Questions about FIDO 2 attestation verification in iOS 14
I am currently implementing the FIDO 2 verification logic according to the url below.
https://developer.apple.com/documentation/devicecheck/validating_apps_that_connect_to_your_server
My question is about aaguid and credentialId.
According to the url the aaguid is "An App Attest–specific constan".
And the length of credentialId is 32 bytes.
[Question]
iOS 14 beta 8
attestationObject : o2NmbXRlYXBwbGVnYXR0U3RtdKJjYWxnJmN4NWOCWQJGMIICQjCCAcmgAwIBAgIGAXR3IfJrMAoGCCqGSM49BAMCMEgxHDAaBgNVBAMME0FwcGxlIFdlYkF1dGhuIENBIDExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwHhcNMjAwOTEwMDgxOTA3WhcNMjAwOTExMDgyOTA3WjCBkTFJMEcGA1UEAwxAY2E1ZjZjYTQwZTE5OTQ0MTQzZjgzMjRlZTE3ZTliZjM2YmI4Nzk4YTllM2YzOWE4MjM4YjkwNWU3YTdmYmJlMTEaMBgGA1UECwwRQUFBIENlcnRpZmljYXRpb24xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAShkVB07nrqMlaitq-5wjv8EzSikGdNRWvmTAA2gwYfz-9YTxpHF9UEnsTVTtl1v3Rdip4TUopyW-TYIVXUQ4o1UwUzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEBwQEAwIE8DAzBgkqhkiG92NkCAIEJjAkoSIEIHGCgF2RQrOUtNb3sBPwfRGEPAkN3drdsUJ5xmleeC8lMAoGCCqGSM49BAMCA2cAMGQCMDKVe8HKHbweixHUIHGZgUXYxV-UHxuEiJthFBkMjPrdkwG1Rvi3jExiJLUAiwXygIwctiDkQV1RYncBzpzaGPjQ4gFsilmMul-neygjeVxXAA-rm1FiA0Zh5cj7L6gWWQI4MIICNDCCAbqgAwIBAgIQViVTlcen-0Dr4ijYJghTtjAKBggqhkjOPQQDAzBLMR8wHQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MzgwMVoXDTMwMDMxMzAwMDAwMFowSDEcMBoGA1UEAwwTQXBwbGUgV2ViQXV0aG4gQ0EgMTETMBEGA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIMuhy8mFJGBAiW59fzWu2N4tfVfP8sEW8c1mTR1VSQRN-bhkhF2XGmh3aBQs41FCDQBpDT7JNES1Ww-HPv8uYkf7AaWCBvvlsvHfIjd2vRqWu4d1RW1r6q5O-nAsmkaNmMGQwEgYDVR0TAQHBAgwBgEBwIBADAfBgNVHSMEGDAWgBQm12TZxXjCWmfRp95rEtAbYHG1zAdBgNVHQ4EFgQU666CxP-hrFtR1M8kYQUAvmO9d4gwDgYDVR0PAQHBAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMQDdixo0gaX62du052V7hB4UTCe3W4dqQYbCsUdXUDNyJ-lVEV-9kiVDGMuXEg-cMECMCyKYETcIBP5ZvDTSkwwUh4Udlg7Wp18etKyr44zSW4l9DIBb7wxeLB6VxxugOB2hhdXRoRGF0YViYIoFgu94ab-4bEorgfUTSffzT79toCHqWSIC4Kv6KcRFAAAAAAAAAAAAAAAAAAAAAAAAAAAAFMUF1XwkNChen9PxL4d3TozOT554pQECAyYgASFYIKGT9UHTueuoyVqK2r7nD-OwTNKKQZ01Fa-ZMADaDBhIlggP71hPGkcX1QSexNVO2XWdF2KnhNSinJb5NghVdRDg
clientDataJSON : eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiOUlRclR3YXhfaFJNVTlua0FIcEwxZzFvS2NKZUVqUjRxekxNYTNwT1NBVSIsIm9yaWdpbiI6Imh0dHBzOi8vb25lcGFzc2Rldi5yYW9uc2VjdXJlLmNvLmtyOjI4NDQ1In0
I am currently implementing the FIDO 2 verification logic according to the url below.
https://developer.apple.com/documentation/devicecheck/validating_apps_that_connect_to_your_server
My question is about aaguid and credentialId.
