[Bug 3815] New: ssh-verify-attestation fails to check attestation

bugzilla-daemon Fri, 18 Apr 2025 02:34:01 -0700

https://bugzilla.mindrot.org/show_bug.cgi?id=3815


            Bug ID: 3815
           Summary: ssh-verify-attestation fails to check attestation
           Product: Portable OpenSSH
           Version: 10.0p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: Miscellaneous
          Assignee: [email protected]
          Reporter: [email protected]

Hello, 
I’m currently working with the ssh-verify-attestation tool to verify
the attestation of a key generated on a YubiKey, using the following
commands:

dd if=/dev/random bs=1 count=32 of=challenge 

ssh-keygen -t ed25519-sk -O resident \
-O application=ssh:yubikey \
-O challenge=challenge \
-O write-attestation=id_ed25519_sk_yubi.attest \
-C "YubiKey FIDO SSH Key" \
-f ~/.ssh/id_ed25519_sk_yubi


and when I run 

./openssh-portable/regress/misc/ssh-verify-attestation/ssh-verify-attestation
-A  ~/.ssh/id_ed25519_sk_yubi  challenge  id_ed25519_sk_yubi.attest

I get  "basic attestation failed"  without any details. 

According to 
https://github.com/openssh/openssh-portable/blob/76631fdd04824c3e50ea6551d3611b1fe0216a41/regress/misc/ssh-verify-attestation/ssh-verify-attestation.c#L33
 

it should be fine. 

What am I doing wrong?

Thank you.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3815] New: ssh-verify-attestation fails to check attestation

Reply via email to