注册流程

LOG

Successfully registered device:

No vendor metadata present!

No device metadata present!

Device transports: USB

Registration Request javascript demo

var request = {"appId":"https://localhost:8443","registeredKeys":[],"registerRequests":[{"version":"U2F_V2","challenge":"nHglnR_DvvW08BojQ22-Rai02rtTbNVePPwThhGprhc","appId":"https://localhost:8443"}]};

setTimeout(function() {

u2f.register(

request.appId,

request.registerRequests,

request.registeredKeys,

function(data) {

var form = document.getElementById('form');

var reg = document.getElementById('tokenResponse');

if(data.errorCode) {

switch (data.errorCode) {

case 4:

alert("This device is already registered.");

break;

default:

alert("U2F failed with error: " + data.errorCode);

}

} else {

reg.value=JSON.stringify(data);

form.submit();

}

}

);

}, 1000);

Registration Response

{"registrationData":"BQQ4UIiAZhalc13Bxhwu_DofZNrLSBsncFO5WxsW2zEO_Pr4nxu8ig3B6qCQSwPH10EWikYvi5fI4i5OJos3bumFQOrI8E1g6-q6hER5EB6u8Y7vIxJtYqyfeHVEIc06z57FOZp0q4B2imcsambi6DoqGTlW9uLq0KjwT-h2pG4A1ecwggFdMIIBA6ADAgECAgEhMAoGCCqGSM49BAMCMCcxJTAjBgNVBAMMHExlZGdlciBGSURPIEF0dGVzdGF0aW9uIENBIDEwHhcNMTYwNzIxMTMzNjM3WhcNMjYwNzA5MTMzNjM3WjAwMS4wLAYDVQQDDCVMZWRnZXIgTmFuby1TIFUyRiBBdHRlc3RhdGlvbiBCYXRjaCAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEI8J_LIn2QsqirK_YkUx6ptPiwEs3El32mhaGcljsQEYwmAv4nEMs5onv7ARvWlz0YdAjNaCDhJh4YOH81wzTh6MXMBUwEwYLKwYBBAGC5RwCAQEEBAMCBSAwCgYIKoZIzj0EAwIDSAAwRQIgehonosveKXiCa-D9vUyoXj9uP3JBfFlo26lAfmDEahQCIQCPKv96_v9Vz4_O1_V5z-ych5QKpUQlYMbnnz2gGqpqQjBFAiEAkzvV7NJhADZ_ZZ9dvX-FlWGYIGuJiH9KlRYbmtTW1W0CIF9k8Znioi4ve_E56BEiYSCiY2T_-_XjwqaK7zOZadMV","clientData":"eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6Im5IZ2xuUl9EdnZXMDhCb2pRMjItUmFpMDJydFRiTlZlUFB3VGhoR3ByaGMiLCJvcmlnaW4iOiJodHRwczovL2xvY2FsaG9zdDo4NDQzIiwiY2lkX3B1YmtleSI6InVudXNlZCJ9"}

Registration data

DeviceRegistration{Key handle=6sjwTWDr6rqERHkQHq7xju8jEm1irJ94dUQhzTrPnsU5mnSrgHaKZyxqZuLoOioZOVb24urQqPBP6HakbgDV5w, Public key=BDhQiIBmFqVzXcHGHC78Oh9k2stIGydwU7lbGxbbMQ78-vifG7yKDcHqoJBLA8fXQRaKRi-Ll8jiLk4mizdu6YU, Counter=-1, Attestation certificate= [0] Version: 3

SerialNumber: 33

IssuerDN: CN=Ledger FIDO Attestation CA 1

Start Date: Thu Jul 21 21:36:37 GMT+08:00 2016

Final Date: Thu Jul 09 21:36:37 GMT+08:00 2026

SubjectDN: CN=Ledger Nano-S U2F Attestation Batch 1

Public Key: EC Public Key

X: 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046

Y: 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387

Signature Algorithm: SHA256WITHECDSA

Signature: 304502207a1a27a2cbde2978826be0fdbd4ca85e

3f6e3f72417c5968dba9407e60c46a140221008f

2aff7afeff55cf8fced7f579cfec9c87940aa544

2560c6e79f3da01aaa6a42

Extensions:

critical(false) 1.3.6.1.4.1.45724.2.1.1 value = DER Bit String[1, 5]

