signature=694cde3d7f2450116894167453553a22,FIDO-U2F-Ledger 注册和登录过程中chrome和后台交互log分析...
注册流程
LOG
Successfully registered device:
No vendor metadata present!
No device metadata present!
Device transports: USB
Registration Request javascript demo
var request = {"appId":"https://localhost:8443","registeredKeys":[],"registerRequests":[{"version":"U2F_V2","challenge":"nHglnR_DvvW08BojQ22-Rai02rtTbNVePPwThhGprhc","appId":"https://localhost:8443"}]};
setTimeout(function() {
u2f.register(
request.appId,
request.registerRequests,
request.registeredKeys,
function(data) {
var form = document.getElementById('form');
var reg = document.getElementById('tokenResponse');
if(data.errorCode) {
switch (data.errorCode) {
case 4:
alert("This device is already registered.");
break;
default:
alert("U2F failed with error: " + data.errorCode);
}
} else {
reg.value=JSON.stringify(data);
form.submit();
}
}
);
}, 1000);
Registration Response
{"registrationData":"BQQ4UIiAZhalc13Bxhwu_DofZNrLSBsncFO5WxsW2zEO_Pr4nxu8ig3B6qCQSwPH10EWikYvi5fI4i5OJos3bumFQOrI8E1g6-q6hER5EB6u8Y7vIxJtYqyfeHVEIc06z57FOZp0q4B2imcsambi6DoqGTlW9uLq0KjwT-h2pG4A1ecwggFdMIIBA6ADAgECAgEhMAoGCCqGSM49BAMCMCcxJTAjBgNVBAMMHExlZGdlciBGSURPIEF0dGVzdGF0aW9uIENBIDEwHhcNMTYwNzIxMTMzNjM3WhcNMjYwNzA5MTMzNjM3WjAwMS4wLAYDVQQDDCVMZWRnZXIgTmFuby1TIFUyRiBBdHRlc3RhdGlvbiBCYXRjaCAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEI8J_LIn2QsqirK_YkUx6ptPiwEs3El32mhaGcljsQEYwmAv4nEMs5onv7ARvWlz0YdAjNaCDhJh4YOH81wzTh6MXMBUwEwYLKwYBBAGC5RwCAQEEBAMCBSAwCgYIKoZIzj0EAwIDSAAwRQIgehonosveKXiCa-D9vUyoXj9uP3JBfFlo26lAfmDEahQCIQCPKv96_v9Vz4_O1_V5z-ych5QKpUQlYMbnnz2gGqpqQjBFAiEAkzvV7NJhADZ_ZZ9dvX-FlWGYIGuJiH9KlRYbmtTW1W0CIF9k8Znioi4ve_E56BEiYSCiY2T_-_XjwqaK7zOZadMV","clientData":"eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6Im5IZ2xuUl9EdnZXMDhCb2pRMjItUmFpMDJydFRiTlZlUFB3VGhoR3ByaGMiLCJvcmlnaW4iOiJodHRwczovL2xvY2FsaG9zdDo4NDQzIiwiY2lkX3B1YmtleSI6InVudXNlZCJ9"}
Registration data
DeviceRegistration{Key handle=6sjwTWDr6rqERHkQHq7xju8jEm1irJ94dUQhzTrPnsU5mnSrgHaKZyxqZuLoOioZOVb24urQqPBP6HakbgDV5w, Public key=BDhQiIBmFqVzXcHGHC78Oh9k2stIGydwU7lbGxbbMQ78-vifG7yKDcHqoJBLA8fXQRaKRi-Ll8jiLk4mizdu6YU, Counter=-1, Attestation certificate= [0] Version: 3
SerialNumber: 33
IssuerDN: CN=Ledger FIDO Attestation CA 1
Start Date: Thu Jul 21 21:36:37 GMT+08:00 2016
Final Date: Thu Jul 09 21:36:37 GMT+08:00 2026
SubjectDN: CN=Ledger Nano-S U2F Attestation Batch 1
Public Key: EC Public Key
X: 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046
Y: 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387
Signature Algorithm: SHA256WITHECDSA
Signature: 304502207a1a27a2cbde2978826be0fdbd4ca85e
3f6e3f72417c5968dba9407e60c46a140221008f
2aff7afeff55cf8fced7f579cfec9c87940aa544
2560c6e79f3da01aaa6a42
Extensions:
critical(false) 1.3.6.1.4.1.45724.2.1.1 value = DER Bit String[1, 5]
}
Navigation
Register
Login
注册验签流程
Base64 URL解码注册返回值Registration Response中的registrationData,得到
