[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Feature request: Support U2F security keys


Hi, 
OpenSSH 8.2 (https://www.openssh.com/txt/release-8.2) supports "ecdsa-sk" and "ed25519-sk” key types to support U2F/FIDO security keys and I was wondering if libssh could support them, too? 
For supporting them server-side, I think you'd just need to implement the additional key types

	sk-ecdsa-sha2-nistp256@xxxxxxxxxxx
	sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx
	sk-ssh-ed25519@xxxxxxxxxxx
	sk-ssh-ed25519-cert-v01@xxxxxxxxxxx

…and parse their signature a bit differently from the normal ecdsa and ed25519 signatures. E.g. they include an additional “counter" and “user present” value. 

Details on the format are here: https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f

Let me know what you think. 

Follow-Ups:
Re: Feature request: Support U2F security keysJakub Jelen <jjelen@xxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org