[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Feature request: Support U2F security keys


Ah great! Never mind then :) 

> On May 17, 2020, at 23:04, Jakub Jelen <jjelen@xxxxxxxxxx> wrote:
> 
> On Fri, 2020-05-15 at 09:22 -0700, t0b@xxxxxxx wrote:
>> Hi, 
>> OpenSSH 8.2 (https://www.openssh.com/txt/release-8.2) supports
>> "ecdsa-sk" and "ed25519-sk” key types to support U2F/FIDO security
>> keys and I was wondering if libssh could support them, too? 
>> For supporting them server-side, I think you'd just need to implement
>> the additional key types
>> 
>> 	sk-ecdsa-sha2-nistp256@xxxxxxxxxxx
>> 	sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx
>> 	sk-ssh-ed25519@xxxxxxxxxxx
>> 	sk-ssh-ed25519-cert-v01@xxxxxxxxxxx
>> 
>> …and parse their signature a bit differently from the normal ecdsa
>> and ed25519 signatures. E.g. they include an additional “counter" and
>> “user present” value. 
>> 
>> Details on the format are here: 
>> https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f
>> 
>> Let me know what you think. 
> 
> The server side support is already in:
> 
> https://bugs.libssh.org/rLIBSSH17b518a677c92d943cf016b81272ec10ee1ca368
> 
> Regards,
> -- 
> Jakub Jelen
> Senior Software Engineer
> Security Technologies
> Red Hat, Inc.
> 
> 


References:
Feature request: Support U2F security keys"t0b@xxxxxxx" <t0b@xxxxxxx>
Re: Feature request: Support U2F security keysJakub Jelen <jjelen@xxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org