[Bug 3463] cannot gen ed25519-sk residental key with fido2

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Jul 19 00:14:16 AEST 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3463

--- Comment #2 from sergey at markow.su ---
yes sure:
$ fido2-token -L
/dev/hidraw3: vendor=0x1050, product=0x0407 (Yubico YubiKey
OTP+FIDO+CCID)

$ fido2-token -I /dev/hidraw3
proto: 0x02
major: 0x05
minor: 0x04
build: 0x03
caps: 0x05 (wink, cbor, msg)
version strings: U2F_V2, FIDO_2_0, FIDO_2_1_PRE
extension strings: credProtect, hmac-secret
transport strings: usb
algorithms: es256 (public-key), eddsa (public-key)
aaguid: ee882879721c491397753dfcce97072a
options: rk, up, noplat, noclientPin, credentialMgmtPreview
maxmsgsiz: 1200
maxcredcntlst: 8
maxcredlen: 128
maxlargeblob: 0
fwversion: 0x50403
pin protocols: 2, 1
pin retries: undefined
uv retries: undefined

$ FIDO_DEBUG=1 ssh-keygen -vvv -t ed25519-sk -O resident -f /tmp/foo
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter PIN for authenticator: 
debug3: start_helper: started pid=14181
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: start_helper: starting /usr/local/libexec/ssh-sk-helper 
debug1: sshsk_enroll: provider "", device "(null)", application "ssh:",
userid "(null)", flags 0x21, challenge len 0 with-pin
debug1: sshsk_enroll: using random challenge
No FIDO SecurityKeyProvider specified
debug1: ssh-sk-helper: Enrollment failed: invalid format
debug1: main: reply len 8
debug3: ssh_msg_send: type 5
debug1: client_converse: helper returned error -4
debug3: reap_helper: pid=14181
Key enrollment failed: invalid format

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list