Skip to content

Darks FIDO2 0.6.2

Pre-release
Pre-release

Choose a tag to compare

@darkbyte-JS darkbyte-JS released this 17 Jul 13:44

Darks FIDO2 0.6.2

This release hardens the two remaining protocol boundaries: CTAP CBOR processing and the Windows WebAuthn health-check flow.

  • Requires user verification for both registration and assertion ceremonies.
  • Saves each registered ES256 public key and verifies assertion signatures locally.
  • Verifies RP-ID binding, credential identity, UP/UV/AT/ED and backup flags, signature presence, and signature-counter progression.
  • Enforces CTAP2 canonical CBOR, including minimal encodings, sorted map keys, structural duplicate detection, strict UTF-8, definite lengths, and resource limits.
  • Corrects AAGUID byte order and validates native counts, pointers, identifiers, and temporary allocation cleanup.
  • Backfills public keys for Darks FIDO2 virtual credentials. Older Windows Hello or external credentials must be re-registered before cryptographic health verification.

Validation: the Release solution builds with zero compiler warnings/errors; the expanded security regression harness passes 20/20 on TPM 2.0; locked NuGet dependencies report no known vulnerable packages.

Distribution note: the attached development build is signed by the self-signed CN=Darks FIDO2 Development certificate and is published as a pre-release. It does not have public CA trust or SmartScreen reputation. Setup does not install certificates into a trusted store.

Downloads

  • Installed build: DarksFIDO2-Setup.exe
  • Portable build: DarksFIDO2-Portable.zip
  • Windows passkey provider: DarksFIDO2.Provider.msix
  • Verify every download with SHA256SUMS.txt.

Target source commit: 4a1f144ef6a3c8a1c4fd5d4639a9b3df875e3de8