0504385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee98540eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e73082015d30820103a003020102020121300a06082a8648ce3d04030230273125302306035504030c1c4c6564676572204649444f204174746573746174696f6e2043412031301e170d3136303732313133333633375a170d3236303730393133333633375a3030312e302c06035504030c254c6564676572204e616e6f2d5320553246204174746573746174696f6e20426174636820313059301306072a8648ce3d020106082a8648ce3d0301070342000423c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec404630980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387a31730153013060b2b0601040182e51c020101040403020520300a06082a8648ce3d040302034800304502207a1a27a2cbde2978826be0fdbd4ca85e3f6e3f72417c5968dba9407e60c46a140221008f2aff7afeff55cf8fced7f579cfec9c87940aa5442560c6e79f3da01aaa6a423045022100933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d02205f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315
解析上面的值:
05 // reserved bytes
04385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985 // user public key
40 // key handle length
eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e7 // key handle
3082015d30820103a003020102020121300a06082a8648ce3d04030230273125302306035504030c1c4c6564676572204649444f204174746573746174696f6e2043412031301e170d3136303732313133333633375a170d3236303730393133333633375a3030312e302c06035504030c254c6564676572204e616e6f2d5320553246204174746573746174696f6e20426174636820313059301306072a8648ce3d020106082a8648ce3d0301070342000423c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec404630980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387a31730153013060b2b0601040182e51c020101040403020520300a06082a8648ce3d040302034800304502207a1a27a2cbde2978826be0fdbd4ca85e3f6e3f72417c5968dba9407e60c46a140221008f2aff7afeff55cf8fced7f579cfec9c87940aa5442560c6e79f3da01aaa6a42 // attestation certificate,ledger设备内的证书
3045022100933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d02205f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315 // signature
组装要验签数据的原文:
00 // RFU
8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E // application parameter
// -----application parameter得到的过程---------
// https://localhost:8443 (utf8 -> hex) 68747470733A2F2F6C6F63616C686F73743A38343433 (sha256) 8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E
// ---------------------------------------------
754F2FD33DA3F7E0B89D8702AC28D1E89036A59818EACB005B073279260AA759 // challenge parameter
// -----challenge parameter得到的过程---------
// client data Base64Url解码后的字符串按照utf8编码进行sha256
// client data base64Url解码结果为:
// {"typ":"navigator.id.finishEnrollment","challenge":"nHglnR_DvvW08BojQ22-Rai02rtTbNVePPwThhGprhc","origin":"https://localhost:8443","cid_pubkey":"unused"}
// 转为utf8编码的hex为:
// 7B22747970223A226E6176696761746F722E69642E66696E697368456E726F6C6C6D656E74222C226368616C6C656E6765223A226E48676C6E525F447676573038426F6A5132322D5261693032727454624E56655050775468684770726863222C226F726967696E223A2268747470733A2F2F6C6F63616C686F73743A38343433222C226369645F7075626B6579223A22756E75736564227D
// sha256的结果为: 754F2FD33DA3F7E0B89D8702AC28D1E89036A59818EACB005B073279260AA759
// --------------------------------------------
eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e7 // key handle
04385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985 // user public key
组装后的结果:
00 8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E 754F2FD33DA3F7E0B89D8702AC28D1E89036A59818EACB005B073279260AA759 eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e704385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985
