Hi everyone, I'm working on the verification of the PassKey signature for the integration of PassKey into our product.
I've implemented the verification of P256 signature and it's correctly verifying the passkey signature. However, I want to know if Android's Passkey signature is doing a malleability check
(if the signature's S value is <= N / 2).
If this is the case for Android's passkey, I'm planning to also include this in the service for the signature verification to ensure a higher security level from the Passkey.
Can anyone please help to answer this question? I checked documentation and many articles but this wasn't stated in the documents.
Thank you for your answer in advance.
I've implemented the verification of P256 signature and it's correctly verifying the passkey signature. However, I want to know if Android's Passkey signature is doing a malleability check
(if the signature's S value is <= N / 2).
If this is the case for Android's passkey, I'm planning to also include this in the service for the signature verification to ensure a higher security level from the Passkey.
Can anyone please help to answer this question? I checked documentation and many articles but this wasn't stated in the documents.
Thank you for your answer in advance.
Facebook
Twitter
Instagram