Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Serialization #11

Open
wants to merge 3 commits into
base: devel
Choose a base branch
from
Open

Serialization #11

wants to merge 3 commits into from

Conversation

YSaxon
Copy link

@YSaxon YSaxon commented May 9, 2023

A couple of methods to serialize the software token, (optionally with a password on the private key).

@bodik
Copy link
Owner

bodik commented May 15, 2023

Hi @YSaxon,

thank you for your contribution. I'm just wondering if it's a good idea to bring in pickle which is kind of very python specific binary serialization (webauthn itself uses CBOR) and also in some cases it might bring in some security concerns (like insecure deserialization).

I guess that leaving the binary serialization out-of-scope would make the feature (and the library itself) more versatile ? Do you have any thoughts or strong preferences here ?

@YSaxon
Copy link
Author

YSaxon commented May 15, 2023

@bodik
Good point. I've updated it to use CBOR for byte-serialization instead

@bodik
Copy link
Owner

bodik commented May 17, 2023

@bodik Good point. I've updated it to use CBOR for byte-serialization instead

excelent, thank you

@bodik bodik changed the base branch from master to devel June 8, 2023 20:37
YSaxon and others added 3 commits June 9, 2023 13:58
@YSaxon @bodik
add serialization methods
8c4a52d
@YSaxon @bodik
add test_serialization
c910521
@bodik
tests: silence deprecation warning for fido2.features.webauthn_json_m…
47efdd2 
…apping.enabled

future function would change currently expected data representation

```
  You are using deprecated functionality which will change in the next major version of
  ...
  This changes the keys and values used by the webauthn data classes when accessed using
  the Mapping (dict) interface (eg. user_entity["id"] and the from_dict() methods) to be
  JSON-friendly and align with the current draft of the next WebAuthn Level specification.
  For the most part, this means that binary values (bytes) are represented as URL-safe
  base64 encoded strings instead.
```

also concerns
bodik#13
@bodik
Copy link
Owner

bodik commented Jun 9, 2023

@YSaxon I've made some changes and squashes. would you review the current PR please ?

@bodik bodik mentioned this pull request Jun 9, 2023
Open
@bodik
Copy link
Owner

bodik commented Jul 25, 2023

@YSaxon ping, still interested in this ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@YSaxon @bodik