeCredentialResult.publicKeyAlgorithm, transports: params.rp.id === "google.com" ? ["internal", "usb"] : ["internal"], };