安全上下文
此特征只可用于
安全上下文
(HTTPS),在某些或所有
支持浏览器
.
attestationObject
特性为
AuthenticatorAttestationResponse
interface returns an
ArrayBuffer
containing the new public key, as well as signature over the entire
attestationObject
with a private key that is stored in the authenticator when it is manufactured.
As part of the
CredentialsContainer.create()
call, an authenticator will create a new keypair as well as an attestationObject for that keypair. The public key that corresponds to the private key that has created the attestation signature is well known; however, there are various well known attestation public key chains for different ecosystems (for example, Android or TPM attestations).
attestObj = authenticatorAttestationResponse.attestationObject
After decoding the
CBOR
encoded
ArrayBuffer
, the resulting JavaScript object will contain the following properties:
authData
AuthenticatorAssertionResponse.authenticatorData
. Note that in
AuthenticatorAssertionResponse
,
authenticatorData
is exposed as a property in a JavaScript object while in
AuthenticatorAttestationResponse
,
authenticatorData
is a property in a
CBOR
map.
AuthenticatorAssertionResponse.authenticatorData
field is used by both
AuthenticatorAttestationResponse
和通过
AuthenticatorAssertionResponse
. When used in attestation, it contains an optional field,
attestedCredentialData
. This field is not included when used in the
AuthenticatorAssertionResponse
. The attestedCredentialData field contains the
credentialId
and
credentialPublicKey
.
fmt
"packed"
"tpm"
"android-key"
"android-safetynet"
"fido-u2f"
"none"
attStmt
"fmt"
. For now,
see the WebAuthn specification for details on each format
.
var publicKey = {
challenge: /* from the server */,
rp: {
name: "Example CORP",
id : "login.example.com"
},
user: {
id: new Uint8Array(16),
name: "jdoe@example.com",
displayName: "John Doe"
},
pubKeyCredParams: [
{
type: "public-key",
alg: -7
}
]
};
navigator.credentials.create({ publicKey })
.then(function (newCredentialInfo) {
var attestationObj = newCredentialInfo.response.attestationObject;
// This will be a CBOR encoded ArrayBuffer
// Do something with the response
// (sending it back to the relying party server maybe?)
}).catch(function (err) {
console.error(err);
});
| 规范 | 状态 | 注释 |
|---|---|---|
|
Web Authentication: An API for accessing Public Key Credentials Level 1
The definition of 'attestationObject' in that specification. |
推荐 | 初始定义。 |
| 桌面 | 移动 | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
attestationObject
|
Chrome
67
|
Edge 18 |
Firefox
60
|
IE No | Opera No | Safari 13 | WebView Android 70 | Chrome Android 70 |
Firefox Android
60
|
Opera Android No | Safari iOS 13.3 | Samsung Internet Android 10.0 |
完整支持
不支持
见实现注意事项。
用户必须明确启用此特征。
PublicKeyCredentialCreationOptions.challenge
: the cryptographic challenge which signature by the authenticator is contained in
attStmt
PublicKeyCredentialCreationOptions.attestation
: the attestation statement transport option specified for the creation
AuthenticatorAttestationResponse
attestationObject