noxvost opened a new issue, #807:
URL: https://github.com/apache/mina-sshd/issues/807
### Version
2.15
### Bug description
When client with hardware key (YubiKey 5) with Ed25519 key connects to Mina
SSH server, the key fails to pass verification.
The key was generated with whis command:
```
ssh-keygen -t ed25519-sk -O resident -O verify-required -O
application=ssh:github -O user=git -C "github.com-ed25519-sk"
```
The culprit is this check:
https://github.com/apache/mina-sshd/blob/e472eb6e437b983e61f3c80a2195e4ea5ca6bf92/sshd-common/src/main/java/org/apache/sshd/common/signature/AbstractSecurityKeySignature.java#L80C9-L80C11
```
// Return false if we don't understand the flags
if ((flags & ~FLAG_USER_PRESENCE) != 0) {
return false;
}
```
The actual value is 5, so one more unknown bit is on.
keyType = sk-ssh-ed25...@openssh.com
pubicKey.toString() = SkED25519PublicKey[appName=ssh:github,
noTouchRequired=false,
delegatePublicKey=net.i2p.crypto.eddsa.EdDSAPublicKey@def130a9]
### Actual behavior
`throw new SignatureException("Key verification failed")` exception is thrown
### Expected behavior
Key should pass signature verification
### Relevant log output
```Shell
```
### Other information
_No response_
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
