| version 1.23, 2020/05/12 01:41:32 |
version 1.24, 2020/06/22 05:58:35 |
|
|
| byte flags |
byte flags |
| uint32 counter |
uint32 counter |
| |
|
| |
webauthn signatures |
| |
------------------- |
| |
|
| |
The W3C/FIDO webauthn[1] standard defines a mechanism for a web browser to |
| |
interact with FIDO authentication tokens. This standard builds upon the |
| |
FIDO standards, but requires different signature contents to raw FIDO |
| |
messages. OpenSSH supports ECDSA/p256 webauthn signatures through the |
| |
"webauthn-sk-ecdsa-sha2-nistp256@openssh.com" signature algorithm. |
| |
|
| |
The wire encoding for a webauthn-sk-ecdsa-sha2-nistp256@openssh.com |
| |
signature is similar to the sk-ecdsa-sha2-nistp256@openssh.com format: |
| |
|
| |
string "webauthn-sk-ecdsa-sha2-nistp256@openssh.com" |
| |
string ecdsa_signature |
| |
byte flags |
| |
uint32 counter |
| |
string origin |
| |
string clientData |
| |
string extensions |
| |
|
| |
Where "origin" is the HTTP origin making the signature, "clientData" is |
| |
the JSON-like structure signed by the browser and "extensions" are any |
| |
extensions used in making the signature. |
| |
|
| |
[1] https://www.w3.org/TR/webauthn-2/ |
| |
|
| ssh-agent protocol extensions |
ssh-agent protocol extensions |
| ----------------------------- |
----------------------------- |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to PROTOCOL.u2f CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh