version 1.23, 2020/05/12 01:41:32 |
version 1.24, 2020/06/22 05:58:35 |
|
|
byte flags |
byte flags |
uint32 counter |
uint32 counter |
|
|
|
webauthn signatures |
|
------------------- |
|
|
|
The W3C/FIDO webauthn[1] standard defines a mechanism for a web browser to |
|
interact with FIDO authentication tokens. This standard builds upon the |
|
FIDO standards, but requires different signature contents to raw FIDO |
|
messages. OpenSSH supports ECDSA/p256 webauthn signatures through the |
|
"webauthn-sk-ecdsa-sha2-nistp256@openssh.com" signature algorithm. |
|
|
|
The wire encoding for a webauthn-sk-ecdsa-sha2-nistp256@openssh.com |
|
signature is similar to the sk-ecdsa-sha2-nistp256@openssh.com format: |
|
|
|
string "webauthn-sk-ecdsa-sha2-nistp256@openssh.com" |
|
string ecdsa_signature |
|
byte flags |
|
uint32 counter |
|
string origin |
|
string clientData |
|
string extensions |
|
|
|
Where "origin" is the HTTP origin making the signature, "clientData" is |
|
the JSON-like structure signed by the browser and "extensions" are any |
|
extensions used in making the signature. |
|
|
|
[1] https://www.w3.org/TR/webauthn-2/ |
|
|
ssh-agent protocol extensions |
ssh-agent protocol extensions |
----------------------------- |
----------------------------- |
|
|