From 4ffac949ee2fb72f9a479dbcad9574a0848459de Mon Sep 17 00:00:00 2001 From: Leendert de Borst Date: Wed, 1 Oct 2025 13:33:45 +0200 Subject: [PATCH] Set signCount to 0 (#520) --- .../src/entrypoints/background/PasskeyHandler.ts | 14 ++++---------- .../popup/pages/passkeys/PasskeyAuthenticate.tsx | 15 ++++----------- .../popup/pages/passkeys/PasskeyCreate.tsx | 1 + 3 files changed, 9 insertions(+), 21 deletions(-) diff --git a/apps/browser-extension/src/entrypoints/background/PasskeyHandler.ts b/apps/browser-extension/src/entrypoints/background/PasskeyHandler.ts index 0cb475ef7..2156dbd2f 100644 --- a/apps/browser-extension/src/entrypoints/background/PasskeyHandler.ts +++ b/apps/browser-extension/src/entrypoints/background/PasskeyHandler.ts @@ -258,25 +258,19 @@ export async function handleStorePasskey(data: { } /** - * Update passkey last used time and sign count + * Update passkey last used time (sign count always remains 0 for cross-device sync compatibility) */ export async function handleUpdatePasskeyLastUsed(data: { credentialId: string; - newSignCount?: number; }): Promise<{ success: boolean }> { - const { credentialId, newSignCount } = data; + const { credentialId } = data; // Find and update the passkey for (const [key, passkey] of sessionPasskeys.entries()) { if (passkey.credentialId === credentialId) { passkey.lastUsedAt = Date.now(); - - // Update sign count - either use provided value or increment - if (newSignCount !== undefined) { - passkey.signCount = newSignCount; - } else { - passkey.signCount++; - } + // Sign count always remains 0 for cross-device sync compatibility + passkey.signCount = 0; sessionPasskeys.set(key, passkey); diff --git a/apps/browser-extension/src/entrypoints/popup/pages/passkeys/PasskeyAuthenticate.tsx b/apps/browser-extension/src/entrypoints/popup/pages/passkeys/PasskeyAuthenticate.tsx index 2f75b4d57..ef0af42be 100644 --- a/apps/browser-extension/src/entrypoints/popup/pages/passkeys/PasskeyAuthenticate.tsx +++ b/apps/browser-extension/src/entrypoints/popup/pages/passkeys/PasskeyAuthenticate.tsx @@ -104,14 +104,8 @@ const PasskeyAuthenticate: React.FC = () => { // Flags: UP (User Present) = 1, UV (User Verified) = 1 const flags = new Uint8Array([0x05]); // Binary: 00000101 - // Sign count - increment from stored value (must increase on each use to detect cloned authenticators) - const newSignCount = (passkeyData.signCount || 0) + 1; - const signCount = new Uint8Array([ - (newSignCount >> 24) & 0xff, - (newSignCount >> 16) & 0xff, - (newSignCount >> 8) & 0xff, - newSignCount & 0xff - ]); + // Sign count always 0 - disabled to ensure compatibility when syncing passkeys across devices + const signCount = new Uint8Array([0, 0, 0, 0]); // Construct authenticatorData (37 bytes minimum) const authenticatorData = new Uint8Array([ @@ -195,10 +189,9 @@ const PasskeyAuthenticate: React.FC = () => { userHandle: null }; - // Update last used and sign count + // Update last used timestamp await sendMessage('UPDATE_PASSKEY_LAST_USED', { - credentialId: selectedPasskey, - newSignCount + credentialId: selectedPasskey }, 'background'); // Send response back diff --git a/apps/browser-extension/src/entrypoints/popup/pages/passkeys/PasskeyCreate.tsx b/apps/browser-extension/src/entrypoints/popup/pages/passkeys/PasskeyCreate.tsx index 0e14dd196..7508f5168 100644 --- a/apps/browser-extension/src/entrypoints/popup/pages/passkeys/PasskeyCreate.tsx +++ b/apps/browser-extension/src/entrypoints/popup/pages/passkeys/PasskeyCreate.tsx @@ -103,6 +103,7 @@ const PasskeyCreate: React.FC = () => { // Flags: UP (User Present) = 1, UV (User Verified) = 1, AT (Attested Credential Data) = 1 const flags = new Uint8Array([0x45]); // Binary: 01000101 + // Sign count always 0 - disabled to ensure compatibility when syncing passkeys across devices const signCount = new Uint8Array([0, 0, 0, 0]); const aaguid = new Uint8Array(16); // All zeros for this implementation