3Şub
Risks with OpenSSL verifying a signature with un-trusted PEM encoded public key
If a website user wants to use WebAuthn, they will start by creating a credential, where their authentication device provides a public key.
This key is encoded, and sent back to the server to store against their account.
Later, when the …