[Bug 3516] ssh-keygen when creating sk fido keys does not create sufficient data for attestation verification.

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Jan 5 11:10:42 AEDT 2023


--- Comment #2 from William Brown <william.brown at suse.com> ---
The webauthn attestation sections are reflections of their underlying
standards in most cases. However, for FIDO2 the attestation format is
defined in the Webauthn standard. For FIDO2, and more specifically
CTAP2, this is discussed here:


Step 19: Generate an attestation statement for the newly-created
credential using clientDataHash, taking into account the value of the
enterpriseAttestation parameter, if present, as described above in Step


attStmt (0x03) ... The attestation statement, as specified in

Thus the document and structure I linked is the correct one. 

With this in mind, the lack of a clientDataHash in the attest output
created by ssh-keygen means verification of an attestation is not
possible as the FIDO2 device itself will be signing the concatenation
of authenticatorData and clientDataHash.

Since this will likely constitute a change to the attest blob format
that ssh-keygen produces, this is also why I made the other suggestions
to altering the format as currently the format as it stands is not able
to create or validate ECDAA attestation either.

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list