008d25ae631d8858ff58e46467e730b22e5bf728f96853c59383aaf3f1b5cb1b3e754f2fd33da3f7e0b89d8702ac28d1e89036a59818eacb005b073279260aa759eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e704385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985
结果做sha256:
4006D3FD69C519BAE1EF7C6F75ECA1036E87078F3BAC2A9F162B0C392716598B
将signature拆分为r和s
3045 0221 00933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d 0220 5f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315
0221是长度,前面的00去掉
r= 933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d
s= 5f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315
使用ecc工具验签:
Qx= 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046 // 证书里面的公钥x
Qy= 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387 // 证书里面的公钥y
Hm= 4006D3FD69C519BAE1EF7C6F75ECA1036E87078F3BAC2A9F162B0C392716598B // 组装后的验签数据做sha256的结果
r= 933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d
s= 5f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315
使用ECC Tool工具,曲线选择Secp256r1,进行验签,通过。
用代码验证response结果是否正确
final String response = "{\"registrationData\":\"BQQ4UIiAZhalc13Bxhwu_DofZNrLSBsncFO5WxsW2zEO_Pr4nxu8ig3B6qCQSwPH10EWikYvi5fI4i5OJos3bumFQOrI8E1g6-q6hER5EB6u8Y7vIxJtYqyfeHVEIc06z57FOZp0q4B2imcsambi6DoqGTlW9uLq0KjwT-h2pG4A1ecwggFdMIIBA6ADAgECAgEhMAoGCCqGSM49BAMCMCcxJTAjBgNVBAMMHExlZGdlciBGSURPIEF0dGVzdGF0aW9uIENBIDEwHhcNMTYwNzIxMTMzNjM3WhcNMjYwNzA5MTMzNjM3WjAwMS4wLAYDVQQDDCVMZWRnZXIgTmFuby1TIFUyRiBBdHRlc3RhdGlvbiBCYXRjaCAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEI8J_LIn2QsqirK_YkUx6ptPiwEs3El32mhaGcljsQEYwmAv4nEMs5onv7ARvWlz0YdAjNaCDhJh4YOH81wzTh6MXMBUwEwYLKwYBBAGC5RwCAQEEBAMCBSAwCgYIKoZIzj0EAwIDSAAwRQIgehonosveKXiCa-D9vUyoXj9uP3JBfFlo26lAfmDEahQCIQCPKv96_v9Vz4_O1_V5z-ych5QKpUQlYMbnnz2gGqpqQjBFAiEAkzvV7NJhADZ_ZZ9dvX-FlWGYIGuJiH9KlRYbmtTW1W0CIF9k8Znioi4ve_E56BEiYSCiY2T_-_XjwqaK7zOZadMV\",\"clientData\":\"eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6Im5IZ2xuUl9EdnZXMDhCb2pRMjItUmFpMDJydFRiTlZlUFB3VGhoR3ByaGMiLCJvcmlnaW4iOiJodHRwczovL2xvY2FsaG9zdDo4NDQzIiwiY2lkX3B1YmtleSI6InVudXNlZCJ9\"}";
final String appId = "https://localhost:8443";
final String challenge = "nHglnR_DvvW08BojQ22-Rai02rtTbNVePPwThhGprhc";
RegisterResponse registerResponse = RegisterResponse.fromJson(response);
final RegisterRequest registerRequest = new RegisterRequest(challenge, appId);
List registerRequestList = new ArrayList(1) {
{
add(registerRequest);
}
};
RegisterRequestData registerRequestData = new RegisterRequestData("https://localhost:8443", null, registerRequestList);
U2F u2f = new U2F();
DeviceRegistration registration = u2f.finishRegistration(registerRequestData, registerResponse);
System.out.println("-------registration------\n" + registration);
如果代码出现错误会报异常,需要依赖u2flib-server-core,gradle配置为: compile "com.yubico:u2flib-server-core:0.19.0"
代码输出:
---hash---
bytes=68747470733a2f2f6c6f63616c686f73743a38343433
---hash---
bytes=7b22747970223a226e6176696761746f722e69642e66696e697368456e726f6c6c6d656e74222c226368616c6c656e6765223a226e48676c6e525f447676573038426f6a5132322d5261693032727454624e56655050775468684770726863222c226f726967696e223a2268747470733a2f2f6c6f63616c686f73743a38343433222c226369645f7075626b6579223a22756e75736564227d
---checkSignature---
publicKey toString=EC Public Key
X: 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046
Y: 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387
publicKey getFormat=X.509
