Hello, I would like to know how I recreate the data that was signed by the private key during assertion flow.
I read on various sources that my code should get the 37 bytes of authenticator data, append the SHA-256 hash of clientDataJSON string to the end and verify that data given the signature and the public key! But it doesn't seem to work.
I have opened a StackOverflow issue to it where I've provided broader details: https://stackoverflow.com/q/78819955/26530591
It looks like you got an answer over there :)
Hello, I am encountering the same problem now. I am using PHP to implement passkey. The public key verification code can be verified normally on Android and JavaScript, but the "Singnature is invalid" error will appear on iOS. I checked a lot of information online but nothing helped much. According to the author's stackoverflow post, I don't need to verify that the public key signature is valid, right?