Fido2NetLib.Fido2VerificationException: SafetyNet response security token validation failed when attempting to register from android device.

[lycandroid]

Hi, can anyone give me any clues on this error please.

I get the error when trying to call fido2.MakeNewCredentialAsync. The error only happens when trying to register on an android device. It works ok when I use windows hello on a windows device.

Registration failed:System.AggregateException: One or more errors occurred. ---> Fido2NetLib.Fido2VerificationException: SafetyNet response security token validation failed ---> Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10503: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.RsaSecurityKey , KeyId:
Microsoft.IdentityModel.Tokens.RsaSecurityKey , KeyId:
Microsoft.IdentityModel.Tokens.RsaSecurityKey , KeyId:
'.
Exceptions caught:
'System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at System.Security.Cryptography.RSA.VerifyData(Byte[] data, Byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Delegate.DynamicInvokeImpl(Object[] args)
at Microsoft.IdentityModel.Tokens.AsymmetricAdapter.<>c__DisplayClass49_0.b__0(RSA rsaArg, Byte[] dataArg, Byte[] signatureArg, String algorithmArg)
at Microsoft.IdentityModel.Tokens.AsymmetricAdapter.Pkcs1VerifyData(Byte[] input, Byte[] signature)
at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.Verify(Byte[] input, Byte[] signature)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at System.Security.Cryptography.RSA.VerifyData(Byte[] data, Byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Delegate.DynamicInvokeImpl(Object[] args)
at Microsoft.IdentityModel.Tokens.AsymmetricAdapter.<>c__DisplayClass49_0.b__0(RSA rsaArg, Byte[] dataArg, Byte[] signatureArg, String algorithmArg)
at Microsoft.IdentityModel.Tokens.AsymmetricAdapter.Pkcs1VerifyData(Byte[] input, Byte[] signature)
at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.Verify(Byte[] input, Byte[] signature)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at System.Security.Cryptography.RSA.VerifyData(Byte[] data, Byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Delegate.DynamicInvokeImpl(Object[] args)
at Microsoft.IdentityModel.Tokens.AsymmetricAdapter.<>c__DisplayClass49_0.b__0(RSA rsaArg, Byte[] dataArg, Byte[] signatureArg, String algorithmArg)
at Microsoft.IdentityModel.Tokens.AsymmetricAdapter.Pkcs1VerifyData(Byte[] input, Byte[] signature)
at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.Verify(Byte[] input, Byte[] signature)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
'.
