summaryrefslogtreecommitdiff
path: root/PROTOCOL.u2f
diff options
context:
space:
mode:
Diffstat (limited to 'PROTOCOL.u2f')
-rw-r--r--PROTOCOL.u2f26
1 files changed, 26 insertions, 0 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f
index 69347e99..fd31ea4e 100644
--- a/PROTOCOL.u2f
+++ b/PROTOCOL.u2f
@@ -209,6 +209,32 @@ For Ed25519 keys the signature is encoded as:
byte flags
uint32 counter
+webauthn signatures
+-------------------
+
+The W3C/FIDO webauthn[1] standard defines a mechanism for a web browser to
+interact with FIDO authentication tokens. This standard builds upon the
+FIDO standards, but requires different signature contents to raw FIDO
+messages. OpenSSH supports ECDSA/p256 webauthn signatures through the
+"webauthn-sk-ecdsa-sha2-nistp256@openssh.com" signature algorithm.
+
+The wire encoding for a webauthn-sk-ecdsa-sha2-nistp256@openssh.com
+signature is similar to the sk-ecdsa-sha2-nistp256@openssh.com format:
+
+ string "webauthn-sk-ecdsa-sha2-nistp256@openssh.com"
+ string ecdsa_signature
+ byte flags
+ uint32 counter
+ string origin
+ string clientData
+ string extensions
+
+Where "origin" is the HTTP origin making the signature, "clientData" is
+the JSON-like structure signed by the browser and "extensions" are any
+extensions used in making the signature.
+
+[1] https://www.w3.org/TR/webauthn-2/
+
ssh-agent protocol extensions
-----------------------------
View Lorry Controller Status