diff options
| author | naddy@openbsd.org <naddy@openbsd.org> | 2019-12-20 21:28:55 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-12-21 03:22:07 +0100 |
| commit | 416f15372bfb5be1709a0ad1d00ef5d8ebfb9e0e (patch) | |
| tree | dc9ba4c764e701a02dea6ae1726c5c22f28abdda /PROTOCOL.u2f | |
| parent | upstream: Move always unsupported keywords to be grouped with the other (diff) | |
| download | openssh-416f15372bfb5be1709a0ad1d00ef5d8ebfb9e0e.tar.xz openssh-416f15372bfb5be1709a0ad1d00ef5d8ebfb9e0e.zip | |
upstream: SSH U2F keys can now be used as host keys. Fix a garden
path sentence. ok markus@
OpenBSD-Commit-ID: 67d7971ca1a020acd6c151426c54bd29d784bd6b
Diffstat (limited to 'PROTOCOL.u2f')
| -rw-r--r-- | PROTOCOL.u2f | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f index 066d09951..61b70d6ef 100644 --- a/PROTOCOL.u2f +++ b/PROTOCOL.u2f @@ -37,7 +37,7 @@ hardware, thus requiring little on-device storage for an effectively unlimited number of supported keys. This drives the requirement that the key handle be supplied for each signature operation. U2F tokens primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2 -standard specified additional key types include one based on Ed25519. +standard specifies additional key types, including one based on Ed25519. SSH U2F Key formats ------------------- @@ -49,10 +49,6 @@ OpenSSH integrates U2F as new key and corresponding certificate types: sk-ssh-ed25519@openssh.com sk-ssh-ed25519-cert-v01@openssh.com -These key types are supported only for user authentication with the -"publickey" method. They are not used for host-based user authentication -or server host key authentication. - While each uses ecdsa-sha256-nistp256 as the underlying signature primitive, keys require extra information in the public and private keys, and in the signature object itself. As such they cannot be made compatible with |