[Bug 3748] "webauthn-sk-ecdsa-sha2-nistp256 at openssh.com" signature type not supported from ssh agent
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Nov 2 03:04:16 AEDT 2024
https://bugzilla.mindrot.org/show_bug.cgi?id=3748
--- Comment #3 from bmhomer13 at gmail.com ---
Ok I managed to get this working i.e. the signature verified and I
could log in.
However, on the server-side I had to comment out this check:
https://github.com/openssh/openssh-portable/blob/V_8_7/ssh-ecdsa-sk.c#L124
I think it may be because we are using certs i.e. ECDSA-SK-CERT.
Still not sure I understand this, but the expected clientData preamble
seemed to contain cert info in the "challenge" section, whereas the
challenge we return in our agent contains a much shorter challenge
returned from Apple APIs (specifically
https://developer.apple.com/documentation/authenticationservices/asauthorizationsecuritykeypublickeycredentialprovider).
Given that the signature verified once I removed this check, I'm not
sure it's implemented correctly.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list