Alright! 🙂 we'll also need corresponding constants in PublicKeyCredentialParameters, and to add Ed448 to the default preferredPubkeyParams (also in RelyingPartyV2). I'd say to add it after ES512, since Ed448 and ES512 are at the same security level and the current default prefers ES256 over EdDSA.

Then we also need some tests! 🙂

• First off, that Ed448 is included in emitted pubKeyCredParams when available. You can duplicate this test and replace the EdDSA constant references (but not the KeyFactory argument, I think) with Ed448:

  java-webauthn-server/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyV2RegistrationSpec.scala

  Line 4280 in 5cbebf2

  it("EdDSA, when available.") {

  (also in RelyingPartyRegistrationSpec)

• We also need some tests of using Ed448:

  java-webauthn-server/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyV2AssertionSpec.scala

  Line 2417 in 5cbebf2

  it("a generated Ed25519 key.") {

  So I guess for that I'll need to show you how the RegistrationTestDataGenerator works 😄 (of course if we can find some real examples that's great too, but I don't know of any popular authenticator implementations off the top of my head.)

  You can run that class in your IDE, and it will go through a hardcoded list of RegistrationTestData instances and call regenerate() on each of them. Then for each test data index it'll print the index in the list, and then a block of code to paste over the new RegistrationTestData(...) for that test data set. After that you can run the code formatter and commit the new or updated test data. This way we have a set of test vectors that are stable even after changes to the code that originally generated them, but which can be easily updated whenever needed. Most of these are also listed in the defaultSettingsValidExamples constant, which is used in RelyingPartyRegistrationSpec to check that all of those test cases work with the default settings.

  So for this we can start by duplicating the val BasicAttestationEdDsa as val BasicAttestationEd448 and just update the constant in regenerate(), then add that to the list in regenerateTestData and to defaultSettingsValidExamples, and then run RegistrationTestDataGenerator to generate the test case. For this we'll probably need to add some switch cases in TestAuthenticator.scala (regenerate() calls createBasicAttestedCredential which eventually ends up in generateKeypair, and you'll also need to update the KeyPairGenerator argument further down that call chain) and WebauthnCodecs too.

  I realize that's a lot to dig into, so let me know if you need any help and/or guidance with it 😄