verifyAuthentication ERR_OSSL_EVP_DECODE_ERROR

[conanliuhuan]

Code：

        var challenge = passkey_challenge_store[timestamp];
        var credentialKey = {
		id: passkey.id,
		publicKey: passkey.publicKey,
		algorithm: passkey.algorithm,
	}

	var expected = {
		challenge,
		origin: get_option('nv_home_url'),
		userVerified: true,
	}

	console.log(authentication)
	console.log(credentialId)
	console.log(credentialKey)
	console.log(expected)

	return webAuthnServer.verifyAuthentication(authentication, credentialKey, expected);

Console：

{
  credentialId: 'pADVavwUiRWK_Rf_9ZZEOuZBaogKqJB-pgTIO24Pnxs',
  authenticatorData: 'SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFAAAACQ==',
  clientData: 'eyJjaGFsbGVuZ2UiOiJjMjkxZDJjNS0xMmYxLTQxZTEtODlmMC0zZWQ3MWU3ZWM1ZjUiLCJvcmlnaW4iOiJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJ0eXBlIjoid2ViYXV0aG4uZ2V0In0=',
  signature: 'tRy_rJqHMfiow8nL90BRn8R4aZKXuWmh-xgllLkKiCR2HM8w9-975_tP552zJf-3ygRlbnu3H321vELGDosiSF6MiaDbp5jRGFlUXAW5PcikksdbJCYjao7O5e1zD7dZEQyrxW_Tu8blggwXZ0WvV2jDebEyDiF_Q6QC5cp-qCVLwskGS-_Qlyd4guLWNuEXsJFSvlBAfBC7390Fn5QaJS85EqQ7pO7191QIkoLZGCvPekdKVezzpXjotM7srSn4RGUJQBX6N8B3DAvq0FRa_-pze9k6UF7V13nyJIQPcW-60YbdmPMFpbagjsnTHBRI1RwAsYvKmEu3EMdoZPZ6UQ==',
  userHandle: 'lOXeWfRRCm1598JCasYucIj5F1aL24FwpCtyP5eO83o='
}
pADVavwUiRWK_Rf_9ZZEOuZBaogKqJB-pgTIO24Pnxs
{
  id: 'pADVavwUiRWK_Rf_9ZZEOuZBaogKqJB-pgTIO24Pnxs',
  publicKey: 'MIIBIjANBgkqhkiG9w0BAQsFAAOCAQ8AMIIBCgKCAQEA2JrQ5S5fV3rOc0AmKg7ljFMMcmnA62tjxGl-UVQVo77hsMwPfQjAM6fM3zpdLMWVGT7DN3AyErA2xIIDTcgcLFV0jp0RKwlnNm1uBYXkMlu9qI8XEioeyrwErYbkTKNOvjg4iXL3UU2bDxwUxCFt9ReihjaInfyo3aBjzC22P_fzQf0CUnw6Vo0SeuFdRTX5f1ZQY-56sMnPMyNqB4CBN-ejo9POG8k5nDh0IvaT2x7yfDz_YsB1Smhpj67Cb-Dl-NbqvFjikeYTzeOITBOGCaElJfExupww1DzUY-N9XN2yhph_XP9LvUH6qxc7N_BcoOtfpsDDYrDJ_hyvG6aaOQIDAQAB',
  algorithm: 'RS256'
}
{
  challenge: 'c291d2c5-12f1-41e1-89f0-3ed71e7ec5f5',
  origin: 'http:https://localhost:3000',
  userVerified: true
}
DOMException [DataError]: Invalid keyData
    at new DOMException (node:internal/per_context/domexception:53:5)
    at __node_internal_ (node:internal/util:695:10)
    at Object.rsaImportKey (node:internal/crypto/rsa:219:15)
    at SubtleCrypto.importKey (node:internal/crypto/webcrypto:615:10)
    ... 5 lines matching cause stack trace ...
    at new Promise (<anonymous>) {
  [cause]: Error: error:03000072:digital envelope routines::decode error
      at createPublicKey (node:internal/crypto/keys:619:12)
      at Object.rsaImportKey (node:internal/crypto/rsa:213:21)
      at SubtleCrypto.importKey (node:internal/crypto/webcrypto:615:10)
      at parseCryptoKey (file:///D:/SynologyDrive/Design/Html/nvPress/node_modules/@passwordless-id/webauthn/dist/esm/server.js:92:26)
      at verifySignature (file:///D:/SynologyDrive/Design/Html/nvPress/node_modules/@passwordless-id/webauthn/dist/esm/server.js:107:27)
      at Module.verifyAuthentication (file:///D:/SynologyDrive/Design/Html/nvPress/node_modules/@passwordless-id/webauthn/dist/esm/server.js:31:36)
      at global.async_verify_passkey_login (D:\SynologyDrive\Design\Html\nvPress\nv-includes\method-users.js:306:24)
      at D:\SynologyDrive\Design\Html\nvPress\nv-includes\init_default_users_api.js:163:4
      at new Promise (<anonymous>)
      at callback (D:\SynologyDrive\Design\Html\nvPress\nv-includes\init_default_users_api.js:162:10) {
    library: 'digital envelope routines',
    reason: 'decode error',
    code: 'ERR_OSSL_EVP_DECODE_ERROR'
  }
}

[dagnelies]

Without context, it's hard to determine the problem. Is it only for a specific authenticator? Does it work in the playground ? Where exactly does your passkey object come from? Is it related to your dev environment? ...

