search for: hyperfido

That sounds like the application param is still used as part of the process though? Would allowing the user to specify the application work in the Solokey case? What is stored in the private keyfile? The documentation says no private key is stored there. So is it just information used to reseed the public/private key? Thanks, Kevin ________________________________________ From: openssh-unix-dev

...till create a different key pair. Only a very minimal U2F token without an on-board RNG might derive the key pair purely from the parameters in the registration message; I don't know if any such devices exist. This actually made me curious and I checked the simple FIDO1 U2F token I have here (HyperFIDO Titanium): It issues a different key pair each time, even if the registration message is exactly the same. As would the Solokey. Every time you run "ssh-keygen -t ecdsa-sk", the token will give you a different key pair, and this is enforced by the token itself. > What is stored in t...