How to check if PublicKey is type of EC and p-256 curve?

[abergs]

I'm able to check that a PubKey is of type ECC (same as EC as far as I understand) by checking the Name property, e.g.

var x5c = o.AttestionObject.AttStmt["x5c"];
var sig= o.AttestionObject.AttStmt["sig"];
var cert = new X509Certificate2(x5c.Values.First().GetByteString());
var pubkeyType = cert.PublicKey.Oid.FriendlyName; // ECC

But how do I check the Curve type, as required by the spec: https://www.w3.org/TR/webauthn/#fido-u2f-attestation

Let attCert be the value of the first element of x5c. Let certificate public key be the public key conveyed by attCert. If certificate public key is not an Elliptic Curve (EC) public key over the P-256 curve, terminate this algorithm and return an appropriate error.

[aseigler]

The PublicKey property of X509Certificate2 seems somewhat deprecated, particularly for EC.

You can validate this public key as follows:

var pubKey = (ECDsaCng) cert.GetECDsaPublicKey();
if (CngAlgorithm.ECDsaP256 != pubKey.Key.Algorithm) throw new Fido2VerificationException();

[abergs]

Nice, thank you! Will add it! /Anders (from phone) On Wed, Aug 1, 2018 at 5:12 PM +0200, "Alex Seigler" <[email protected]> wrote: The PublicKey property of X509Certificate2 seems somewhat deprecated, particularly for EC. You can validate this public key as follows: var pubKey = (ECDsaCng) cert.GetECDsaPublicKey(); if (CngAlgorithm.ECDsaP256 != pubKey.Key.Algorithm) throw new Fido2VerificationException(); — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.