}

Navigation

Register

Login

注册验签流程

Base64 URL解码注册返回值Registration Response中的registrationData,得到

0504385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee98540eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e73082015d30820103a003020102020121300a06082a8648ce3d04030230273125302306035504030c1c4c6564676572204649444f204174746573746174696f6e2043412031301e170d3136303732313133333633375a170d3236303730393133333633375a3030312e302c06035504030c254c6564676572204e616e6f2d5320553246204174746573746174696f6e20426174636820313059301306072a8648ce3d020106082a8648ce3d0301070342000423c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec404630980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387a31730153013060b2b0601040182e51c020101040403020520300a06082a8648ce3d040302034800304502207a1a27a2cbde2978826be0fdbd4ca85e3f6e3f72417c5968dba9407e60c46a140221008f2aff7afeff55cf8fced7f579cfec9c87940aa5442560c6e79f3da01aaa6a423045022100933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d02205f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315

解析上面的值:

05 // reserved bytes

04385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985 // user public key

40 // key handle length

eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e7 // key handle

3082015d30820103a003020102020121300a06082a8648ce3d04030230273125302306035504030c1c4c6564676572204649444f204174746573746174696f6e2043412031301e170d3136303732313133333633375a170d3236303730393133333633375a3030312e302c06035504030c254c6564676572204e616e6f2d5320553246204174746573746174696f6e20426174636820313059301306072a8648ce3d020106082a8648ce3d0301070342000423c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec404630980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387a31730153013060b2b0601040182e51c020101040403020520300a06082a8648ce3d040302034800304502207a1a27a2cbde2978826be0fdbd4ca85e3f6e3f72417c5968dba9407e60c46a140221008f2aff7afeff55cf8fced7f579cfec9c87940aa5442560c6e79f3da01aaa6a42 // attestation certificate,ledger设备内的证书

3045022100933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d02205f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315 // signature

组装要验签数据的原文:

00 // RFU

8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E // application parameter

// -----application parameter得到的过程---------

// https://localhost:8443 (utf8 -> hex) 68747470733A2F2F6C6F63616C686F73743A38343433 (sha256) 8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E

// ---------------------------------------------

754F2FD33DA3F7E0B89D8702AC28D1E89036A59818EACB005B073279260AA759 // challenge parameter

// -----challenge parameter得到的过程---------

// client data Base64Url解码后的字符串按照utf8编码进行sha256

// client data base64Url解码结果为:

// {"typ":"navigator.id.finishEnrollment","challenge":"nHglnR_DvvW08BojQ22-Rai02rtTbNVePPwThhGprhc","origin":"https://localhost:8443","cid_pubkey":"unused"}

// 转为utf8编码的hex为:

// 7B22747970223A226E6176696761746F722E69642E66696E697368456E726F6C6C6D656E74222C226368616C6C656E6765223A226E48676C6E525F447676573038426F6A5132322D5261693032727454624E56655050775468684770726863222C226F726967696E223A2268747470733A2F2F6C6F63616C686F73743A38343433222C226369645F7075626B6579223A22756E75736564227D

// sha256的结果为: 754F2FD33DA3F7E0B89D8702AC28D1E89036A59818EACB005B073279260AA759

// --------------------------------------------

eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e7 // key handle

04385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985 // user public key

组装后的结果:

00 8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E 754F2FD33DA3F7E0B89D8702AC28D1E89036A59818EACB005B073279260AA759 eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e704385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985

008d25ae631d8858ff58e46467e730b22e5bf728f96853c59383aaf3f1b5cb1b3e754f2fd33da3f7e0b89d8702ac28d1e89036a59818eacb005b073279260aa759eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e704385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985

结果做sha256:

4006D3FD69C519BAE1EF7C6F75ECA1036E87078F3BAC2A9F162B0C392716598B

将signature拆分为r和s

3045 0221 00933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d 0220 5f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315

0221是长度,前面的00去掉

r= 933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d

s= 5f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315

使用ecc工具验签:

