Page History

...

Tester: @ (name yourself){10{	Branko Marovic
}}Date: Use '//' to input date{15{	03 Jul 2023
}}Authenticator (or device) vendor: Yubico, Apple, Dell, HP, Android phone brand...{3{	Lenovo
}}Authenticator (or device) model: YubiKey 5 NFC, iPhone 13, PC model name, MacBook year size, MacBook Air year size, MacBook Pro year size...{20{	IdeaPad 720S 14in
}}OS and its version: iOS 13, macOS 10.5.8, Windows 10 22H2, Windows 11 22H2, Android 13...{25{	Windows 11 22H2
}}Browser and its version: Chrome 114, Firefox 114...{30{	Chrome 114.0.5735.199
}}I registered a PIN/password/finger/face in the authenticator before the session: Enter yes Yes or no No (The situation where you have not previously registered in the authenticator is interesting for checking if the passkey creation will include this trigger user registration.){35{	yesYes

}}

Be prepared to capture screenshots of each system/browser dialogue that appears. Later in this process, you will register a passkey multiple times.

...

- Windows 11: Settings > Accounts > Passkeys
- iOS: Settings > Apple ID > iCloud > Passwords & Keychain
- Chrome (Windows): Settings > Autofill and passwords > Password Manager > Manage passkeys

These are exemplary paths. You need to screenshot the only passkey-relates options

...

Image Removed

. Please paste screenshots in or outside this table as suitable:

Get diagnostics

Open https://webauthntest.identitystandards.io/.
Click the "..." button.

}}Copy-paste the diagnostic results on the right as text (rows are labelled the same):

Platform authenticator (isUVPAA) :

Conditional Mediation (Autofill UI) :

CTAP2 support (Firefox) :

{40{

Platform authenticator (isUVPAA)Available

Conditional Mediation (Autofill UI)Supported

CTAP2 support (Firefox)Not defined

}}

Set repeated settings

Click the "+" button to create a passkey. Choose the following values:
- RP Info: This domain
- User Info: Bob
- Attachment: undefinedUndefined
- Require Resident Key: trueTrue
- Resident Key (L2): requiredRequired

It should look like this:

...

Capture and paste below the screenshot of various prompts, screens, dialogues, questions or messages that show up during passkey registration as you encounter them.
- If some options are offered, snapshot them as well, but do not change anything.
- Capture screenshots at each step of the first passkey creation.
- Also, capture screenshots when new screens appear during subsequent passkey creations and add them here.
- Try not to duplicate screenshots of the same steps, as interactions will likely look similar.
- If you encounter an error message like "Authenticator data cannot be parsed", it indicates that the combination of arguments used is not supported by the authenticator being tested.
- You can add a note to a screenshot if you encounter an error or find something interesting.

Please insert or paste screenshots in this table as suitable, preferably putting the related screenshots in one row (you can place a note beneath an image in the same cell):

Seq1	In Chrome		After switching to Fingerprint	Second time
Seq2 (just new screens)	On Use ES, Use EdDSA*	After Cancel
Seq3 (just new screens)	Image Added Chrome on timeout of the creation form
Seq4 (just new screens)

Place one row after each?

...

Copy-paste the result on the right:
Put unsupported Unsupported if there was an error{45{

bob@example.com

Credential ID
9CEDF8FC86F71AEB8B73F65C60235370724E9097724E49E50E563C41DFF5268B

RP ID
webauthntest.identitystandards.io

AAGUID
00000000-0000-0000-0000-000000000000

Credential Registration Data [more details]
Key Type: RSA
Discoverable Credential: true
Attestation Type: none (unverified)
UP=1, UV=1, AT=1, ED=0, SignCount=0

Last Authentication Data [more details]
No authentications

...