token: '{"alg":"RS256","x5c":["MIIFbjCCBFagAwIBAgIQAa3OKOdoTY4QAAAAAA3XXDANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFENDAeFw0yMjAzMjAyMTE1MjFaFw0yMjA2MTgyMTE1MjBaMB0xGzAZBgNVBAMTEmF0dGVzdC5hbmRyb2lkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALmqLBXV4CZA5sT5cTfuXcw11WD2YUW3eAJvdq+XIbHDgMNMBrsx/XDx6Lm9OmJCU4vCpWIN4WCH20T9Ofe6HdyNvEei3zhlzN0Z/YTyoTepWp5H/mrnGosSsmpJu45w9RXnnJlIkG59t3tWRhasYenFcHecFhlmhvnTBtGkMUoEFDFgjymgkpQGd2lhiOXXbp315IyFlGTTZo4DAa6b0zvTfP9uzGQIdxfksyMIFfbCaWzN3OjpumR00x6IVcd7r9Lo9PeUl9kozr8Eh4CY/OB+D9Q/V6xEZbTsGyw4iAqCKo14CEzCEQH0FVY45pX7ob+mhf/ZJmcs/MxnVFnLzl0CAwEAAaOCAn8wggJ7MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT9R7gmOeD1vZQVCHc0TthvOYi39DAfBgNVHSMEGDAWgBQl4hgOsleRlCrl1F2GkIPeU7O4kjB7BggrBgEFBQcBAQRvMG0wOAYIKwYBBQUHMAGGLGh0dHA6Ly9vY3NwLnBraS5nb29nL3MvZ3RzMWQ0aW50L3hOLV8wdDN3WTkwMDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMxZDQuZGVyMB0GA1UdEQQWMBSCEmF0dGVzdC5hbmRyb2lkLmNvbTAhBgNVHSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9jcmxzLnBraS5nb29nL2d0czFkNGludC9YMkoySHJfN1BpTS5jcmwwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgBRo7D1/QF5nFZtuDd4jwykeswbJ8v3nohCmg3+1IsF5QAAAX+pZkJrAAAEAwBHMEUCIQCodVFzOCUnluQS0t0oGuA3vVEGFqob8IRbCpYy7UfcAQIgF/MeURtoD7QkhXBN0uriCtL/LCl1msDNhZ1m1HJxJQoAdgApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAX+pZkJYAAAEAwBHMEUCIQCZoEmAo74R+FOJPyRKbI2E+6KCX6AuXmhfsWkhtiAKagIgZuvfHqA6POl3BdWteSYxO06BcpOwTa5z65jJL4tLDrIwDQYJKoZIhvcNAQELBQADggEBADIp/wnQlfq7uVzt570yQE2NAP5j8y8asYhJMw+Q0Xgs6kzjfzF/h79ZfFXK98wARaVr6jeRAz6cq8qEH1O2BD9x5DCOTg2qrSgJWbMNUZDyMuzFerCa279hBIPUpj784aGlajxcc7TtXHzZrxflc4wPsgbgCkpwuj6j0jwC67Q4bk9UX+3qpl72aJ2zVo1fOk7SFpI58F3I/W8nI/kcpoPop2B6J1GtqMDHFprstgeJLlY3Aefej2yoEwu2j2+c1/J6wH5xadDKxg3Nvh2+xhZRFZoATb2e6Ysx4R0BtyeX4HZMg48QaBN47lAxAcg4uaSjG//BHWN34pMEacIxGN0=","MIIFjDCCA3SgAwIBAgINAgCOsgIzNmWLZM3bmzANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjAwODEzMDAwMDQyWhcNMjcwOTMwMDAwMDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFENDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKvAqqPCE27l0w9zC8dTPIE89bA+xTmDaG7y7VfQ4c+mOWhlUebUQpK0yv2r678RJExK0HWDjeq+nLIHN1Em5j6rARZixmyRSjhIR0KOQPGBMUldsaztIIJ7O0g/82qj/vGDl//3t4tTqxiRhLQnTLXJdeB+2DhkdU6IIgx6wN7E5NcUH3Rcsejcqj8p5Sj19vBm6i1FhqLGymhMFroWVUGO3xtIH91dsgy4eFKcfKVLWK3o2190Q0Lm/SiKmLbRJ5Au4y1euFJm2JM9eB84Fkqa3ivrXWUeVtye0CQdKvsY2FkazvxtxvusLJzLWYHk55zcRAacDA2SeEtBbQfD1qsCAwEAAaOCAXYwggFyMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUJeIYDrJXkZQq5dRdhpCD3lOzuJIwHwYDVR0jBBgwFoAU5K8rJnEaK0gnhS9SZizv8IkTcT4waAYIKwYBBQUHAQEEXDBaMCYGCCsGAQUFBzABhhpodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHNyMTAwBggrBgEFBQcwAoYkaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzcjEuZGVyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwucGtpLmdvb2cvZ3RzcjEvZ3RzcjEuY3JsME0GA1UdIARGMEQwCAYGZ4EMAQIBMDgGCisGAQQB1nkCBQMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAgEAIVToy24jwXUr0rAPc924vuSVbKQuYw3nLflLfLh5AYWEeVl/Du18QAWUMdcJ6o/qFZbhXkBH0PNcw97thaf2BeoDYY9Ck/b+UGluhx06zd4EBf7H9P84nnrwpR+4GBDZK+Xh3I0tqJy2rgOqNDflr5IMQ8ZTWA3yltakzSBKZ6XpF0PpqyCRvp/NCGv2KX2TuPCJvscp1/m2pVTtyBjYPRQ+QuCQGAJKjtN7R5DFrfTqMWvYgVlpCJBkwlu7+7KY3cTIfzE7cmALskMKNLuDz+RzCcsYTsVaU7Vp3xL60OYhqFkuAOOxDZ6pHOj9+OJmYgPmOT4X3+7L51fXJyRH9KfLRP6nT31D5nmsGAOgZ26/8T9hsBW1uo9ju5fZLZXVVS5H0HyIBMEKyGMIPhFWrlt/hFS28N1zaKI0ZBGD3gYgDLbiDT9fGXstpk+Fmc4olVlWPzXe81vdoEnFbr5M272HdgJWo+WhT9BYM0Ji+wdVmnRffXgloEoluTNcWzc41dFpgJu8fF3LG0gl2ibSYiCi9a6hvU0TppjJyIWXhkJTcMJlPrWx1VytEUGrX2l0JDwRjW/656r0KVB02xHRKvm2ZKI03TglLIpmVCK3kBKkKNpBNkFt8rhafcCKOb9Jx/9tpNFlQTl7B39rJlJWkR17QnZqVptFePFORoZmFzM=","MIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ/E8FjTDTANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UECxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYxOTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y/lD63ladAPKH9gvl9MgaCcfb2jH/76Nu8ai6Xl6OMS/kr9rH5zoQdsfnFl97vufKj6bwSiV6nqlKr+CMny6SxnGPb15l+8Ape62im9MZaRw1NEDPjTrETo8gYbEvs/AmQ351kKSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6z1kZ1q+PsAewnjHxgsHA3y6mbWwZDrXYfiYaRQM9sHmklCitD38m5agI/pboPGiUU+6DOogrFZYJsuB6jC511pzrp1Zkj5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8UpmvMrUpsyUqtEj5cuHKZPfmghCN6J3Cioj6OGaK/GP5Afl4/Xtcd/p2h/rs37EOeZVXtL0m79YB0esWCruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499iYH6TKX/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35EiEua++tgy/BBjFFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbapsZWwpbkNFhHax2xIPEDgfg1azVY80ZcFuctL7TlLnMQ/0lUTbiSw1nH69MG6zO0b9f6BQdgAmD06yK56mDcYBZUCAwEAAaOCATgwggE0MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTkrysmcRorSCeFL1JmLO/wiRNxPjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzBgBggrBgEFBQcBAQRUMFIwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjEwKQYIKwYBBQUHMAKGHWh0dHA6Ly9wa2kuZ29vZy9nc3IxL2dzcjEuY3J0MDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMS9nc3IxLmNybDA7BgNVHSAENDAyMAgGBmeBDAECATAIBgZngQwBAgIwDQYLKwYBBAHWeQIFAwIwDQYLKwYBBAHWeQIFAwMwDQYJKoZIhvcNAQELBQADggEBADSkHrEoo9C0dhemMXoh6dFSPsjbdBZBiLg9NR3t5P+T4Vxfq7vqfM/b5A3Ri1fyJm9bvhdGaJQ3b2t6yMAYN/olUazsaL+yyEn9WprKASOshIArAoyZl+tJaox118fessmXn1hIVw41oeQa1v1vg4Fv74zPl6/AhSrw9U5pCZEt4Wi4wStz6dTZ/CLANx8LZh1J7QJVj2fhMtfTJr9w4z30Z209fOU0iOMy+qduBmpvvYuR7hZL6Dupszfnw0Skfths18dG9ZKb59UhvmaSGZRVbNQpsg3BZlvid0lIKO2d1xozclOzgjXPYovJJIultzkMu34qQb9Sz/yilrbCgj8="]}.{"nonce":"snogGpQE+rmtSohYVDd2wKu9kbsBdffpnzVRU5BbMQY=","timestampMs":1648818894632,"apkPackageName":"com.google.android.gms","apkDigestSha256":"C2tcgScaPXVO/APPF/YaRO7eiqeic27AgL7ug9dtVUw=","ctsProfileMatch":true,"apkCertificateDigestSha256":["8P1sW0EPJcslw7UzRsiXL64w+O50Ed+RBICtay1g24M="],"basicIntegrity":true,"evaluationType":"BASIC,HARDWARE_BACKED"}'.
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Fido2NetLib.AndroidSafetyNet.Verify()
--- End of inner exception stack trace ---
at Fido2NetLib.AndroidSafetyNet.Verify()
at Fido2NetLib.AuthenticatorAttestationResponse.d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Fido2NetLib.Fido2.d__6.MoveNext()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at SummitWeb.PkAuth.Register(String credential, CredentialCreateOptions options, String BESGroup, String& error)
---> (Inner Exception #0) Fido2NetLib.Fido2VerificationException: SafetyNet response security token validation failed ---> Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10503: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.RsaSecurityKey , KeyId:
Microsoft.IdentityModel.Tokens.RsaSecurityKey , KeyId:
