Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not following the Passkey standard propely, breaking keepassxc passkeys #2560

Closed
Tofixrs opened this issue Aug 19, 2024 · 2 comments · Fixed by #2561
Closed

Not following the Passkey standard propely, breaking keepassxc passkeys #2560

Tofixrs opened this issue Aug 19, 2024 · 2 comments · Fixed by #2561

Comments

@Tofixrs
Copy link

Tofixrs commented Aug 19, 2024
edited
Loading

Was trying to register to open chat, but it kept failing, looked into the console greeted with this message

TypeError: challenge is shorter than required minimum length.
    checkErrors moz-extension://e02b9aba-2f48-473d-9855-1eebb551277c/content/passkeys-utils.js:27
    buildCredentialCreationOptions moz-extension://e02b9aba-2f48-473d-9855-1eebb551277c/content/passkeys-utils.js:58
    enablePasskeys moz-extension://e02b9aba-2f48-473d-9855-1eebb551277c/content/keepassxc-browser.js:919
    postMessageToExtension moz-extension://e02b9aba-2f48-473d-9855-1eebb551277c/content/passkeys.js:88
    postMessageToExtension moz-extension://e02b9aba-2f48-473d-9855-1eebb551277c/content/passkeys.js:72
    create moz-extension://e02b9aba-2f48-473d-9855-1eebb551277c/content/passkeys.js:151
    Kg https://identity.ic0.app/spa.js:362
    create https://identity.ic0.app/spa.js:362
    r https://identity.ic0.app/spa.js:922
    t0 https://identity.ic0.app/spa.js:922
    r https://identity.ic0.app/spa.js:974
    nr https://identity.ic0.app/spa.js:361
    constructPasskey https://identity.ic0.app/spa.js:974
    s https://identity.ic0.app/spa.js:941
    handleEvent https://identity.ic0.app/spa.js:53

Thought it was a keepassxc bug but the developer told me that challange needs to be atleast 16 bytes in length as were ii uses only 9
image

Since on linux i dont have any other way of using passkeys (not that i am aware of) this blocks me out of websites using it
@Tofixrs Tofixrs changed the title Not following the WebAuthN standard propely, breaking keepassxc passkeys Not following the Passkey standard propely, breaking keepassxc passkeys Aug 19, 2024
@frederikrothenberger
Copy link
Member

Hi @Tofixrs

Thanks for the report. We will look into it.

frederikrothenberger added a commit that referenced this issue Aug 20, 2024
@frederikrothenberger
Change WebAuthn create challenge to 16 random bytes
b01c913 
According to the WebAuthn spec the challenge _should_ be at
least 16 bytes. So far it was 9. Apparently, KeePassXC verifies
the challenge length and refuses to sign shorter values.

This changes the length to 16 bytes which should address the problem.

Closes #2560.
Merged
@frederikrothenberger
Copy link
Member

@Tofixrs: We will address the issue in #2561.

Thanks again for the report!

github-merge-queue bot pushed a commit that referenced this issue Aug 20, 2024
@frederikrothenberger
Change WebAuthn create challenge to 16 random bytes (#2561)
8d29992 
According to the WebAuthn spec the challenge _should_ be at
least 16 bytes. So far it was 9. Apparently, KeePassXC verifies
the challenge length and refuses to sign shorter values.

This changes the length to 16 bytes which should address the problem.

Closes #2560.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Change WebAuthn create challenge to 16 random bytes dfinity/internet-identity
2 participants
@Tofixrs @frederikrothenberger