| version 1.11, 2019/12/10 23:21:56 |
version 1.12, 2019/12/10 23:37:31 |
|
|
| string "sk-ssh-ed25519@openssh.com" |
string "sk-ssh-ed25519@openssh.com" |
| string public key |
string public key |
| string application (user-specified, but typically "ssh:") |
string application (user-specified, but typically "ssh:") |
| uint32 flags |
uint8 flags |
| string key_handle |
string key_handle |
| string reserved |
string reserved |
| |
|
|
|
| string signature key |
string signature key |
| string signature |
string signature |
| |
|
| |
and for security key ed25519 certificates: |
| |
|
| string "sk-ssh-ed25519-cert-v01@openssh.com" |
string "sk-ssh-ed25519-cert-v01@openssh.com" |
| string nonce |
string nonce |
| string public key |
string public key |
|
|
| string signature key |
string signature key |
| string signature |
string signature |
| |
|
| |
Both security key certificates use the following encoding for private keys: |
| |
|
| |
string type (e.g. "sk-ssh-ed25519-cert-v01@openssh.com") |
| |
string pubkey (the above key/cert structure) |
| |
string application |
| |
uint8 flags |
| |
string key_handle |
| |
string reserved |
| |
|
| During key generation, the hardware also returns attestation information |
During key generation, the hardware also returns attestation information |
| that may be used to cryptographically prove that a given key is |
that may be used to cryptographically prove that a given key is |
| hardware-backed. Unfortunately, the protocol required for this proof is |
hardware-backed. Unfortunately, the protocol required for this proof is |
|
|
| string signature |
string signature |
| byte flags |
byte flags |
| uint32 counter |
uint32 counter |
| |
|
| |
|
| ssh-agent protocol extensions |
ssh-agent protocol extensions |
| ----------------------------- |
----------------------------- |
![[BACK]](/icons/back.gif){kind=icon}
Return to PROTOCOL.u2f CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh