diff options
Diffstat (limited to 'PROTOCOL.u2f')
-rw-r--r-- | PROTOCOL.u2f | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f index ab9e3e333..a587480be 100644 --- a/PROTOCOL.u2f +++ b/PROTOCOL.u2f | |||
@@ -22,13 +22,13 @@ given key is backed by hardware. Finally the signature format includes | |||
22 | a monotonic signature counter that can be used (at scale) to detect | 22 | a monotonic signature counter that can be used (at scale) to detect |
23 | concurrent use of a private key, should it be extracted from hardware. | 23 | concurrent use of a private key, should it be extracted from hardware. |
24 | 24 | ||
25 | U2F private keys are generatted through an enrollment operation, | 25 | U2F private keys are generated through an enrollment operation, |
26 | which takes an application ID - a URL-like string, typically "ssh:" | 26 | which takes an application ID - a URL-like string, typically "ssh:" |
27 | in this case, but a HTTP origin for the case of web authentication, | 27 | in this case, but a HTTP origin for the case of web authentication, |
28 | and a challenge string (typically randomly generated). The enrollment | 28 | and a challenge string (typically randomly generated). The enrollment |
29 | operation returns a public key, a key handle that must be used to invoke | 29 | operation returns a public key, a key handle that must be used to invoke |
30 | the hardware-backed private key, some flags and signed attestation | 30 | the hardware-backed private key, some flags and signed attestation |
31 | information that may be used to verify that private key is hosted on a | 31 | information that may be used to verify that a private key is hosted on a |
32 | particular hardware instance. | 32 | particular hardware instance. |
33 | 33 | ||
34 | It is common for U2F hardware to derive private keys from the key handle | 34 | It is common for U2F hardware to derive private keys from the key handle |
@@ -73,7 +73,7 @@ The corresponding private key contains: | |||
73 | The certificate form of a SSH U2F key appends the usual certificate | 73 | The certificate form of a SSH U2F key appends the usual certificate |
74 | information to the public key: | 74 | information to the public key: |
75 | 75 | ||
76 | string "sk-ecdsa-sha2-nistp256@openssh.com" | 76 | string "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com" |
77 | string nonce | 77 | string nonce |
78 | ec_point Q | 78 | ec_point Q |
79 | string application | 79 | string application |
@@ -98,7 +98,7 @@ choose not to include this information in the public key or save it by | |||
98 | default. | 98 | default. |
99 | 99 | ||
100 | Attestation information is very useful however in an organisational | 100 | Attestation information is very useful however in an organisational |
101 | context, where it may be used by an CA as part of certificate | 101 | context, where it may be used by a CA as part of certificate |
102 | issuance. In this case, exposure to the CA of hardware identity is | 102 | issuance. In this case, exposure to the CA of hardware identity is |
103 | desirable. To support this case, OpenSSH optionally allows retaining the | 103 | desirable. To support this case, OpenSSH optionally allows retaining the |
104 | attestation information at the time of key generation. It will take the | 104 | attestation information at the time of key generation. It will take the |
@@ -151,16 +151,16 @@ ecdsa_signature field returned from the hardware. | |||
151 | ssh-agent protocol extensions | 151 | ssh-agent protocol extensions |
152 | ----------------------------- | 152 | ----------------------------- |
153 | 153 | ||
154 | ssh-agent requires some protocol extension to support U2F keys. At | 154 | ssh-agent requires a protocol extension to support U2F keys. At |
155 | present the closest analogue to Security Keys in ssh-agent are PKCS#11 | 155 | present the closest analogue to Security Keys in ssh-agent are PKCS#11 |
156 | tokens, insofar as they require a middleware library to communicate with | 156 | tokens, insofar as they require a middleware library to communicate with |
157 | the device that holds the keys. Unfortunately, the protocol message used | 157 | the device that holds the keys. Unfortunately, the protocol message used |
158 | to add PKCS#11 keys to ssh-agent does not include any way to send the | 158 | to add PKCS#11 keys to ssh-agent does not include any way to send the |
159 | key handle to the agent as U2F keys require. | 159 | key handle to the agent as U2F keys require. |
160 | 160 | ||
161 | To avoid this, without having to add wholy new messages to the agent | 161 | To avoid this, without having to add wholly new messages to the agent |
162 | protocol we will use the existing SSH2_AGENTC_ADD_ID_CONSTRAINED message | 162 | protocol, we will use the existing SSH2_AGENTC_ADD_ID_CONSTRAINED message |
163 | with a new a key constraint extension to encode a path to the middleware | 163 | with a new key constraint extension to encode a path to the middleware |
164 | library for the key. The format of this constraint extension would be: | 164 | library for the key. The format of this constraint extension would be: |
165 | 165 | ||
166 | byte SSH_AGENT_CONSTRAIN_EXTENSION | 166 | byte SSH_AGENT_CONSTRAIN_EXTENSION |