U2F support in OpenSSH HEAD

Mark D. Baushke mdb at juniper.net
Sun Nov 3 11:35:40 AEDT 2019

Joseph S. Testa II <jtesta at positronsecurity.com> writes:

> On 11/1/19 4:36 AM, Damien Miller wrote:
> >  new key type "sk-ecdsa-sha2-nistp256 at openssh.com"
> Was ECDSA with NIST P-256 strictly necessary, or would Ed25519 be 
> possible as well?

I would guess that it largely comes down to support of the algoirthms in
the hardware keys and the libfido2 library.

Some tokens built on top of TPM 2.0 hardware may only support ECDSA or

YubiKey 5.2.3 enhancements to FIDO 2 Support recently announced
(on October 22, 2019)
URL: https://support.yubico.com/support/solutions/articles/15000027138-yubikey-5-2-3-enhancements-to-fido-2-support

| Additional Encryption Algorithms
| To ensure a high level of security for the FIDO2 authentication
| credentials, the supported encryption algorithms have been updated.
| Support for the Ed25519 curve has been added, while support for RSA keys
| has been removed.

This makes sense in that the new NISP FIPS 186-5 draft does provide for
EdDSA with both 25519 and 448 curves and YubiKey is something the US Fed
folks are in favor of using for some places where CAC cards are not as
desirable to use.

Right now, the libfido2 library seems to support ECDSA P-256 with
SHA-256 and PKCS#1.5 2048-bit RSA with SHA-256.

Given that the US Federal Government is mandating RSA-PSS for most
everything rather than PKCS#1.5 RSA, the odds are good that RSA
support will be going down in a lot of places.

I suspect that both ECDSA P256 and ECDSA P384 are supported on many PIV
Smart Card devices.

I fully expect to see EdDSA 25519 based devices eventually.

	-- Mark

More information about the openssh-unix-dev mailing list