version 1.11, 2019/12/10 23:21:56 |
version 1.12, 2019/12/10 23:37:31 |
|
|
string "sk-ssh-ed25519@openssh.com" |
string "sk-ssh-ed25519@openssh.com" |
string public key |
string public key |
string application (user-specified, but typically "ssh:") |
string application (user-specified, but typically "ssh:") |
uint32 flags |
uint8 flags |
string key_handle |
string key_handle |
string reserved |
string reserved |
|
|
|
|
string signature key |
string signature key |
string signature |
string signature |
|
|
|
and for security key ed25519 certificates: |
|
|
string "sk-ssh-ed25519-cert-v01@openssh.com" |
string "sk-ssh-ed25519-cert-v01@openssh.com" |
string nonce |
string nonce |
string public key |
string public key |
|
|
string signature key |
string signature key |
string signature |
string signature |
|
|
|
Both security key certificates use the following encoding for private keys: |
|
|
|
string type (e.g. "sk-ssh-ed25519-cert-v01@openssh.com") |
|
string pubkey (the above key/cert structure) |
|
string application |
|
uint8 flags |
|
string key_handle |
|
string reserved |
|
|
During key generation, the hardware also returns attestation information |
During key generation, the hardware also returns attestation information |
that may be used to cryptographically prove that a given key is |
that may be used to cryptographically prove that a given key is |
hardware-backed. Unfortunately, the protocol required for this proof is |
hardware-backed. Unfortunately, the protocol required for this proof is |
|
|
string signature |
string signature |
byte flags |
byte flags |
uint32 counter |
uint32 counter |
|
|
|
|
ssh-agent protocol extensions |
ssh-agent protocol extensions |
----------------------------- |
----------------------------- |