search for: libfido

...o folding those parts in if appropriate? Joseph, to offer comment on NIST P-256. There was originally quite a limited subset of support in U2F, originally ES256 or RS256. There's since been more added (Ed25519 appears to be one of them at a cursory glance). If you take a look at param.h in the libfido2 repository you'll see the list of supported algorithm constants (COSE_*). From personal experience though I've had a few different brands of pure-u2f-only tokens and never seen support for anything other than P-256 in the wild. Yubicos U2F only keys for example are currently listed on thei...

https://bugzilla.mindrot.org/show_bug.cgi?id=3188 Bug ID: 3188 Summary: Problems creating a second ecdsa-sk key for a second Yubikey Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh-keygen

...and NFC, we didn't want to burden OpenSSH with a bunch of dependencies. Instead we've delegated the task of communicating with the tokens to a small middleware library that is loaded in a manner similar to the existing PKCS#11 support. We've written a basic middleware for Yubico's libfido2 that is capable of talking to any standard USB HID U2F or FIDO2 token. The middleware source is hosted in the libfido2 tree, so building that and OpenSSH HEAD is sufficient to get started. Some quickstart instructions: 1. Build and install OpenSSH If you're using OpenBSD, then you can use a...