The authoritative up-to-date version of the sign extension is WebAuthn PR #2078.
See the rendered preview linked in the pull request.
NOTE: This is a draft of a work in progress and not implementation ready. All parts of this draft are subject to change.
Authors: Emil Lundberg (Yubico), John Bradley (Yubico)
These extensions enable Relying Parties to sign arbitrary data and use key encapsulation mechanisms (KEM) using public key protocols with private keys held by the WebAuthn authenticator.
Moved to WebAuthn PR #2078 as noted above.
TODO: Spell out the whole extension once details are settled.
TODO: What about encryption export laws etc? Not new to YubiKey, but new to FIDO.
Mostly analogous to the sign extension,
but outputting the result of a Key Encapsulation Mechanism (KEM) -
for example, a Diffie-Hellman exchange - instead of a signature.
Instead of the input tbs: BufferSource there's an input publicKey: COSEKey with the decapsulation public key,
and instead of the output signature: BufferSource there's an output okm: BufferSource containing the decapsulation result.
ISSUE: Apply a KDF step to okm before returning from the authenticator?
ISSUE: KEM output may need to be wrapped somehow so it can be securely transported to the RP server if needed?