===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/PROTOCOL.u2f,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- src/usr.bin/ssh/PROTOCOL.u2f	2019/12/10 23:21:56	1.11
+++ src/usr.bin/ssh/PROTOCOL.u2f	2019/12/10 23:37:31	1.12
@@ -86,7 +86,7 @@
 	string		"sk-ssh-ed25519@openssh.com"
 	string		public key
 	string		application (user-specified, but typically "ssh:")
-	uint32		flags
+	uint8		flags
 	string		key_handle
 	string		reserved
 
@@ -110,6 +110,8 @@
 	string		signature key
 	string		signature
 
+and for security key ed25519 certificates:
+
 	string		"sk-ssh-ed25519-cert-v01@openssh.com"
 	string		nonce
 	string		public key
@@ -126,6 +128,15 @@
 	string		signature key
 	string		signature
 
+Both security key certificates use the following encoding for private keys:
+
+	string		type (e.g. "sk-ssh-ed25519-cert-v01@openssh.com")
+	string		pubkey (the above key/cert structure)
+	string		application
+	uint8		flags
+	string		key_handle
+	string		reserved
+
 During key generation, the hardware also returns attestation information
 that may be used to cryptographically prove that a given key is
 hardware-backed. Unfortunately, the protocol required for this proof is
@@ -187,7 +198,6 @@
 	string		signature
 	byte		flags
 	uint32		counter
-
 
 ssh-agent protocol extensions
 -----------------------------