Qx= 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046 // 证书里面的公钥x

Qy= 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387 // 证书里面的公钥y

Hm= 4006D3FD69C519BAE1EF7C6F75ECA1036E87078F3BAC2A9F162B0C392716598B // 组装后的验签数据做sha256的结果

r= 933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d

s= 5f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315

使用ECC Tool工具,曲线选择Secp256r1,进行验签,通过。

用代码验证response结果是否正确

final String response = "{\"registrationData\":\"BQQ4UIiAZhalc13Bxhwu_DofZNrLSBsncFO5WxsW2zEO_Pr4nxu8ig3B6qCQSwPH10EWikYvi5fI4i5OJos3bumFQOrI8E1g6-q6hER5EB6u8Y7vIxJtYqyfeHVEIc06z57FOZp0q4B2imcsambi6DoqGTlW9uLq0KjwT-h2pG4A1ecwggFdMIIBA6ADAgECAgEhMAoGCCqGSM49BAMCMCcxJTAjBgNVBAMMHExlZGdlciBGSURPIEF0dGVzdGF0aW9uIENBIDEwHhcNMTYwNzIxMTMzNjM3WhcNMjYwNzA5MTMzNjM3WjAwMS4wLAYDVQQDDCVMZWRnZXIgTmFuby1TIFUyRiBBdHRlc3RhdGlvbiBCYXRjaCAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEI8J_LIn2QsqirK_YkUx6ptPiwEs3El32mhaGcljsQEYwmAv4nEMs5onv7ARvWlz0YdAjNaCDhJh4YOH81wzTh6MXMBUwEwYLKwYBBAGC5RwCAQEEBAMCBSAwCgYIKoZIzj0EAwIDSAAwRQIgehonosveKXiCa-D9vUyoXj9uP3JBfFlo26lAfmDEahQCIQCPKv96_v9Vz4_O1_V5z-ych5QKpUQlYMbnnz2gGqpqQjBFAiEAkzvV7NJhADZ_ZZ9dvX-FlWGYIGuJiH9KlRYbmtTW1W0CIF9k8Znioi4ve_E56BEiYSCiY2T_-_XjwqaK7zOZadMV\",\"clientData\":\"eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6Im5IZ2xuUl9EdnZXMDhCb2pRMjItUmFpMDJydFRiTlZlUFB3VGhoR3ByaGMiLCJvcmlnaW4iOiJodHRwczovL2xvY2FsaG9zdDo4NDQzIiwiY2lkX3B1YmtleSI6InVudXNlZCJ9\"}";

final String appId = "https://localhost:8443";

final String challenge = "nHglnR_DvvW08BojQ22-Rai02rtTbNVePPwThhGprhc";

RegisterResponse registerResponse = RegisterResponse.fromJson(response);

final RegisterRequest registerRequest = new RegisterRequest(challenge, appId);

List registerRequestList = new ArrayList(1) {

{

add(registerRequest);

}

};

RegisterRequestData registerRequestData = new RegisterRequestData("https://localhost:8443", null, registerRequestList);

U2F u2f = new U2F();

DeviceRegistration registration = u2f.finishRegistration(registerRequestData, registerResponse);

System.out.println("-------registration------\n" + registration);

如果代码出现错误会报异常,需要依赖u2flib-server-core,gradle配置为: compile "com.yubico:u2flib-server-core:0.19.0"

代码输出:

---hash---

bytes=68747470733a2f2f6c6f63616c686f73743a38343433

---hash---

bytes=7b22747970223a226e6176696761746f722e69642e66696e697368456e726f6c6c6d656e74222c226368616c6c656e6765223a226e48676c6e525f447676573038426f6a5132322d5261693032727454624e56655050775468684770726863222c226f726967696e223a2268747470733a2f2f6c6f63616c686f73743a38343433222c226369645f7075626b6579223a22756e75736564227d

---checkSignature---

publicKey toString=EC Public Key

X: 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046

Y: 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387

publicKey getFormat=X.509

signedBytes=008d25ae631d8858ff58e46467e730b22e5bf728f96853c59383aaf3f1b5cb1b3e754f2fd33da3f7e0b89d8702ac28d1e89036a59818eacb005b073279260aa759eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e704385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985

---hash---

bytes=008d25ae631d8858ff58e46467e730b22e5bf728f96853c59383aaf3f1b5cb1b3e754f2fd33da3f7e0b89d8702ac28d1e89036a59818eacb005b073279260aa759eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e704385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985

signedBytes sha256=4006d3fd69c519bae1ef7c6f75eca1036e87078f3bac2a9f162b0c392716598b

signature=3045022100933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d02205f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315