Microsoft.IdentityModel.Tokens.RsaSecurityKey , KeyId:
'.
Exceptions caught:
'System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at System.Security.Cryptography.RSA.VerifyData(Byte[] data, Byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Delegate.DynamicInvokeImpl(Object[] args)
at Microsoft.IdentityModel.Tokens.AsymmetricAdapter.<>c__DisplayClass49_0.b__0(RSA rsaArg, Byte[] dataArg, Byte[] signatureArg, String algorithmArg)
at Microsoft.IdentityModel.Tokens.AsymmetricAdapter.Pkcs1VerifyData(Byte[] input, Byte[] signature)
at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.Verify(Byte[] input, Byte[] signature)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at System.Security.Cryptography.RSA.VerifyData(Byte[] data, Byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Delegate.DynamicInvokeImpl(Object[] args)
at Microsoft.IdentityModel.Tokens.AsymmetricAdapter.<>c__DisplayClass49_0.b__0(RSA rsaArg, Byte[] dataArg, Byte[] signatureArg, String algorithmArg)
at Microsoft.IdentityModel.Tokens.AsymmetricAdapter.Pkcs1VerifyData(Byte[] input, Byte[] signature)
at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.Verify(Byte[] input, Byte[] signature)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at System.Security.Cryptography.RSA.VerifyData(Byte[] data, Byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Delegate.DynamicInvokeImpl(Object[] args)
at Microsoft.IdentityModel.Tokens.AsymmetricAdapter.<>c__DisplayClass49_0.b__0(RSA rsaArg, Byte[] dataArg, Byte[] signatureArg, String algorithmArg)
at Microsoft.IdentityModel.Tokens.AsymmetricAdapter.Pkcs1VerifyData(Byte[] input, Byte[] signature)
at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.Verify(Byte[] input, Byte[] signature)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
'.
token: '{"alg":"RS256","x5c":["MIIFbjCCBFagAwIBAgIQAa3OKOdoTY4QAAAAAA3XXDANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFENDAeFw0yMjAzMjAyMTE1MjFaFw0yMjA2MTgyMTE1MjBaMB0xGzAZBgNVBAMTEmF0dGVzdC5hbmRyb2lkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALmqLBXV4CZA5sT5cTfuXcw11WD2YUW3eAJvdq+XIbHDgMNMBrsx/XDx6Lm9OmJCU4vCpWIN4WCH20T9Ofe6HdyNvEei3zhlzN0Z/YTyoTepWp5H/mrnGosSsmpJu45w9RXnnJlIkG59t3tWRhasYenFcHecFhlmhvnTBtGkMUoEFDFgjymgkpQGd2lhiOXXbp315IyFlGTTZo4DAa6b0zvTfP9uzGQIdxfksyMIFfbCaWzN3OjpumR00x6IVcd7r9Lo9PeUl9kozr8Eh4CY/OB+D9Q/V6xEZbTsGyw4iAqCKo14CEzCEQH0FVY45pX7ob+mhf/ZJmcs/MxnVFnLzl0CAwEAAaOCAn8wggJ7MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT9R7gmOeD1vZQVCHc0TthvOYi39DAfBgNVHSMEGDAWgBQl4hgOsleRlCrl1F2GkIPeU7O4kjB7BggrBgEFBQcBAQRvMG0wOAYIKwYBBQUHMAGGLGh0dHA6Ly9vY3NwLnBraS5nb29nL3MvZ3RzMWQ0aW50L3hOLV8wdDN3WTkwMDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMxZDQuZGVyMB0GA1UdEQQWMBSCEmF0dGVzdC5hbmRyb2lkLmNvbTAhBgNVHSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9jcmxzLnBraS5nb29nL2d0czFkNGludC9YMkoySHJfN1BpTS5jcmwwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgBRo7D1/QF5nFZtuDd4jwykeswbJ8v3nohCmg3+1IsF5QAAAX+pZkJrAAAEAwBHMEUCIQCodVFzOCUnluQS0t0oGuA3vVEGFqob8IRbCpYy7UfcAQIgF/MeURtoD7QkhXBN0uriCtL/LCl1msDNhZ1m1HJxJQoAdgApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAX+pZkJYAAAEAwBHMEUCIQCZoEmAo74R+FOJPyRKbI2E+6KCX6AuXmhfsWkhtiAKagIgZuvfHqA6POl3BdWteSYxO06BcpOwTa5z65jJL4tLDrIwDQYJKoZIhvcNAQELBQADggEBADIp/wnQlfq7uVzt570yQE2NAP5j8y8asYhJMw+Q0Xgs6kzjfzF/h79ZfFXK98wARaVr6jeRAz6cq8qEH1O2BD9x5DCOTg2qrSgJWbMNUZDyMuzFerCa279hBIPUpj784aGlajxcc7TtXHzZrxflc4wPsgbgCkpwuj6j0jwC67Q4bk9UX+3qpl72aJ2zVo1fOk7SFpI58F3I/W8nI/kcpoPop2B6J1GtqMDHFprstgeJLlY3Aefej2yoEwu2j2+c1/J6wH5xadDKxg3Nvh2+xhZRFZoATb2e6Ysx4R0BtyeX4HZMg48QaBN47lAxAcg4uaSjG//BHWN34pMEacIxGN0=","MIIFjDCCA3SgAwIBAgINAgCOsgIzNmWLZM3bmzANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjAwODEzMDAwMDQyWhcNMjcwOTMwMDAwMDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFENDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKvAqqPCE27l0w9zC8dTPIE89bA+xTmDaG7y7VfQ4c+mOWhlUebUQpK0yv2r678RJExK0HWDjeq+nLIHN1Em5j6rARZixmyRSjhIR0KOQPGBMUldsaztIIJ7O0g/82qj/vGDl//3t4tTqxiRhLQnTLXJdeB+2DhkdU6IIgx6wN7E5NcUH3Rcsejcqj8p5Sj19vBm6i1FhqLGymhMFroWVUGO3xtIH91dsgy4eFKcfKVLWK3o2190Q0Lm/SiKmLbRJ5Au4y1euFJm2JM9eB84Fkqa3ivrXWUeVtye0CQdKvsY2FkazvxtxvusLJzLWYHk55zcRAacDA2SeEtBbQfD1qsCAwEAAaOCAXYwggFyMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUJeIYDrJXkZQq5dRdhpCD3lOzuJIwHwYDVR0jBBgwFoAU5K8rJnEaK0gnhS9SZizv8IkTcT4waAYIKwYBBQUHAQEEXDBaMCYGCCsGAQUFBzABhhpodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHNyMTAwBggrBgEFBQcwAoYkaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzcjEuZGVyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwucGtpLmdvb2cvZ3RzcjEvZ3RzcjEuY3JsME0GA1UdIARGMEQwCAYGZ4EMAQIBMDgGCisGAQQB1nkCBQMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAgEAIVToy24jwXUr0rAPc924vuSVbKQuYw3nLflLfLh5AYWEeVl/Du18QAWUMdcJ6o/qFZbhXkBH0PNcw97thaf2BeoDYY9Ck/b+UGluhx06zd4EBf7H9P84nnrwpR+4GBDZK+Xh3I0tqJy2rgOqNDflr5IMQ8ZTWA3yltakzSBKZ6XpF0PpqyCRvp/NCGv2KX2TuPCJvscp1/m2pVTtyBjYPRQ+QuCQGAJKjtN7R5DFrfTqMWvYgVlpCJBkwlu7+7KY3cTIfzE7cmALskMKNLuDz+RzCcsYTsVaU7Vp3xL60OYhqFkuAOOxDZ6pHOj9+OJmYgPmOT4X3+7L51fXJyRH9KfLRP6nT31D5nmsGAOgZ26/8T9hsBW1uo9ju5fZLZXVVS5H0HyIBMEKyGMIPhFWrlt/hFS28N1zaKI0ZBGD3gYgDLbiDT9fGXstpk+Fmc4olVlWPzXe81vdoEnFbr5M272HdgJWo+WhT9BYM0Ji+wdVmnRffXgloEoluTNcWzc41dFpgJu8fF3LG0gl2ibSYiCi9a6hvU0TppjJyIWXhkJTcMJlPrWx1VytEUGrX2l0JDwRjW/656r0KVB02xHRKvm2ZKI03TglLIpmVCK3kBKkKNpBNkFt8rhafcCKOb9Jx/9tpNFlQTl7B39rJlJWkR17QnZqVptFePFORoZmFzM=","MIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ/E8FjTDTANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UECxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYxOTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y/lD63ladAPKH9gvl9MgaCcfb2jH/76Nu8ai6Xl6OMS/kr9rH5zoQdsfnFl97vufKj6bwSiV6nqlKr+CMny6SxnGPb15l+8Ape62im9MZaRw1NEDPjTrETo8gYbEvs/AmQ351kKSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6z1kZ1q+PsAewnjHxgsHA3y6mbWwZDrXYfiYaRQM9sHmklCitD38m5agI/pboPGiUU+6DOogrFZYJsuB6jC511pzrp1Zkj5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8UpmvMrUpsyUqtEj5cuHKZPfmghCN6J3Cioj6OGaK