upstream: SSH U2F keys can now be used as host keys. Fix a garden

path sentence. ok markus@

OpenBSD-Commit-ID: 67d7971ca1a020acd6c151426c54bd29d784bd6b
This commit is contained in:
naddy@openbsd.org 2019-12-20 20:28:55 +00:00 committed by Damien Miller
parent 68010acbcf
commit 416f15372b
1 changed files with 1 additions and 5 deletions

View File

@ -37,7 +37,7 @@ hardware, thus requiring little on-device storage for an effectively
unlimited number of supported keys. This drives the requirement that unlimited number of supported keys. This drives the requirement that
the key handle be supplied for each signature operation. U2F tokens the key handle be supplied for each signature operation. U2F tokens
primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2 primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2
standard specified additional key types include one based on Ed25519. standard specifies additional key types, including one based on Ed25519.
SSH U2F Key formats SSH U2F Key formats
------------------- -------------------
@ -49,10 +49,6 @@ OpenSSH integrates U2F as new key and corresponding certificate types:
sk-ssh-ed25519@openssh.com sk-ssh-ed25519@openssh.com
sk-ssh-ed25519-cert-v01@openssh.com sk-ssh-ed25519-cert-v01@openssh.com
These key types are supported only for user authentication with the
"publickey" method. They are not used for host-based user authentication
or server host key authentication.
While each uses ecdsa-sha256-nistp256 as the underlying signature primitive, While each uses ecdsa-sha256-nistp256 as the underlying signature primitive,
keys require extra information in the public and private keys, and in keys require extra information in the public and private keys, and in
the signature object itself. As such they cannot be made compatible with the signature object itself. As such they cannot be made compatible with