-------registration------

DeviceRegistration{Key handle=6sjwTWDr6rqERHkQHq7xju8jEm1irJ94dUQhzTrPnsU5mnSrgHaKZyxqZuLoOioZOVb24urQqPBP6HakbgDV5w, Public key=BDhQiIBmFqVzXcHGHC78Oh9k2stIGydwU7lbGxbbMQ78-vifG7yKDcHqoJBLA8fXQRaKRi-Ll8jiLk4mizdu6YU, Counter=-1, Attestation certificate= [0] Version: 3

SerialNumber: 33

IssuerDN: CN=Ledger FIDO Attestation CA 1

Start Date: Thu Jul 21 21:36:37 GMT+08:00 2016

Final Date: Thu Jul 09 21:36:37 GMT+08:00 2026

SubjectDN: CN=Ledger Nano-S U2F Attestation Batch 1

Public Key: EC Public Key

X: 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046

Y: 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387

Signature Algorithm: SHA256WITHECDSA

Signature: 304502207a1a27a2cbde2978826be0fdbd4ca85e

3f6e3f72417c5968dba9407e60c46a140221008f

2aff7afeff55cf8fced7f579cfec9c87940aa544

2560c6e79f3da01aaa6a42

Extensions:

critical(false) 1.3.6.1.4.1.45724.2.1.1 value = DER Bit String[1, 5]

}

如何用代码解析证书内容并打印

X509Certificate certificate = CertificateParser.parseDer(ByteUtil.fromHex("3082015d 30820103a003020102020121300a06082a8648ce3d04030230273125302306035504030c1c4c6564676572204649444f204174746573746174696f6e2043412031301e170d3136303732313133333633375a170d3236303730393133333633375a3030312e302c06035504030c254c6564676572204e616e6f2d5320553246204174746573746174696f6e20426174636820313059301306072a8648ce3d020106082a8648ce3d0301070342000423c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec404630980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387a31730153013060b2b0601040182e51c020101040403020520300a06082a8648ce3d040302034800304502207a1a27a2cbde2978826be0fdbd4ca85e3f6e3f72417c5968dba9407e60c46a140221008f2aff7afeff55cf8fced7f579cfec9c87940aa5442560c6e79f3da01aaa6a42"));

System.out.println("parse cer----------\n" + certificate + "\n-----------");

需要依赖u2flib-server-core,gradle配置为: compile "com.yubico:u2flib-server-core:0.19.0"

输出为:

parse cer----------

[0] Version: 3

SerialNumber: 33

IssuerDN: CN=Ledger FIDO Attestation CA 1

Start Date: Thu Jul 21 21:36:37 GMT+08:00 2016

Final Date: Thu Jul 09 21:36:37 GMT+08:00 2026

SubjectDN: CN=Ledger Nano-S U2F Attestation Batch 1

Public Key: EC Public Key

X: 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046

Y: 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387

Signature Algorithm: SHA256withECDSA

Signature: 304502207a1a27a2cbde2978826be0fdbd4ca85e

3f6e3f72417c5968dba9407e60c46a140221008f

2aff7afeff55cf8fced7f579cfec9c87940aa544

2560c6e79f3da01aaa6a42

Extensions:

critical(false) 1.3.6.1.4.1.45724.2.1.1 value = DER Bit String[1, 5]

-----------

登录流程

LOG

Successfully authenticated!

Sign Request javascript demo

var request = {"appId":"https://localhost:8443","challenge":"rGl4xDEPQg5lVdtktr2nOygEh0dP9I9WsdBLW1hpjzI","signRequests":[{"version":"U2F_V2","challenge":"rGl4xDEPQg5lVdtktr2nOygEh0dP9I9WsdBLW1hpjzI","appId":"https://localhost:8443","keyHandle":"6sjwTWDr6rqERHkQHq7xju8jEm1irJ94dUQhzTrPnsU5mnSrgHaKZyxqZuLoOioZOVb24urQqPBP6HakbgDV5w"}]};

setTimeout(function() {

if (request.signRequests.length > 0) {

u2f.sign(

request.appId,

request.challenge,

request.signRequests,

function(data) {

if(data.errorCode) {

switch (data.errorCode) {

case 4:

alert("This device is not registered for this account.");

break;

default:

alert("U2F failed with error code: " + data.errorCode);

}

return;

} else {

document.getElementById('tokenResponse').value = JSON.stringify(data);

document.getElementById('form').submit();

}

}

);

}

}, 1000);

