Skip to content

FIDO and SK Support
Compare
Choose a tag to compare
@obelisk obelisk released this 17 Apr 16:29
· 3 commits to master since this release
v0.11.0
150e00d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Finally after lots of work, sshcerts has merged support for not only reading SK style public and private keys, but signing certificates with them as well!

This can be tested out with the new example programs using sign-with-file (sign-with-yubikey is for PIV signing functionality). The library supports both Ecdsa and Ed25519 keys and can also verify attestations using the new fido-lite feature. By default it will try to sign with the first FIDO HID device it can find, and with no pin. Both of these can be set manually in a private key of SK type to override this allowing you to use custom pins or specified devices.

The test suite has been expanded to attempt to cover all these new use cases and a few new examples to how how they can be integrated. For a more complex example, the Rustica project (https://github.com/obelisk/rustica) uses this new code to support remote registration and attestation of SSH hardware keys and provides SSH certificates (generated by this library) for them.

Assets 2
Loading