signedBytes=008d25ae631d8858ff58e46467e730b22e5bf728f96853c59383aaf3f1b5cb1b3e754f2fd33da3f7e0b89d8702ac28d1e89036a59818eacb005b073279260aa759eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e704385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985
---hash---
bytes=008d25ae631d8858ff58e46467e730b22e5bf728f96853c59383aaf3f1b5cb1b3e754f2fd33da3f7e0b89d8702ac28d1e89036a59818eacb005b073279260aa759eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e704385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985
signedBytes sha256=4006d3fd69c519bae1ef7c6f75eca1036e87078f3bac2a9f162b0c392716598b
signature=3045022100933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d02205f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315
-------registration------
DeviceRegistration{Key handle=6sjwTWDr6rqERHkQHq7xju8jEm1irJ94dUQhzTrPnsU5mnSrgHaKZyxqZuLoOioZOVb24urQqPBP6HakbgDV5w, Public key=BDhQiIBmFqVzXcHGHC78Oh9k2stIGydwU7lbGxbbMQ78-vifG7yKDcHqoJBLA8fXQRaKRi-Ll8jiLk4mizdu6YU, Counter=-1, Attestation certificate= [0] Version: 3
SerialNumber: 33
IssuerDN: CN=Ledger FIDO Attestation CA 1
Start Date: Thu Jul 21 21:36:37 GMT+08:00 2016
Final Date: Thu Jul 09 21:36:37 GMT+08:00 2026
SubjectDN: CN=Ledger Nano-S U2F Attestation Batch 1
Public Key: EC Public Key
X: 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046
Y: 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387
Signature Algorithm: SHA256WITHECDSA
Signature: 304502207a1a27a2cbde2978826be0fdbd4ca85e
3f6e3f72417c5968dba9407e60c46a140221008f
2aff7afeff55cf8fced7f579cfec9c87940aa544
2560c6e79f3da01aaa6a42
Extensions:
critical(false) 1.3.6.1.4.1.45724.2.1.1 value = DER Bit String[1, 5]
}
如何用代码解析证书内容并打印
X509Certificate certificate = CertificateParser.parseDer(ByteUtil.fromHex("3082015d 30820103a003020102020121300a06082a8648ce3d04030230273125302306035504030c1c4c6564676572204649444f204174746573746174696f6e2043412031301e170d3136303732313133333633375a170d3236303730393133333633375a3030312e302c06035504030c254c6564676572204e616e6f2d5320553246204174746573746174696f6e20426174636820313059301306072a8648ce3d020106082a8648ce3d0301070342000423c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec404630980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387a31730153013060b2b0601040182e51c020101040403020520300a06082a8648ce3d040302034800304502207a1a27a2cbde2978826be0fdbd4ca85e3f6e3f72417c5968dba9407e60c46a140221008f2aff7afeff55cf8fced7f579cfec9c87940aa5442560c6e79f3da01aaa6a42"));
System.out.println("parse cer----------\n" + certificate + "\n-----------");
需要依赖u2flib-server-core,gradle配置为: compile "com.yubico:u2flib-server-core:0.19.0"
输出为:
parse cer----------
[0] Version: 3
SerialNumber: 33
IssuerDN: CN=Ledger FIDO Attestation CA 1
Start Date: Thu Jul 21 21:36:37 GMT+08:00 2016
Final Date: Thu Jul 09 21:36:37 GMT+08:00 2026
SubjectDN: CN=Ledger Nano-S U2F Attestation Batch 1
Public Key: EC Public Key
X: 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046
Y: 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387
Signature Algorithm: SHA256withECDSA
Signature: 304502207a1a27a2cbde2978826be0fdbd4ca85e
3f6e3f72417c5968dba9407e60c46a140221008f
2aff7afeff55cf8fced7f579cfec9c87940aa544
2560c6e79f3da01aaa6a42
Extensions:
critical(false) 1.3.6.1.4.1.45724.2.1.1 value = DER Bit String[1, 5]
-----------
登录流程
LOG
Successfully authenticated!