Sign response

{"clientData":"eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZ2V0QXNzZXJ0aW9uIiwiY2hhbGxlbmdlIjoickdsNHhERVBRZzVsVmR0a3RyMm5PeWdFaDBkUDlJOVdzZEJMVzFocGp6SSIsIm9yaWdpbiI6Imh0dHBzOi8vbG9jYWxob3N0Ojg0NDMiLCJjaWRfcHVia2V5IjoidW51c2VkIn0","signatureData":"AQAAABMwRQIhAKpHI3mf1iCP3gb_63CxVH3M3nOPiOg3CHyHS9xc8kRxAiB6YJ0jQfmSQn1AAo7HSIDGDQ0zhI5JVyUZyQV2qlfP7A","keyHandle":"6sjwTWDr6rqERHkQHq7xju8jEm1irJ94dUQhzTrPnsU5mnSrgHaKZyxqZuLoOioZOVb24urQqPBP6HakbgDV5w"}

Navigation

Register

Login

登录验签过程

将signatureData进行base64Url解码:

01000000133045022100aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf2447102207a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec

解析:

01 // user presence

00000013 // counter

3045022100aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf2447102207a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec // signature

验签原数据组织:

8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E // application parameter

// -----application parameter得到的过程---------

// https://localhost:8443 (utf8 -> hex) 68747470733A2F2F6C6F63616C686F73743A38343433 (sha256) 8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E

// ---------------------------------------------

01 // user presence

00000013 // counter

54E97D96C213D1D31DE579D21248D9AC59E9A8E98DE371C4A97395D272C06388 // challenge parameter

// -----challenge parameter得到的过程---------

// 将clientData进行base64Url解码为hex:

// 7b22747970223a226e6176696761746f722e69642e676574417373657274696f6e222c226368616c6c656e6765223a2272476c34784445505167356c5664746b7472326e4f79674568306450394939577364424c573168706a7a49222c226f726967696e223a2268747470733a2f2f6c6f63616c686f73743a38343433222c226369645f7075626b6579223a22756e75736564227d

// 将hex进行sha256:

// 54E97D96C213D1D31DE579D21248D9AC59E9A8E98DE371C4A97395D272C06388

// --------------------------------------------

组装起来:

8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E 01 00000013 54E97D96C213D1D31DE579D21248D9AC59E9A8E98DE371C4A97395D272C06388

8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E010000001354E97D96C213D1D31DE579D21248D9AC59E9A8E98DE371C4A97395D272C06388

进行sha256:

BBC5EE15179D8D1F7A863D5AF9472B310F596FE22748445D309BF5058ABC7275

注册时的user public key信息

04 385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efc faf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985

从signature中解析r和s

3045 0221 00aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf24471 0220 7a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec

0221是长度,前面的00去掉

r= aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf24471

s= 7a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec

使用ecc工具验签:

Qx= 385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efc // user public key x,这个数据从注册时的信息得来

Qy= faf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985 // user public key y

Hm= BBC5EE15179D8D1F7A863D5AF9472B310F596FE22748445D309BF5058ABC7275 // 组装后的验签数据做sha256的结果

r= aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf24471

s= 7a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec

使用ECC Tool工具,曲线选择Secp256r1,进行验签,通过。

signature=694cde3d7f2450116894167453553a22,FIDO-U2F-Ledger 注册和登录过程中chrome和后台交互log分析...相关推荐

  1. 已成功与服务器建立连接,但是在登录过程中发生错误。 (provider: SSL Provider, error: 0 - 接收到的消息异常,或格式不正确。)...

    之前做好的asp.net部署后,发现 访问数据库时: 异常:已捕获: "已成功与服务器建立连接,但是在登录过程中发生错误. (provider: SSL Provider, error: 0 ...

  2. 已成功与服务器建立连接,但是在登录过程中发生错误。 (provider: SSL Provider, error: 0 - 接收到的消息异常,或格式不正确。)

    已成功与服务器建立连接,但是在登录过程中发生错误. (provider: SSL Provider, error: 0 - 接收到的消息异常,或格式不正确.) 参考文章: (1)已成功与服务器建立连接 ...

  3. SQL SEVER登录失败,无法连接服务器或已成功与服务器建立连接,但是在登录过程中发生错误。(Win10版本,SQL 2019)

    一.首先无法登陆到服务器可以检查一下操作是否打开 1.点进服务器属性 2.然后点进安全性,看下服务器身份验证是SQL SEVER 和Windows身份验证模式,,以及登录审核是否是仅限失败的登录 二. ...

  4. SQL Server 2008 问题——已成功与服务器建立连接,但是在登录过程中发生错误。

    登录报错:已成功与服务器建立连接,但是在登录过程中发生错误. (provider: 共享内存提供程序, error: 0 - 管道的另一端上无任何进程. 解决办法:先用windows模式登录上去,然后 ...

  5. SQL Server(解决问题)已成功与服务器建立连接,但是在登录过程中发生错误

    SQL Server(解决问题)已成功与服务器建立连接,但是在登录过程中发生错误 SQL Server(解决问题)已成功与服务器建立连接,但是在登录过程中发生错误.provider: Shared M ...

  6. 已成功与服务器建立连接,但是在登录过程中发生错误。(provider:TCP提供程序,error:0-指定的网络名不再可用。)(Microsoft SQL Server,错误:64)

    问题的发生:今天处于公网的测试服务器数据库SQL SERVER 2008 在连接时突然报错: 已成功与服务器建立连接,但是在登录过程中发生错误.(provider:TCP提供程序,error:0-指定 ...

  7. .net连接Sql时出现已成功与服务器建立连接,但是在登录过程中发生错误。 (provider: TCP 提供程序, error: 0 - 指定的网络名不再可用。) ...

    已成功与服务器建立连接,但是在登录过程中发生错误. (provider: TCP 提供程序, error: 0 - 指定的网络名不再可用.) 今天早上的程序还好好的,下午休息后打开程序,用户登录后发现 ...

  8. 注册香港公司过程中的几个注意细节

    注册香港公司过程中的几个注意细节 我国现行法律,个人创业的法律途径主要有:设立有限责任公司:申请登记从事个体工商业:设立个人独资企业:设立合伙企业. 一.注册底线 一.有限责任公司:最低注册资本10万 ...

  9. 转转登录一直显示服务器错误,[转]已成功与服务器建立连接但是在登录过程中发生错误。provid...

    已 成功 与 服务器 建立 连接 但是 在 登录 过程 中 发生 错误 . provider 共享 内存 提供 程序 error 0 管道 的另一端上无 任何 进程 . 分类: sql server ...

最新文章

  1. 循环神经网络实现文本情感分类之Pytorch中LSTM和GRU模块使用
  2. 判断一个数组是否是另一个数组的子集
  3. 用linux集成电路版图设计,集成电路版图设计教程2012版本
  4. ML重要概念:梯度(Gradient)与梯度下降法(Gradient Descent)
  5. C# 中的yield使用
  6. #感恩节# 华为云21天转型容器实战营免费开营
  7. 如何避免Java线程中的死锁?
  8. 哈佛大学计算机科学专,哈佛大学计算机科学专业
  9. 2018.08.09洛谷P3959 宝藏(随机化贪心)
  10. 信息学奥赛C++语言:百钱买百鸡
  11. 从SQL中相对于日期的特定周获取数据
  12. 熟悉的指标,多重的应用
  13. nginx php 104,记一次nginx 502排错经历:recv() failed (104: Connection reset by peer)
  14. python sorted函数
  15. 同济大学计算机直博生条件,同济大学攻读博士学位研究生培养工作规定(2016年修订).doc...
  16. 用javascript实现调用本地用户程序
  17. 两步教你在安卓中快速使用矢量图
  18. 关于idea无法使用搜狗输入法打出汉字的解决方案(转)
  19. 武汉加油!中国加油!小峯加油!大家加油!
  20. sublime text 3搭建Python3的开发环境

热门文章

  1. [1173]regexp_replace()、regexp_substr()、regexp_instr()函数的用法
  2. JavaScript高级程序设计(第4版)(红宝书)的学习笔记
  3. 通达信自动提示启明星、黄昏星K线组合形态(含指标公式源码)
  4. C语言解析WAV音频文件
  5. OpenFile函数使用说明
  6. 数据sqlite 矢量切片_矢量切片(Vector tile)
  7. 51单片机 SPI协议通信
  8. Vivado中Testbench模板(自用)
  9. 集体智慧编程——提供推荐
  10. 2022年第十一届认证杯数学中国数学建模国际赛小美赛:D题野生动物贸易是否应该长期禁止建模 38页一等奖论文及代码