[Bug 3564] New: When downloading sk keys from a fido token, applications with multiple keys overwrite each other

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Apr 20 22:02:52 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3564

            Bug ID: 3564
           Summary: When downloading sk keys from a fido token,
                    applications with multiple keys overwrite each other
           Product: Portable OpenSSH
           Version: 8.5p1
          Hardware: Other
                OS: Windows 10
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-keygen
          Assignee: unassigned-bugs at mindrot.org
          Reporter: m.schmidt at emtec.com

Static function do_download_sk(const char *skprovider, const char
*device) in ssh-keygen has a loop that goes over the returned keys for
the given sk-application.

However, if an application has more than one keys, the name of the
output file will be the same for all keys (e.g.
id_ecdsa_sk_rk_mydomain), prompting the user to overwrite the first key
with the 2nd, etc.

I believe it would be useful (or more correct) to give subsequent keys
a numbering scheme, e.g. id_ecdsa_sk_rk_mydomain,
id_ecdsa_sk_rk_mydomain2, id_ecdsa_sk_rk_mydomain3, etc.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list