Add some notes

2 files changed, 8 insertions, 0 deletions

diff --git a/packages/server/src/helpers/iso/isoCrypto/verifyEC2.ts b/packages/server/src/helpers/iso/isoCrypto/verifyEC2.ts
index 02cea5f..3b4fbe4 100644
--- a/packages/server/src/helpers/iso/isoCrypto/verifyEC2.ts
+++ b/packages/server/src/helpers/iso/isoCrypto/verifyEC2.ts
@@ -76,6 +76,12 @@ export async function verifyEC2(opts: {
   };
 
   const keyAlgorithm: EcKeyImportParams = {
+    /**
+     * Note to future self: you can't use `mapCoseAlgToWebCryptoKeyAlgName()` here because some
+     * leaf certs from actual devices specified an RSA SHA value for `alg` (e.g. `-257`) which
+     * would then map here to `'RSASSA-PKCS1-v1_5'`. We always want `'ECDSA'` here so we'll
+     * hard-code this.
+     */
     name: 'ECDSA',
     namedCurve: _crv,
   };
diff --git a/packages/server/src/helpers/iso/isoCrypto/verifyOKP.ts b/packages/server/src/helpers/iso/isoCrypto/verifyOKP.ts
index a561b87..e610304 100644
--- a/packages/server/src/helpers/iso/isoCrypto/verifyOKP.ts
+++ b/packages/server/src/helpers/iso/isoCrypto/verifyOKP.ts
@@ -32,6 +32,8 @@ export async function verifyOKP(opts: {
     throw new Error('Public key was missing x (OKP)');
   }
 
+  // Pulled key import steps from here:
+  // https://wicg.github.io/webcrypto-secure-curves/#ed25519-operations
   let _crv: SubtleCryptoCrv;
   if (crv === COSECRV.ED25519) {
     _crv = 'Ed25519';