Scroll to navigation

FIDO_CRED_VERIFY(3) Library Functions Manual FIDO_CRED_VERIFY(3)


fido_cred_verifyverifies the signature of a FIDO 2 credential


#include <fido.h>

fido_cred_verify(const fido_cred_t *cred);


The () function verifies whether the signature contained in cred matches the attributes of the credential. Before using fido_cred_verify() in a sensitive context, the reader is strongly encouraged to make herself familiar with the FIDO 2 credential attestation process as defined in the Web Authentication (webauthn) standard.

A brief description follows:

The () function verifies whether the client data hash, relying party ID, credential ID, type, and resident/discoverable key and user verification attributes of cred have been attested by the holder of the private counterpart of the public key contained in the credential's x509 certificate.

Please note that the x509 certificate itself is not verified.

The attestation statement formats supported by () are and . The attestation type implemented by fido_cred_verify() is . The attestation key pair is assumed to be of the type ES256. Other attestation formats and types are not supported.


The error codes returned by fido_cred_verify() are defined in <fido/err.h>. If cred passes verification, then FIDO_OK is returned.


fido_cred_new(3), fido_cred_set_authdata(3)

May 23, 2018 Debian