As part of the WebAuthn create() call, an authenticator will create a new keypair as well as an attestationObject for that keypair. The attestationObject contains the new public key, as well as signature over the entire attestationObject with a private key that is stored in the authenticator when it is manufactured. The public key that corresponds to the private key that has created the attestation signature is well known; however, there are various well known attestation public key chains for different ecosystems (for example, Android or TPM attestations).
|Web Authentication: An API for accessing Public Key Credentials Level 1||Candidate Recommendation||Initial definition.|
|Basic support|| 65
|Android webview||Chrome for Android||Edge Mobile||Firefox for Android||Opera for Android||iOS Safari||Samsung Internet|
© 2005–2018 Mozilla Developer Network and individual contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.