[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Feature request: Support U2F security keys
[Thread Prev] | [Thread Next]
- Subject: Feature request: Support U2F security keys
- From: "t0b@xxxxxxx" <t0b@xxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Fri, 15 May 2020 09:22:48 -0700
- To: libssh@xxxxxxxxxx
Hi, OpenSSH 8.2 (https://www.openssh.com/txt/release-8.2) supports "ecdsa-sk" and "ed25519-sk” key types to support U2F/FIDO security keys and I was wondering if libssh could support them, too? For supporting them server-side, I think you'd just need to implement the additional key types sk-ecdsa-sha2-nistp256@xxxxxxxxxxx sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx sk-ssh-ed25519@xxxxxxxxxxx sk-ssh-ed25519-cert-v01@xxxxxxxxxxx …and parse their signature a bit differently from the normal ecdsa and ed25519 signatures. E.g. they include an additional “counter" and “user present” value. Details on the format are here: https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f Let me know what you think.
| Re: Feature request: Support U2F security keys | Jakub Jelen <jjelen@xxxxxxxxxx> |