Sign Request javascript demo
var request = {"appId":"https://localhost:8443","challenge":"rGl4xDEPQg5lVdtktr2nOygEh0dP9I9WsdBLW1hpjzI","signRequests":[{"version":"U2F_V2","challenge":"rGl4xDEPQg5lVdtktr2nOygEh0dP9I9WsdBLW1hpjzI","appId":"https://localhost:8443","keyHandle":"6sjwTWDr6rqERHkQHq7xju8jEm1irJ94dUQhzTrPnsU5mnSrgHaKZyxqZuLoOioZOVb24urQqPBP6HakbgDV5w"}]};
setTimeout(function() {
if (request.signRequests.length > 0) {
u2f.sign(
request.appId,
request.challenge,
request.signRequests,
function(data) {
if(data.errorCode) {
switch (data.errorCode) {
case 4:
alert("This device is not registered for this account.");
break;
default:
alert("U2F failed with error code: " + data.errorCode);
}
return;
} else {
document.getElementById('tokenResponse').value = JSON.stringify(data);
document.getElementById('form').submit();
}
}
);
}
}, 1000);
Sign response
{"clientData":"eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZ2V0QXNzZXJ0aW9uIiwiY2hhbGxlbmdlIjoickdsNHhERVBRZzVsVmR0a3RyMm5PeWdFaDBkUDlJOVdzZEJMVzFocGp6SSIsIm9yaWdpbiI6Imh0dHBzOi8vbG9jYWxob3N0Ojg0NDMiLCJjaWRfcHVia2V5IjoidW51c2VkIn0","signatureData":"AQAAABMwRQIhAKpHI3mf1iCP3gb_63CxVH3M3nOPiOg3CHyHS9xc8kRxAiB6YJ0jQfmSQn1AAo7HSIDGDQ0zhI5JVyUZyQV2qlfP7A","keyHandle":"6sjwTWDr6rqERHkQHq7xju8jEm1irJ94dUQhzTrPnsU5mnSrgHaKZyxqZuLoOioZOVb24urQqPBP6HakbgDV5w"}
Navigation
Register
Login
登录验签过程
将signatureData进行base64Url解码:
01000000133045022100aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf2447102207a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec
解析:
01 // user presence
00000013 // counter
3045022100aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf2447102207a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec // signature
验签原数据组织:
8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E // application parameter
// -----application parameter得到的过程---------
// https://localhost:8443 (utf8 -> hex) 68747470733A2F2F6C6F63616C686F73743A38343433 (sha256) 8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E
// ---------------------------------------------
01 // user presence
00000013 // counter
54E97D96C213D1D31DE579D21248D9AC59E9A8E98DE371C4A97395D272C06388 // challenge parameter
// -----challenge parameter得到的过程---------
// 将clientData进行base64Url解码为hex:
// 7b22747970223a226e6176696761746f722e69642e676574417373657274696f6e222c226368616c6c656e6765223a2272476c34784445505167356c5664746b7472326e4f79674568306450394939577364424c573168706a7a49222c226f726967696e223a2268747470733a2f2f6c6f63616c686f73743a38343433222c226369645f7075626b6579223a22756e75736564227d
// 将hex进行sha256:
// 54E97D96C213D1D31DE579D21248D9AC59E9A8E98DE371C4A97395D272C06388
// --------------------------------------------
组装起来:
8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E 01 00000013 54E97D96C213D1D31DE579D21248D9AC59E9A8E98DE371C4A97395D272C06388
8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E010000001354E97D96C213D1D31DE579D21248D9AC59E9A8E98DE371C4A97395D272C06388
进行sha256:
BBC5EE15179D8D1F7A863D5AF9472B310F596FE22748445D309BF5058ABC7275
注册时的user public key信息
04 385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efc faf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985
从signature中解析r和s
3045 0221 00aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf24471 0220 7a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec
0221是长度,前面的00去掉
r= aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf24471
s= 7a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec
使用ecc工具验签:
Qx= 385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efc // user public key x,这个数据从注册时的信息得来
Qy= faf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985 // user public key y
Hm= BBC5EE15179D8D1F7A863D5AF9472B310F596FE22748445D309BF5058ABC7275 // 组装后的验签数据做sha256的结果
r= aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf24471
s= 7a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec
使用ECC Tool工具,曲线选择Secp256r1,进行验签,通过。
signature=694cde3d7f2450116894167453553a22,FIDO-U2F-Ledger 注册和登录过程中chrome和后台交互log分析...相关推荐
- 已成功与服务器建立连接,但是在登录过程中发生错误。 (provider: SSL Provider, error: 0 - 接收到的消息异常,或格式不正确。)...
之前做好的asp.net部署后,发现 访问数据库时: 异常:已捕获: "已成功与服务器建立连接,但是在登录过程中发生错误. (provider: SSL Provider, error: 0 ...
- 已成功与服务器建立连接,但是在登录过程中发生错误。 (provider: SSL Provider, error: 0 - 接收到的消息异常,或格式不正确。)
已成功与服务器建立连接,但是在登录过程中发生错误. (provider: SSL Provider, error: 0 - 接收到的消息异常,或格式不正确.) 参考文章: (1)已成功与服务器建立连接 ...
