Hi, This is a port of (originally) https://github.com/Yubico/libfido2 - but temporarily using my forked repository at https://github.com/djm-google/libfido2 that has a couple of extra pieces: OpenBSD support and a small extra library that OpenSSH can now use to talk to U2F tokens. I have PRs pending for both of these so I hope that I can point the port back to the upstream repository soon.
This port depends on the libcbor port that I sent a moment ago, and all my caveats about being rusty wrt porting stuff applies. ok? If you're interested in using the new U2F support in OpenSSH and you're running -current, then after installing this port and applying patrick@'s uhid patch (on tech@) you should be able to do stuff like: $ # Tell OpenSSH to use this library to talk to U2F devices $ export SSH_SK_PROVIDER=/usr/local/lib/libsk-libfido2.so $ # Generate a key $ ssh-keygen -t ecdsa-sk $ cat ~/.ssh/id_ecdsa_sk.pub >From there you have a public key that you can use as normal on (-current) sshd, i.e. copying it to ~/.ssh/authorized_keys, etc. When you run ssh to log in, you must also ensure it get either the SSH_SK_PROVIDER environment variable or the equivalent SecurityKeyProvider config item, and you must tap your key to authorise the signature. I'd very much like to hear your feedback -d
security_libfido2.tgz
Description: Binary data