According to the url the aaguid is "An App Attest–specific constan".
And the length of credentialId is 32 bytes.
[Question]
The aaguid delivered from safari was 16 zero bytes. Is it correct to be passed by this value?
The length of credentialId is 20 bytes, not 32 bytes. Is this correct?
iOS 14 beta 8
attestationObject : o2NmbXRlYXBwbGVnYXR0U3RtdKJjYWxnJmN4NWOCWQJGMIICQjCCAcmgAwIBAgIGAXR3IfJrMAoGCCqGSM49BAMCMEgxHDAaBgNVBAMME0FwcGxlIFdlYkF1dGhuIENBIDExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwHhcNMjAwOTEwMDgxOTA3WhcNMjAwOTExMDgyOTA3WjCBkTFJMEcGA1UEAwxAY2E1ZjZjYTQwZTE5OTQ0MTQzZjgzMjRlZTE3ZTliZjM2YmI4Nzk4YTllM2YzOWE4MjM4YjkwNWU3YTdmYmJlMTEaMBgGA1UECwwRQUFBIENlcnRpZmljYXRpb24xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAShkVB07nrqMlaitq-5wjv8EzSikGdNRWvmTAA2gwYfz-9YTxpHF9UEnsTVTtl1v3Rdip4TUopyW-TYIVXUQ4o1UwUzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEBwQEAwIE8DAzBgkqhkiG92NkCAIEJjAkoSIEIHGCgF2RQrOUtNb3sBPwfRGEPAkN3drdsUJ5xmleeC8lMAoGCCqGSM49BAMCA2cAMGQCMDKVe8HKHbweixHUIHGZgUXYxV-UHxuEiJthFBkMjPrdkwG1Rvi3jExiJLUAiwXygIwctiDkQV1RYncBzpzaGPjQ4gFsilmMul-neygjeVxXAA-rm1FiA0Zh5cj7L6gWWQI4MIICNDCCAbqgAwIBAgIQViVTlcen-0Dr4ijYJghTtjAKBggqhkjOPQQDAzBLMR8wHQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MzgwMVoXDTMwMDMxMzAwMDAwMFowSDEcMBoGA1UEAwwTQXBwbGUgV2ViQXV0aG4gQ0EgMTETMBEGA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIMuhy8mFJGBAiW59fzWu2N4tfVfP8sEW8c1mTR1VSQRN-bhkhF2XGmh3aBQs41FCDQBpDT7JNES1Ww-HPv8uYkf7AaWCBvvlsvHfIjd2vRqWu4d1RW1r6q5O-nAsmkaNmMGQwEgYDVR0TAQHBAgwBgEBwIBADAfBgNVHSMEGDAWgBQm12TZxXjCWmfRp95rEtAbYHG1zAdBgNVHQ4EFgQU666CxP-hrFtR1M8kYQUAvmO9d4gwDgYDVR0PAQHBAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMQDdixo0gaX62du052V7hB4UTCe3W4dqQYbCsUdXUDNyJ-lVEV-9kiVDGMuXEg-cMECMCyKYETcIBP5ZvDTSkwwUh4Udlg7Wp18etKyr44zSW4l9DIBb7wxeLB6VxxugOB2hhdXRoRGF0YViYIoFgu94ab-4bEorgfUTSffzT79toCHqWSIC4Kv6KcRFAAAAAAAAAAAAAAAAAAAAAAAAAAAAFMUF1XwkNChen9PxL4d3TozOT554pQECAyYgASFYIKGT9UHTueuoyVqK2r7nD-OwTNKKQZ01Fa-ZMADaDBhIlggP71hPGkcX1QSexNVO2XWdF2KnhNSinJb5NghVdRDg
clientDataJSON : eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiOUlRclR3YXhfaFJNVTlua0FIcEwxZzFvS2NKZUVqUjRxekxNYTNwT1NBVSIsIm9yaWdpbiI6Imh0dHBzOi8vb25lcGFzc2Rldi5yYW9uc2VjdXJlLmNvLmtyOjI4NDQ1In0
