[Bug 3815] New: ssh-verify-attestation fails to check attestation

[bugzilla-daemon at mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=3815

            Bug ID: 3815
           Summary: ssh-verify-attestation fails to check attestation
           Product: Portable OpenSSH
           Version: 10.0p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: at at symbiosis.finance

Hello, 
I’m currently working with the ssh-verify-attestation tool to verify
the attestation of a key generated on a YubiKey, using the following
commands:

dd if=/dev/random bs=1 count=32 of=challenge 

ssh-keygen -t ed25519-sk -O resident \
-O application=ssh:yubikey \
-O challenge=challenge \
-O write-attestation=id_ed25519_sk_yubi.attest \
-C "YubiKey FIDO SSH Key" \
-f ~/.ssh/id_ed25519_sk_yubi


and when I run 

./openssh-portable/regress/misc/ssh-verify-attestation/ssh-verify-attestation
-A  ~/.ssh/id_ed25519_sk_yubi  challenge  id_ed25519_sk_yubi.attest

I get  "basic attestation failed"  without any details. 

According to 
https://github.com/openssh/openssh-portable/blob/76631fdd04824c3e50ea6551d3611b1fe0216a41/regress/misc/ssh-verify-attestation/ssh-verify-attestation.c#L33 

it should be fine. 

What am I doing wrong?

Thank you.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.