diff --git a/share/translations/keepassxc_en.ts b/share/translations/keepassxc_en.ts
index 4427ca4882..9bd195fc80 100644
--- a/share/translations/keepassxc_en.ts
+++ b/share/translations/keepassxc_en.ts
@@ -8232,6 +8232,38 @@ This options is deprecated, use --set-key-file instead.
Passkeys
+
+ Attestation not supported
+
+
+
+ Credential is excluded
+
+
+
+ Passkeys request canceled
+
+
+
+ Invalid user verification
+
+
+
+ Empty public key
+
+
+
+ Invalid URL provided
+
+
+
+ Resident Keys are not supported
+
+
+
+ Access to all entries is denied
+
+
allow screenshots and app recording (Windows/macOS)
diff --git a/src/browser/BrowserMessageBuilder.cpp b/src/browser/BrowserMessageBuilder.cpp
index 41d3cfe8f2..bbae928d21 100644
--- a/src/browser/BrowserMessageBuilder.cpp
+++ b/src/browser/BrowserMessageBuilder.cpp
@@ -126,6 +126,22 @@ QString BrowserMessageBuilder::getErrorMessage(const int errorCode) const
return QObject::tr("Cannot create new group");
case ERROR_KEEPASS_NO_VALID_UUID_PROVIDED:
return QObject::tr("No valid UUID provided");
+ case ERROR_KEEPASS_ACCESS_TO_ALL_ENTRIES_DENIED:
+ return QObject::tr("Access to all entries is denied");
+ case ERROR_PASSKEYS_ATTESTATION_NOT_SUPPORTED:
+ return QObject::tr("Attestation not supported");
+ case ERROR_PASSKEYS_CREDENTIAL_IS_EXCLUDED:
+ return QObject::tr("Credential is excluded");
+ case ERROR_PASSKEYS_REQUEST_CANCELED:
+ return QObject::tr("Passkeys request canceled");
+ case ERROR_PASSKEYS_INVALID_USER_VERIFICATION:
+ return QObject::tr("Invalid user verification");
+ case ERROR_PASSKEYS_EMPTY_PUBLIC_KEY:
+ return QObject::tr("Empty public key");
+ case ERROR_PASSKEYS_INVALID_URL_PROVIDED:
+ return QObject::tr("Invalid URL provided");
+ case ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED:
+ return QObject::tr("Resident Keys are not supported");
default:
return QObject::tr("Unknown error");
}
diff --git a/src/browser/BrowserMessageBuilder.h b/src/browser/BrowserMessageBuilder.h
index b9e172380b..9b6474d198 100644
--- a/src/browser/BrowserMessageBuilder.h
+++ b/src/browser/BrowserMessageBuilder.h
@@ -54,7 +54,8 @@ namespace
ERROR_PASSKEYS_REQUEST_CANCELED = 22,
ERROR_PASSKEYS_INVALID_USER_VERIFICATION = 23,
ERROR_PASSKEYS_EMPTY_PUBLIC_KEY = 24,
- ERROR_PASSKEYS_INVALID_URL_PROVIDED = 25
+ ERROR_PASSKEYS_INVALID_URL_PROVIDED = 25,
+ ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED = 26,
};
}
diff --git a/src/browser/BrowserService.cpp b/src/browser/BrowserService.cpp
index 484a9d21e0..bfd91a4eac 100644
--- a/src/browser/BrowserService.cpp
+++ b/src/browser/BrowserService.cpp
@@ -580,13 +580,19 @@ QJsonObject BrowserService::showPasskeysRegisterPrompt(const QJsonObject& public
const auto excludeCredentials = publicKey["excludeCredentials"].toArray();
const auto attestation = publicKey["attestation"].toString();
+ // Check Resident Key requirement
+ const auto authenticatorSelection = publicKey["authenticatorSelection"].toObject();
+ const auto requireResidentKey = authenticatorSelection["requireResidentKey"].toBool();
+ if (requireResidentKey) {
+ return getPasskeyError(ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED);
+ }
+
// Only support these two for now
if (attestation != BrowserPasskeys::PASSKEYS_ATTESTATION_NONE
&& attestation != BrowserPasskeys::PASSKEYS_ATTESTATION_DIRECT) {
return getPasskeyError(ERROR_PASSKEYS_ATTESTATION_NOT_SUPPORTED);
}
- const auto authenticatorSelection = publicKey["authenticatorSelection"].toObject();
const auto userVerification = authenticatorSelection["userVerification"].toString();
if (!browserPasskeys()->isUserVerificationValid(userVerification)) {
return getPasskeyError(ERROR_PASSKEYS_INVALID_USER_VERIFICATION);