But basically, yeah, something look wrong with the key itself.

[conanliuhuan]

Without context, it's hard to determine the problem. Is it only for a specific authenticator? Does it work in the playground ? Where exactly does your passkey object come from? Is it related to your dev environment? ...

But basically, yeah, something look wrong with the key itself.

I create a smallest app only register and login, it still get error

Frontend：

<!DOCTYPE html>
<html>
<head>
	<title></title>
	<script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
</head>
<body>
<button onclick="register()">register</button>
<button onclick="login()">login</button>
<script type="module">
import { client } from 'https://cdn.jsdelivr.net/npm/@passwordless-id/[email protected]/dist/webauthn.min.js'

var challenge = "a7c61ef9-dc23-4806-b486-2428938a547e";

window.register = ()=>{
	client.register('sample_user_name', challenge, {
		authenticatorType: "auto",
		userVerification: "required",
		timeout: 60000,
		attestation: true,
		debug: false,
	})
	.then(registration=>{
		console.log(registration)
		axios({
			method: 'post',
			url: '/register',
			responseType: 'json',
			data: {
				registration,
			}
		})
		.then(({data})=>{
			console.log(data)
			alert("request succeed")
		})
		.catch((err)=>{
			console.log(err)
			alert("request failed")
		})
	})
	.catch((err)=>{
		console.log(err)
		alert("user/platform declined")
	})
}

window.login = ()=>{
	client.authenticate([], challenge, {
		authenticatorType: "auto",
		userVerification: "required",
		timeout: 60000,
	})
	.then(authentication=>{
		axios({
			method: 'post',
			url: '/login',
			responseType: 'json',
			data: {
				authentication,
			}
		})
		.then(({data})=>{
			console.log(data)
			alert("request succeed")
		})
		.catch((err)=>{
			console.log(err)
			alert("request failed")
		})
	})
	.catch((err)=>{
		console.log(err)
		alert("user/platform declined")
	})
}

</script>
</body>
</html>

Backend：

import fs from "fs"
import path from "path"
import express from "express"
import {server as webAuthnServer} from '@passwordless-id/webauthn';


var app = express();
app.use(express.json({limit: '5mb' }));


app.get('/', (req,res)=>{
	res.type("text/html");
	res.send( fs.readFileSync( path.join(process.cwd(),"./web.html") ,{encoding: 'utf-8'}) );
	return;
})

var saved_credential = null;

var challenge = "a7c61ef9-dc23-4806-b486-2428938a547e";

app.post('/register',(req,res)=>{
	var expected = {
		challenge,
		origin: "http:https://localhost:9999"
	}

	webAuthnServer.verifyRegistration(req.body.registration, expected)
	.then(data=>{
		// save key
		saved_credential = data.credential;

		res.json({
			success: 1
		});
	})
	.catch(()=>{
		res.json({
			success: 0
		});
	})
	
})

app.post('/login',(req,res)=>{
	var credentialKey = saved_credential;
	var expected = {
		challenge,
		origin: "http:https://localhost:9999",
		userVerified: true,
	}

	webAuthnServer.verifyAuthentication(req.body.authentication, credentialKey, expected)
	.then(data=>{
		res.json({
			success: 1
		});
	})
	.catch(err=>{
		console.log(err)
		res.json({
			success: 0
		});
	})
})

app.listen(9999,()=>{
	console.log('http:https://localhost:9999')
})

Try this file:
webauthn-test.zip

1. npm install
2. node test
3. browser open http:https://localhost:9999
4. click register
5. click login
6. error will display on the console

[conanliuhuan]

Node.js version: 20.11.1

[conanliuhuan]

Maybe there's something wrong with my Windows11, I tested it on MacOS 13.6, it works well

[dagnelies]

Strange... It looks like the following key cannot be interpreted as RS256 key, dunno why.

{
  id: 'pADVavwUiRWK_Rf_9ZZEOuZBaogKqJB-pgTIO24Pnxs',
  publicKey: 'MIIBIjANBgkqhkiG9w0BAQsFAAOCAQ8AMIIBCgKCAQEA2JrQ5S5fV3rOc0AmKg7ljFMMcmnA62tjxGl-UVQVo77hsMwPfQjAM6fM3zpdLMWVGT7DN3AyErA2xIIDTcgcLFV0jp0RKwlnNm1uBYXkMlu9qI8XEioeyrwErYbkTKNOvjg4iXL3UU2bDxwUxCFt9ReihjaInfyo3aBjzC22P_fzQf0CUnw6Vo0SeuFdRTX5f1ZQY-56sMnPMyNqB4CBN-ejo9POG8k5nDh0IvaT2x7yfDz_YsB1Smhpj67Cb-Dl-NbqvFjikeYTzeOITBOGCaElJfExupww1DzUY-N9XN2yhph_XP9LvUH6qxc7N_BcoOtfpsDDYrDJ_hyvG6aaOQIDAQAB',
  algorithm: 'RS256'
}

I would be interested as well to know what went wrong with this "key".

[conanliuhuan]

My PC do not has TPM hardware. I replaced some system files when I was installing Windows 11. Maybe that caused the problem.