[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Feature request: Support U2F security keys


On Fri, 2020-05-15 at 09:22 -0700, t0b@xxxxxxx wrote:
> Hi, 
> OpenSSH 8.2 (https://www.openssh.com/txt/release-8.2) supports
> "ecdsa-sk" and "ed25519-sk” key types to support U2F/FIDO security
> keys and I was wondering if libssh could support them, too? 
> For supporting them server-side, I think you'd just need to implement
> the additional key types
> 
> 	sk-ecdsa-sha2-nistp256@xxxxxxxxxxx
> 	sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx
> 	sk-ssh-ed25519@xxxxxxxxxxx
> 	sk-ssh-ed25519-cert-v01@xxxxxxxxxxx
> 
> …and parse their signature a bit differently from the normal ecdsa
> and ed25519 signatures. E.g. they include an additional “counter" and
> “user present” value. 
> 
> Details on the format are here: 
> https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f
> 
> Let me know what you think. 

The server side support is already in:

https://bugs.libssh.org/rLIBSSH17b518a677c92d943cf016b81272ec10ee1ca368

Regards,
-- 
Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.


Follow-Ups:
Re: Feature request: Support U2F security keys"t0b@xxxxxxx" <t0b@xxxxxxx>
References:
Feature request: Support U2F security keys"t0b@xxxxxxx" <t0b@xxxxxxx>
Archive administrator: postmaster@lists.cynapses.org