Copy-paste the result on the right:
Put unsupported Unsupported if there was an error{50{

bob@example.com

Credential ID
05A81DBFA7330EFE5DF83B9DE49CC99EA56992DECF5508C870EB2696240A8F44

RP ID
webauthntest.identitystandards.io

AAGUID
00000000-0000-0000-0000-000000000000

Credential Registration Data [more details]
Key Type: RSA
Discoverable Credential: true
Attestation Type: none (unverified)
UP=1, UV=1, AT=1, ED=0, SignCount=0

Last Authentication Data [more details]
No authentications

...

Copy-paste the result on the right:
Put unsupported Unsupported if there was an error{55{

bob@example.com

Credential ID
85F10FEFCBE8E0EF63F3FC93D3ADBF23D4F0F92C36740C725003D38D0019E10A

RP ID
webauthntest.identitystandards.io

AAGUID
00000000-0000-0000-0000-000000000000

Credential Registration Data [more details]
Key Type: RSA
Discoverable Credential: true
Attestation Type: none (unverified)
UP=1, UV=1, AT=1, ED=0, SignCount=0

Last Authentication Data [more details]
No authentications

...

Copy-paste the result on the right:
Put unsupported Unsupported if there was an error{60{

bob@example.com

Credential ID
C0713674D980EC38E8E5ED8B6F105E6B28F640EA12380B8A213A05C43EFE3C97

RP ID
webauthntest.identitystandards.io

AAGUID
6028B017-B1D4-4C02-B4B3-AFCDAFC96BB2

Credential Registration Data [more details]
Key Type: RSA
Discoverable Credential: true
Attestation Type: packed (unverified)
UP=1, UV=1, AT=1, ED=0, SignCount=0

Last Authentication Data [more details]
No authentications

...

Copy-paste the result on the right:
Put unsupported Unsupported if there was an error{65{

bob@example.com

Credential ID
C4901D36D4BCED62E8B41AD35D480155C3C1D38A397CE4DC81FB5360AE0DEFC3

RP ID
webauthntest.identitystandards.io

AAGUID
6028B017-B1D4-4C02-B4B3-AFCDAFC96BB2

Credential Registration Data [more details]
Key Type: RSA
Discoverable Credential: true
Attestation Type: packed (unverified)
UP=1, UV=1, AT=1, ED=0, SignCount=0

Last Authentication Data [more details]
No authentications

...

Copy-paste the result on the right:
Put unsupported Unsupported if there was an error{70{

bob@example.com

Credential ID
277F30670894579B697920ABBC693274C31EF42E1BEFF872D948D974B516F5D0

RP ID
webauthntest.identitystandards.io

AAGUID
00000000-0000-0000-0000-000000000000

Credential Registration Data [more details]
Key Type: RSA
Discoverable Credential: true
Attestation Type: none (unverified)
UP=1, UV=1, AT=1, ED=0, SignCount=0

Last Authentication Data [more details]
No authentications

...

Copy-paste the result on the right:
Put unsupported Unsupported if there was an error{75{

bob@example.com

Credential ID
FBB5977FD49698A5EBDCEA347DBBE62C250EE96A95D83D79DCBEA9C2E6CA0462

RP ID
webauthntest.identitystandards.io

AAGUID
00000000-0000-0000-0000-000000000000

Credential Registration Data [more details]
Key Type: RSA
Discoverable Credential: true
Attestation Type: none (unverified)
UP=1, UV=1, AT=1, ED=0, SignCount=0

Last Authentication Data [more details]
No authentications

...

Copy-paste the result on the right:
Put unsupported Unsupported if there was an error{80{

bob@example.com

Credential ID
2B4778CE2FA83D3BB086511EA2F70E1899658E9DE496F54A39C2DCA56AF6F778

RP ID
webauthntest.identitystandards.io

AAGUID
6028B017-B1D4-4C02-B4B3-AFCDAFC96BB2

Credential Registration Data [more details]
Key Type: RSA
Discoverable Credential: true
Attestation Type: packed (unverified)
UP=1, UV=1, AT=1, ED=0, SignCount=0

Last Authentication Data [more details]
No authentications

...

