diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-12-10 23:37:31 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-12-11 19:11:07 +1100 |
commit | a62f4e1960691f3aeb1f972e009788b29e2ae464 (patch) | |
tree | 65569906c0aaebae24715a5abc68bcc3c13f9509 /PROTOCOL.u2f | |
parent | 22d4beb79622fc82d7111ac941269861fc7aef8d (diff) |
upstream: some more corrections for documentation problems spotted
by Ron Frederick
document certifiate private key format
correct flags type for sk-ssh-ed25519@openssh.com keys
OpenBSD-Commit-ID: fc4e9a1ed7f9f7f9dd83e2e2c59327912e933e74
Diffstat (limited to 'PROTOCOL.u2f')
-rw-r--r-- | PROTOCOL.u2f | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f index 823f5363..32bfa20f 100644 --- a/PROTOCOL.u2f +++ b/PROTOCOL.u2f @@ -86,7 +86,7 @@ With a private half consisting of: string "sk-ssh-ed25519@openssh.com" string public key string application (user-specified, but typically "ssh:") - uint32 flags + uint8 flags string key_handle string reserved @@ -110,6 +110,8 @@ information to the public key: string signature key string signature +and for security key ed25519 certificates: + string "sk-ssh-ed25519-cert-v01@openssh.com" string nonce string public key @@ -126,6 +128,15 @@ information to the public key: string signature key string signature +Both security key certificates use the following encoding for private keys: + + string type (e.g. "sk-ssh-ed25519-cert-v01@openssh.com") + string pubkey (the above key/cert structure) + string application + uint8 flags + string key_handle + string reserved + During key generation, the hardware also returns attestation information that may be used to cryptographically prove that a given key is hardware-backed. Unfortunately, the protocol required for this proof is @@ -188,7 +199,6 @@ For Ed25519 keys the signature is encoded as: byte flags uint32 counter - ssh-agent protocol extensions ----------------------------- |