Versions Compared

Old Version 4

changes.mady.by.user Branko Marovic

Saved on

compared with

New Version 5

changes.mady.by.user Branko Marovic

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Create a copy of this page as a sibling and fill in that copy as instructed below.

Describe the platform

To ensure a successful test of the authenticator, please follow these steps:

  • Prepare the authenticator that you wish to test. It is recommended to use it only for this test to avoid any conflicts. If necessary, delete the passkey and reset the authenticator's settings (e.g., disable PIN, unregister fingerprint). Sounds scary. What ib I already have something on it, or had some UV set?
    • It
    • it may be a hardware authenticator, such as a YubiKey.
    • it It may be an operating system authenticator, such as Touch ID or Windows Hello.
    • it It may be a software authenticator, such as tpm-fido.
    • it It may be a password manager with passkey support, such as Dashlane.
  • Fill in details about the authenticator in the table below (vendor, model, OS, browser):

Tester:
@ (name yourself)


Date:
Use '//' wiki date
Authenticator (device) vendor
Yubico, Apple, Dell, HP, Android phone brand...
Authenticator (device) model:
YubiKey 5, iPhone 13, PC model name, MacBook year size, MacBook Air year size, MacBook Pro year size...
OS and its version:
iOS 13, macOS 10.5.8, Windows 10 22h2, Windows 11 22h2, Android 13...


Browser and its version:
Chrome 114, Firefox 114...
I registered a PIN/password/finger/face in the authenticator before the session:
(I guess that should be set for the entire session)
Enter yes or no

  • Be prepared to capture screenshots of each system/browser dialogue that appears. (Later in this process, you will register a passkey multiple times)

...

  • If there are any options or settings related to "passkeys", "security keys" or similar in your OS/device/... spaceship settings, make screenshots and attach them here. If there are any options or settings related to "passkeys", "security keys" or similar in your OS/device/... settings, make screenhots and attach them here.
    • If there are password manager options, only capture them.
    • If there are browser options, only capture them instead.
    • If there are browser operating system options, only capture them instead.

This is an exemplary path, screenshot only the screen(s) with passkey options (the last one below):

Image Modified

Place screenshots on the right:


Get diagnostics

Copy-paste the diagnostic results on the right as text (rows are

labelled

labeled the same, but you may have different values):

Platform authenticator (isUVPAA) Available

Conditional Mediation (Autofill UI) Not defined

CTAP2 support (Firefox) Supported



Set repeated settings

  • Click the "+" button to create a passkey. Choose the following values:
    • RP Info: This domain
    • User Info: Bob
    • Attachment: undefined
    • Require Resident Key: true
    • Resident Key (L2): required

...

  • Select User Verification: Discouraged and click CREATE.
  • I think we should request screenshots at only one creation test, you choose where. Probably not here but in the next creation!!!

Place screenshot(s)

in the cell

on the right:
If some options are offered, snapshot them

too

, but do not change anything!


  • Copy-paste the result from the web app.

Copy-paste the result

into the cell

on the right:
Put unsupported if there was an error


  • Select User Verification: Required and click CREATE.

...

Place screenshot(s) in the cell on the right
If some options are offered, snapshot that too, but do not change anything

  • Copy-paste the result from the web app.

Copy-paste the result

into the cell

on the right
Put unsupported if there was an error


  • Should this remain?User Verification: Required

...

  • Select Attestation: Enterprise and click CREATE.
    1. Copy-paste the resulting registration data into row 3. Attestation: Enterprise, or input "unsupported" if there was an error.
  • Select Attestation: Direct and click CREATE.
    1. Copy-paste the resulting registration data into row 4. Attestation: Direct, or input "unsupported" if there was an error.
  • Select Attestation: Indirect and click CREATE.
    1. Copy-paste the resulting registration data into row 5. Attestation: Indirect, or input "unsupported" if there was an error.
  • Select Attestation: None and click CREATE.
    1. Copy-paste the resulting registration data into row 6. Attestation: None, or input "unsupported" if there was an error.
  • If none of the previous four tries worked, select Attestation: Undefined and click CREATE.
    1. Copy-paste the resulting registration data into row 6. Attestation: None, or input "unsupported" if there was an error.
  • If Attestation: Direct worked, select it; otherwise, if Attestation: Indirect worked, select it; otherwise select Attestation: Undefined

...

  • Select CredProtect Extension: userVerificationOptional and click CREATE.
    1. Copy-paste the resulting registration data into row 7. CredProtect Extension: userVerificationOptional, or input "unsupported" if there was an error.
  • Select CredProtect Extension: userVerificationOptionalWithCredentialIDList and click CREATE.
    1. Copy-paste the resulting registration data into row 8. CredProtect Extension: userVerificationOptionalWithCredentialIDList, or input "unsupported" if there was an error.
  • Select CredProtect Extension: userVerificationRequired and click CREATE.
    1. Copy-paste the resulting registration data into row 9. CredProtect Extension: userVerificationRequired, or input "unsupported" if there was an error.
  • If none of the previous three tries worked, select CredProtect Extension: Undefined and click CREATE.
    1. Copy-paste the resulting registration data into row 7. CredProtect Extension: userVerificationOptional, or input "unsupported" if there was an error.
  • Select CredProtect Extension: Undefined (if not selected already)

Test cryptography

  • Unchecking Uncheck all following checkboxes: Use ES256, Use ES384, Use ES512, Use RS256, Use EdDSA.
  • Check Use ES256 and click CREATE.
    1. Copy-paste the resulting registration data into row 10. ES256, or input "unsupported" if there was an error.
    2. What about Use ES256? Clear it?
  • Check Use ES384 and click CREATE.
    1. Copy-paste the resulting registration data into row 11. ES384, or input "unsupported" if there was an error.
  • Check Use ES512 and click CREATE.
    1. Copy-paste the resulting registration data into row 12. ES512, or input "unsupported" if there was an error.
  • Check Use RS256 and click CREATE.
    1. Copy-paste the resulting registration data into row 13. RS256, or input "unsupported" if there was an error.
  • Check Use EdDSA and click CREATE.
    1. Copy-paste the resulting registration data into row 14. EdDSA, or input "unsupported" if there was an error.


I would skip this, and , if needed, place some identifying labels above for easier extraction from test results pages.

The results will be aggregated into the summarised table below.

...