/GP5Afl4/Xtcd/p2h/rs37EOeZVXtL0m79YB0esWCruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499iYH6TKX/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35EiEua++tgy/BBjFFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbapsZWwpbkNFhHax2xIPEDgfg1azVY80ZcFuctL7TlLnMQ/0lUTbiSw1nH69MG6zO0b9f6BQdgAmD06yK56mDcYBZUCAwEAAaOCATgwggE0MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTkrysmcRorSCeFL1JmLO/wiRNxPjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzBgBggrBgEFBQcBAQRUMFIwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjEwKQYIKwYBBQUHMAKGHWh0dHA6Ly9wa2kuZ29vZy9nc3IxL2dzcjEuY3J0MDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMS9nc3IxLmNybDA7BgNVHSAENDAyMAgGBmeBDAECATAIBgZngQwBAgIwDQYLKwYBBAHWeQIFAwIwDQYLKwYBBAHWeQIFAwMwDQYJKoZIhvcNAQELBQADggEBADSkHrEoo9C0dhemMXoh6dFSPsjbdBZBiLg9NR3t5P+T4Vxfq7vqfM/b5A3Ri1fyJm9bvhdGaJQ3b2t6yMAYN/olUazsaL+yyEn9WprKASOshIArAoyZl+tJaox118fessmXn1hIVw41oeQa1v1vg4Fv74zPl6/AhSrw9U5pCZEt4Wi4wStz6dTZ/CLANx8LZh1J7QJVj2fhMtfTJr9w4z30Z209fOU0iOMy+qduBmpvvYuR7hZL6Dupszfnw0Skfths18dG9ZKb59UhvmaSGZRVbNQpsg3BZlvid0lIKO2d1xozclOzgjXPYovJJIultzkMu34qQb9Sz/yilrbCgj8="]}.{"nonce":"snogGpQE+rmtSohYVDd2wKu9kbsBdffpnzVRU5BbMQY=","timestampMs":1648818894632,"apkPackageName":"com.google.android.gms","apkDigestSha256":"C2tcgScaPXVO/APPF/YaRO7eiqeic27AgL7ug9dtVUw=","ctsProfileMatch":true,"apkCertificateDigestSha256":["8P1sW0EPJcslw7UzRsiXL64w+O50Ed+RBICtay1g24M="],"basicIntegrity":true,"evaluationType":"BASIC,HARDWARE_BACKED"}'.
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Fido2NetLib.AndroidSafetyNet.Verify()
--- End of inner exception stack trace ---
at Fido2NetLib.AndroidSafetyNet.Verify()
at Fido2NetLib.AuthenticatorAttestationResponse.d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Fido2NetLib.Fido2.d__6.MoveNext()<---

Many thanks.

[aseigler]

I tried to reproduce this, but I am unable to with the current build. Which version of the library are you using? I don't see anything immediately wrong with the data in the token supplied, not real sure what's happening here.

[lycandroid]

Thanks for taking a look. I am using v2.0.2 via nuget. The only somewhat unusual thing is that this is for a classic asp.net website, i.e. not a web application, and is not using MVC. I couldn't see why that would matter, but worth stating anyway.

Possibly stating the obvious, but the error doesn't happen if I switch off attestation, i.e. using AttestationConveyancePreference.None on the RequestNewCredential call

fido2.RequestNewCredential(user, existingKeys, AuthenticatorSelection.Default, AttestationConveyancePreference.None);

We've decided that, in our case, we don't actually need attestation, so the problem has gone away as it happens.

[abergs]

While only slightly related to this issue, we should probably improve documentation to instruct people to turn of attestation. Very few actually need it, and those who do probably already know to turn it on and verify.

[aseigler]

Yeah, we should probably make this configurable.