Perhaps we can store the EC2 Points in compressed form (x coordinate plus sign) instead of x/y coordinates. This eliminates a whole bunch of cryptographic security vulnerabilities by construction

Originally posted by @arianvp in #21 (comment)

Webauthn and COSE are footguns in this regard; and we should convert to compressed form as close to the boundary as possible. Check if cryptonite supports this.

Maybe take inspiration from https://github.com/webauthn4j/webauthn4j

I think my employer will probably want to avoid EC256 if possible. EdDSA seems easier to implement though; as the signature format isn't legacy but COSE (though this is underspecified in the spec currently. See w3c/webauthn#1441)

Perhaps we should not implement all the crypto primitives using cryptonite ourselves; but just wrap the https://github.com/Yubico/libfido2 C library.

Then we dont have to deal with anything related to parsing or crypto ourselves and make it somebody else's problem...

libfido2 depends on OpenSSL and libcbor

I was given access to the FIDO2 conformance tests by the FIDO Alliance.

They sent me a username and password in plain text (LOL. ironic) so I can download the test tool.

The test tool is an electron application and no source code is available. It only runs on Mac or Windows.

I don't think I can distribute it freely, so we can't add it to CI.

One downside of a verify that returns a bool is that you can forget to call it. One way to mitigate this (until we get Linear Haskell 😄) is to fuse deserialization of the message with verification, something like

verifyAndDecode :: PublicKey -> Message ByteString -> Signature -> Maybe DecodedMessage

is there a sensible decode operation for the message to do this with?

A different option would be to return some kind of validity token of which the constructor is not exposed, and to have remaining functions take such a token as input.

Originally posted by @ruuda in #23