- SQL SEVER登录失败,无法连接服务器或已成功与服务器建立连接,但是在登录过程中发生错误。(Win10版本,SQL 2019)
一.首先无法登陆到服务器可以检查一下操作是否打开 1.点进服务器属性 2.然后点进安全性,看下服务器身份验证是SQL SEVER 和Windows身份验证模式,,以及登录审核是否是仅限失败的登录 二. ...
- SQL Server 2008 问题——已成功与服务器建立连接,但是在登录过程中发生错误。
登录报错:已成功与服务器建立连接,但是在登录过程中发生错误. (provider: 共享内存提供程序, error: 0 - 管道的另一端上无任何进程. 解决办法:先用windows模式登录上去,然后 ...
- SQL Server(解决问题)已成功与服务器建立连接,但是在登录过程中发生错误
SQL Server(解决问题)已成功与服务器建立连接,但是在登录过程中发生错误 SQL Server(解决问题)已成功与服务器建立连接,但是在登录过程中发生错误.provider: Shared M ...
- 已成功与服务器建立连接,但是在登录过程中发生错误。(provider:TCP提供程序,error:0-指定的网络名不再可用。)(Microsoft SQL Server,错误:64)
问题的发生:今天处于公网的测试服务器数据库SQL SERVER 2008 在连接时突然报错: 已成功与服务器建立连接,但是在登录过程中发生错误.(provider:TCP提供程序,error:0-指定 ...
- .net连接Sql时出现已成功与服务器建立连接,但是在登录过程中发生错误。 (provider: TCP 提供程序, error: 0 - 指定的网络名不再可用。) ...
已成功与服务器建立连接,但是在登录过程中发生错误. (provider: TCP 提供程序, error: 0 - 指定的网络名不再可用.) 今天早上的程序还好好的,下午休息后打开程序,用户登录后发现 ...
- 注册香港公司过程中的几个注意细节
注册香港公司过程中的几个注意细节 我国现行法律,个人创业的法律途径主要有:设立有限责任公司:申请登记从事个体工商业:设立个人独资企业:设立合伙企业. 一.注册底线 一.有限责任公司:最低注册资本10万 ...
- 转转登录一直显示服务器错误,[转]已成功与服务器建立连接但是在登录过程中发生错误。provid...
已 成功 与 服务器 建立 连接 但是 在 登录 过程 中 发生 错误 . provider 共享 内存 提供 程序 error 0 管道 的另一端上无 任何 进程 . 分类: sql server ...
最新文章
- 循环神经网络实现文本情感分类之Pytorch中LSTM和GRU模块使用
- 判断一个数组是否是另一个数组的子集
- 用linux集成电路版图设计,集成电路版图设计教程2012版本
- ML重要概念:梯度(Gradient)与梯度下降法(Gradient Descent)
- C# 中的yield使用
- #感恩节# 华为云21天转型容器实战营免费开营
- 如何避免Java线程中的死锁?
- 哈佛大学计算机科学专,哈佛大学计算机科学专业
- 2018.08.09洛谷P3959 宝藏(随机化贪心)
- 信息学奥赛C++语言:百钱买百鸡
- 从SQL中相对于日期的特定周获取数据
- 熟悉的指标,多重的应用
- nginx php 104,记一次nginx 502排错经历:recv() failed (104: Connection reset by peer)
- python sorted函数
- 同济大学计算机直博生条件,同济大学攻读博士学位研究生培养工作规定(2016年修订).doc...
- 用javascript实现调用本地用户程序
- 两步教你在安卓中快速使用矢量图
- 关于idea无法使用搜狗输入法打出汉字的解决方案(转)
- 武汉加油!中国加油!小峯加油!大家加油!
- sublime text 3搭建Python3的开发环境
热门文章
- [1173]regexp_replace()、regexp_substr()、regexp_instr()函数的用法
- JavaScript高级程序设计(第4版)(红宝书)的学习笔记
- 通达信自动提示启明星、黄昏星K线组合形态(含指标公式源码)
- C语言解析WAV音频文件
- OpenFile函数使用说明
- 数据sqlite 矢量切片_矢量切片(Vector tile)
- 51单片机 SPI协议通信
- Vivado中Testbench模板(自用)
- 集体智慧编程——提供推荐
- 2022年第十一届认证杯数学中国数学建模国际赛小美赛:D题野生动物贸易是否应该长期禁止建模 38页一等奖论文及代码