diff --git a/share/translations/keepassxc_en.ts b/share/translations/keepassxc_en.ts
index 14a24c01d..33dfbd1ad 100644
--- a/share/translations/keepassxc_en.ts
+++ b/share/translations/keepassxc_en.ts
@@ -8251,6 +8251,34 @@ Kernel: %3 %4
Passkeys
+
+ Attestation not supported
+
+
+
+ Credential is excluded
+
+
+
+ Passkeys request canceled
+
+
+
+ Invalid user verification
+
+
+
+ Empty public key
+
+
+
+ Invalid URL provided
+
+
+
+ Resident Keys are not supported
+
+
QtIOCompressor
diff --git a/src/browser/BrowserMessageBuilder.cpp b/src/browser/BrowserMessageBuilder.cpp
index 583b9f33e..bbae928d2 100644
--- a/src/browser/BrowserMessageBuilder.cpp
+++ b/src/browser/BrowserMessageBuilder.cpp
@@ -128,6 +128,20 @@ QString BrowserMessageBuilder::getErrorMessage(const int errorCode) const
return QObject::tr("No valid UUID provided");
case ERROR_KEEPASS_ACCESS_TO_ALL_ENTRIES_DENIED:
return QObject::tr("Access to all entries is denied");
+ case ERROR_PASSKEYS_ATTESTATION_NOT_SUPPORTED:
+ return QObject::tr("Attestation not supported");
+ case ERROR_PASSKEYS_CREDENTIAL_IS_EXCLUDED:
+ return QObject::tr("Credential is excluded");
+ case ERROR_PASSKEYS_REQUEST_CANCELED:
+ return QObject::tr("Passkeys request canceled");
+ case ERROR_PASSKEYS_INVALID_USER_VERIFICATION:
+ return QObject::tr("Invalid user verification");
+ case ERROR_PASSKEYS_EMPTY_PUBLIC_KEY:
+ return QObject::tr("Empty public key");
+ case ERROR_PASSKEYS_INVALID_URL_PROVIDED:
+ return QObject::tr("Invalid URL provided");
+ case ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED:
+ return QObject::tr("Resident Keys are not supported");
default:
return QObject::tr("Unknown error");
}
diff --git a/src/browser/BrowserMessageBuilder.h b/src/browser/BrowserMessageBuilder.h
index b9e172380..9b6474d19 100644
--- a/src/browser/BrowserMessageBuilder.h
+++ b/src/browser/BrowserMessageBuilder.h
@@ -54,7 +54,8 @@ namespace
ERROR_PASSKEYS_REQUEST_CANCELED = 22,
ERROR_PASSKEYS_INVALID_USER_VERIFICATION = 23,
ERROR_PASSKEYS_EMPTY_PUBLIC_KEY = 24,
- ERROR_PASSKEYS_INVALID_URL_PROVIDED = 25
+ ERROR_PASSKEYS_INVALID_URL_PROVIDED = 25,
+ ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED = 26,
};
}
diff --git a/src/browser/BrowserService.cpp b/src/browser/BrowserService.cpp
index 616a55a3a..6903eceef 100644
--- a/src/browser/BrowserService.cpp
+++ b/src/browser/BrowserService.cpp
@@ -628,13 +628,19 @@ QJsonObject BrowserService::showPasskeysRegisterPrompt(const QJsonObject& public
const auto excludeCredentials = publicKey["excludeCredentials"].toArray();
const auto attestation = publicKey["attestation"].toString();
+ // Check Resident Key requirement
+ const auto authenticatorSelection = publicKey["authenticatorSelection"].toObject();
+ const auto requireResidentKey = authenticatorSelection["requireResidentKey"].toBool();
+ if (requireResidentKey) {
+ return getPasskeyError(ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED);
+ }
+
// Only support these two for now
if (attestation != BrowserPasskeys::PASSKEYS_ATTESTATION_NONE
&& attestation != BrowserPasskeys::PASSKEYS_ATTESTATION_DIRECT) {
return getPasskeyError(ERROR_PASSKEYS_ATTESTATION_NOT_SUPPORTED);
}
- const auto authenticatorSelection = publicKey["authenticatorSelection"].toObject();
const auto userVerification = authenticatorSelection["userVerification"].toString();
if (!browserPasskeys()->isUserVerificationValid(userVerification)) {
return getPasskeyError(ERROR_PASSKEYS_INVALID_USER_VERIFICATION);