Copy-paste the result on the right:
Put unsupported Unsupported if there was an error{85{

bob@example.com

Credential ID
C3C629A8F3414EC7C8A1302DF0762919711EF7262BB9D395087721B3D3582039

RP ID
webauthntest.identitystandards.io

AAGUID
6028B017-B1D4-4C02-B4B3-AFCDAFC96BB2

Credential Registration Data [more details]
Key Type: RSA
Discoverable Credential: true
Attestation Type: packed (unverified)
UP=1, UV=1, AT=1, ED=0, SignCount=0

Last Authentication Data [more details]
No authentications

...

Copy-paste the result on the right:
Put unsupported Unsupported if there was an error{90{

bob@example.com

Credential ID
57A9BEAB12CE815743ACF372BBD39DB22EFC7F90BE720B4128024911077570C6

RP ID
webauthntest.identitystandards.io

AAGUID
6028B017-B1D4-4C02-B4B3-AFCDAFC96BB2

Credential Registration Data [more details]
Key Type: RSA
Discoverable Credential: true
Attestation Type: packed (unverified)
UP=1, UV=1, AT=1, ED=0, SignCount=0

Last Authentication Data [more details]
No authentications

...

Copy-paste the result on the right:
Put unsupported Unsupported if there was an error{95{

bob@example.com

Credential ID
8071C004B5BBE4EC75DD463FAC3A03BD5E6E88F08E683116EF5A24B5E5338D47

RP ID
webauthntest.identitystandards.io

AAGUID
6028B017-B1D4-4C02-B4B3-AFCDAFC96BB2

Credential Registration Data [more details]
Key Type: RSA
Discoverable Credential: true
Attestation Type: packed (unverified)
UP=1, UV=1, AT=1, ED=0, SignCount=0

Last Authentication Data [more details]
No authentications

...

Copy-paste the result on the right: Put unsupported Unsupported if there was an error{100{	Unsupported, required security key Reqiredsecurity key, I chose 'Cancel'

}}

Uncheck Use ES256, check Use ES384 and click CREATE.
Follow the requested steps to create a passkey, then copy-paste the result from the web app.

Copy-paste the result on the right: Put unsupported Unsupported if there was an error{105{	Unsupported, required security key Reqiredsecurity key, I chose 'Cancel'

}}

Uncheck Use ES384, check Use ES512 and click CREATE.
Follow the requested steps to create a passkey, then copy-paste the result from the web app.

Copy-paste the result on the right: Put unsupported Unsupported if there was an error{110{	Unsupported, required security key Reqiredsecurity key, I chose 'Cancel'

}}

Uncheck Use ES512, check Use RS256 and click CREATE.
Follow the requested steps to create a passkey, then copy-paste the result from the web app.

Copy-paste the result on the right:
Put unsupported Unsupported if there was an error{115{

bob@example.com

Credential ID
F96E53AA339979385F8F36447F6C2AC463870D39C1ACEF2F2D3D652022FBDF5B

RP ID
webauthntest.identitystandards.io

AAGUID
6028B017-B1D4-4C02-B4B3-AFCDAFC96BB2

Credential Registration Data [more details]
Key Type: RSA
Discoverable Credential: true
Attestation Type: packed (unverified)
UP=1, UV=1, AT=1, ED=0, SignCount=0

Last Authentication Data [more details]
No authentications

...

Copy-paste the result on the right: Put unsupported Unsupported if there was an error{120{	Unsupported, required security key

}}

...

Conclusion

Do you have any additional observations or comments related to the entire procedure:{125{

The same as for Firefox, except for the extra first screen.

It would be interesting to try to select eg ES512 or EdDSA and also RS256 and see what a security keay would choose.

...

Space shortcuts

Page tree

Versions Compared

Old Version 1

New Version 2

Key

Get diagnostics

Set repeated settings

bob@example.com

bob@example.com

bob@example.com

bob@example.com

bob@example.com

bob@example.com

bob@example.com

bob@example.com

bob@example.com

bob@example.com

bob@example.com

bob@example.com

Conclusion