search for: ecdsa_signature

...ensions present? flag, but I don?t see that defined. Just after this, you show the signature returned from the U2F hardware as: > The signature returned from U2F hardware takes the following format: > > byte flags (including "user present") > uint32 counter > byte[32] ecdsa_signature (in X9.62 format). The signature is more than 32 bytes here, though. The middleware library returns the signature as an (r, s) pair, where each is a 32-byte string value that is later converted to integers and then encoded as a pair of MPInts. I suspect the hardware might be returning (r, s) as DER...

Hi, As of this morning, OpenSSH now has experimental U2F/FIDO support, with U2F being added as a new key type "sk-ecdsa-sha2-nistp256 at openssh.com" or "ecdsa-sk" for short (the "sk" stands for "security key"). If you're not familiar with U2F, this is an open standard for making inexpensive hardware security tokens. These are easily the cheapest way