Apple Anonymous Attestation Statement Format


According to the documentation of Apple's Anonymous Attestation Statement Format (fmt="apple"),
the nonce generated from the authenticatorData the clientDataHash is embedded in an extension with OID ( 1.2.840.113635.100.8.2 ) in the certificate for the credential public key.

If I try to validate a response generated after using touchID from my browser on my iOS14 device, I get a 38-byte value:
Code Block
  414:d=5  hl=2 l=   9 prim: OBJECT            :1.2.840.113635.100.8.2
  425:d=5  hl=2 l=  38 prim: OCTET STRING      [HEX DUMP]:3024A1220420D9052FED7AA782C1B416C59B0AE15F309A336E22984E32505307A6339DDE52FD

How can this be a SHA-256 hash value?
Never mind, I forgot to parse ASN1:

Code Block
$ echo 3024a1220420db05d53c0f14940df70f089b4563b0f6523fcde10cf02bb2b98027c796d0fc34 | xxd -r -p | openssl asn1parse -inform der
    0:d=0  hl=2 l=  36 cons: SEQUENCE          
    2:d=1  hl=2 l=  34 cons: cont [ 1 ]        
    4:d=2  hl=2 l=  32 prim: OCTET STRING      [HEX DUMP]:DB05D53C0F14940DF70F089B4563B0F6523FCDE10CF02BB2B98027C796D0FC34

And in case you have trouble finding the Apple WebAuthn Root CA certificate: it is listed here. (thanks, @alexseigler!)

(Replied to the wrong thread, so deleting this message)

Apple Anonymous Attestation Statement Format
 
 
Q