diff options
Diffstat (limited to 'PROTOCOL.u2f')
| -rw-r--r-- | PROTOCOL.u2f | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f index 823f5363..32bfa20f 100644 --- a/PROTOCOL.u2f +++ b/PROTOCOL.u2f @@ -86,7 +86,7 @@ With a private half consisting of: string "sk-ssh-ed25519@openssh.com" string public key string application (user-specified, but typically "ssh:") - uint32 flags + uint8 flags string key_handle string reserved @@ -110,6 +110,8 @@ information to the public key: string signature key string signature +and for security key ed25519 certificates: + string "sk-ssh-ed25519-cert-v01@openssh.com" string nonce string public key @@ -126,6 +128,15 @@ information to the public key: string signature key string signature +Both security key certificates use the following encoding for private keys: + + string type (e.g. "sk-ssh-ed25519-cert-v01@openssh.com") + string pubkey (the above key/cert structure) + string application + uint8 flags + string key_handle + string reserved + During key generation, the hardware also returns attestation information that may be used to cryptographically prove that a given key is hardware-backed. Unfortunately, the protocol required for this proof is @@ -188,7 +199,6 @@ For Ed25519 keys the signature is encoded as: byte flags uint32 counter - ssh-agent protocol extensions ----------------------------- |