version 1.19, 2020/01/28 08:01:34 |
version 1.20, 2020/02/21 00:04:43 |
|
|
default. |
default. |
|
|
Attestation information is useful for out-of-band key and certificate |
Attestation information is useful for out-of-band key and certificate |
registration worksflows, e.g. proving to a CA that a key is backed |
registration workflows, e.g. proving to a CA that a key is backed |
by trusted hardware before it will issue a certificate. To support this |
by trusted hardware before it will issue a certificate. To support this |
case, OpenSSH optionally allows retaining the attestation information |
case, OpenSSH optionally allows retaining the attestation information |
at the time of key generation. It will take the following format: |
at the time of key generation. It will take the following format: |
|
|
byte[] extensions |
byte[] extensions |
byte[32] SHA256(message) |
byte[32] SHA256(message) |
|
|
No extensons are yet defined for SSH use. If any are defined in the future, |
No extensions are yet defined for SSH use. If any are defined in the future, |
it will be possible to infer their presence from the contents of the "flags" |
it will be possible to infer their presence from the contents of the "flags" |
value. |
value. |
|
|