Feature request: Support U2F security keys

t...@t0b.org Fri, 15 May 2020 09:23:24 -0700

Hi, 
OpenSSH 8.2 (https://www.openssh.com/txt/release-8.2) supports "ecdsa-sk" and 
"ed25519-sk” key types to support U2F/FIDO security keys and I was wondering if 
libssh could support them, too? 
For supporting them server-side, I think you'd just need to implement the 
additional key types


        sk-ecdsa-sha2-nistp...@openssh.com
        sk-ecdsa-sha2-nistp256-cert-...@openssh.com
        sk-ssh-ed25...@openssh.com
        sk-ssh-ed25519-cert-...@openssh.com

…and parse their signature a bit differently from the normal ecdsa and ed25519 
signatures. E.g. they include an additional “counter" and “user present” value. 

Details on the format are here: 
https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f

Let me know what you think.

Feature request: Support U2F security keys

Reply via email to