| version 1.19, 2020/01/28 08:01:34 |
version 1.20, 2020/02/21 00:04:43 |
|
|
| default. |
default. |
| |
|
| Attestation information is useful for out-of-band key and certificate |
Attestation information is useful for out-of-band key and certificate |
| registration worksflows, e.g. proving to a CA that a key is backed |
registration workflows, e.g. proving to a CA that a key is backed |
| by trusted hardware before it will issue a certificate. To support this |
by trusted hardware before it will issue a certificate. To support this |
| case, OpenSSH optionally allows retaining the attestation information |
case, OpenSSH optionally allows retaining the attestation information |
| at the time of key generation. It will take the following format: |
at the time of key generation. It will take the following format: |
|
|
| byte[] extensions |
byte[] extensions |
| byte[32] SHA256(message) |
byte[32] SHA256(message) |
| |
|
| No extensons are yet defined for SSH use. If any are defined in the future, |
No extensions are yet defined for SSH use. If any are defined in the future, |
| it will be possible to infer their presence from the contents of the "flags" |
it will be possible to infer their presence from the contents of the "flags" |
| value. |
value. |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to PROTOCOL.u2f CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh