Signing fails for ED25519-SK when `verify-required` option enabled

Question

Signing fails for ED25519-SK when `verify-required` option enabled

virtual-light opened this issue 2 years ago · 7 comments

What version of libfido2 are you using?

$ apt show libfido2-1
Package: libfido2-1
Version: 1.11.0~ppa~jammy3
Priority: optional
Section: libs
Source: libfido2
Maintainer: Yubico Open Source Maintainers <ossmaint@yubico.com>

$ apt show libfido2-dev
Package: libfido2-dev
Version: 1.11.0~ppa~jammy3
Priority: optional
Section: libdevel
Source: libfido2
Maintainer: Yubico Open Source Maintainers <ossmaint@yubico.com>

What operating system are you running?

$  lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.1 LTS
Release:	22.04
Codename:	jammy

What application are you using in conjunction with libfido2?
ssh-keygen, ssh-add

How does the problem manifest itself?

sign_and_send_pubkey: signing failed for ED25519-SK ... from agent: agent refused operation

when using SSH key that has been generated with verify-required option enabled.

Keys generated in the same manner without verify-required work as expected.

Is the problem reproducible?
Yes

What are the steps that lead to the problem?

Steps with `-O verify-required` (fails)

Remove existing SSH keys

$ rm -rf ~/.ssh/*
$ ssh-add -D
All identities removed.

Generate a new key with the verify-required option enabled

$ FIDO_DEBUG=1 ssh-keygen -t ed25519-sk -C "test" -O verify-required

$ FIDO_DEBUG=1 ssh-keygen -t ed25519-sk -C "test" -O verify-required
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter PIN for authenticator: 
fido_hid_unix_open: open /dev/hidraw2: Permission denied
fido_hid_unix_open: open /dev/hidraw3: Permission denied
fido_hid_unix_open: open /dev/hidraw4: Permission denied
fido_hid_unix_open: open /dev/hidraw5: Permission denied
fido_hid_unix_open: open /dev/hidraw6: Permission denied
fido_hid_unix_open: open /dev/hidraw7: Permission denied
fido_hid_unix_open: open /dev/hidraw8: Permission denied
fido_hid_unix_open: open /dev/hidraw0: Permission denied
run_manifest: found 1 hid device
run_manifest: found 0 nfc devices
fido_tx: dev=0x555b7a52c300, cmd=0x06
fido_tx: buf=0x555b7a52c300, len=8
0000: 96 35 85 35 3b ac 51 da
fido_rx: dev=0x555b7a52c300, cmd=0x06, ms=-1
rx_preamble: buf=0x7ffc3a0d13a0, len=64
0000: ff ff ff ff 86 00 11 96 35 85 35 3b ac 51 da 97
0016: 5a 55 31 02 05 04 03 05 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=17
fido_rx: buf=0x555b7a52c308, len=17
0000: 96 35 85 35 3b ac 51 da 97 5a 55 31 02 05 04 03
0016: 05
fido_dev_get_cbor_info_tx: dev=0x555b7a52c300
fido_tx: dev=0x555b7a52c300, cmd=0x10
fido_tx: buf=0x7ffc3a0d1457, len=1
0000: 04
fido_dev_get_cbor_info_rx: dev=0x555b7a52c300, ci=0x555b7a51adc0, ms=-1
fido_rx: dev=0x555b7a52c300, cmd=0x10, ms=-1
rx_preamble: buf=0x7ffc3a0d0b60, len=64
0000: 97 5a 55 31 90 00 cc 00 ac 01 83 66 55 32 46 5f
0016: 56 32 68 46 49 44 4f 5f 32 5f 30 6c 46 49 44 4f
0032: 5f 32 5f 31 5f 50 52 45 02 82 6b 63 72 65 64 50
0048: 72 6f 74 65 63 74 6b 68 6d 61 63 2d 73 65 63 72
rx: payload_len=204
rx: buf=0x7ffc3a0d0b60, len=64
0000: 97 5a 55 31 00 65 74 03 50 2f c0 57 9f 81 13 47
0016: ea b1 16 bb 5a 8d b9 20 2a 04 a5 62 72 6b f5 62
0032: 75 70 f5 64 70 6c 61 74 f4 69 63 6c 69 65 6e 74
0048: 50 69 6e f5 75 63 72 65 64 65 6e 74 69 61 6c 4d
rx: buf=0x7ffc3a0d0b60, len=64
0000: 97 5a 55 31 01 67 6d 74 50 72 65 76 69 65 77 f5
0016: 05 19 04 b0 06 82 02 01 07 08 08 18 80 09 82 63
0032: 6e 66 63 63 75 73 62 0a 82 a2 63 61 6c 67 26 64
0048: 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79 a2
rx: buf=0x7ffc3a0d0b60, len=64
0000: 97 5a 55 31 02 63 61 6c 67 27 64 74 79 70 65 6a
0016: 70 75 62 6c 69 63 2d 6b 65 79 0d 04 0e 1a 00 05
0032: 04 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x7ffc3a0d0bf0, len=204
0000: 00 ac 01 83 66 55 32 46 5f 56 32 68 46 49 44 4f
0016: 5f 32 5f 30 6c 46 49 44 4f 5f 32 5f 31 5f 50 52
0032: 45 02 82 6b 63 72 65 64 50 72 6f 74 65 63 74 6b
0048: 68 6d 61 63 2d 73 65 63 72 65 74 03 50 2f c0 57
0064: 9f 81 13 47 ea b1 16 bb 5a 8d b9 20 2a 04 a5 62
0080: 72 6b f5 62 75 70 f5 64 70 6c 61 74 f4 69 63 6c
0096: 69 65 6e 74 50 69 6e f5 75 63 72 65 64 65 6e 74
0112: 69 61 6c 4d 67 6d 74 50 72 65 76 69 65 77 f5 05
0128: 19 04 b0 06 82 02 01 07 08 08 18 80 09 82 63 6e
0144: 66 63 63 75 73 62 0a 82 a2 63 61 6c 67 26 64 74
0160: 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79 a2 63
0176: 61 6c 67 27 64 74 79 70 65 6a 70 75 62 6c 69 63
0192: 2d 6b 65 79 0d 04 0e 1a 00 05 04 03
parse_reply_element: cbor type
fido_dev_open_rx: FIDO_MAXMSG=2048, maxmsgsiz=1200
fido_dev_authkey_tx: dev=0x555b7a52c300
fido_tx: dev=0x555b7a52c300, cmd=0x10
fido_tx: buf=0x555b7a5371b0, len=6
0000: 06 a2 01 02 02 02
fido_dev_authkey_rx: dev=0x555b7a52c300, authkey=0x555b7a49a920, ms=-1
fido_rx: dev=0x555b7a52c300, cmd=0x10, ms=-1
rx_preamble: buf=0x7ffc3a0d0ba0, len=64
0000: 97 5a 55 31 90 00 51 00 a1 01 a5 01 02 03 38 18
0016: 20 01 21 58 20 be f5 04 5c 44 fe 15 5b f4 49 a0
0032: 54 2c 34 3d 5e 9f e9 33 23 d6 8a 4c fc 7b 7d dd
0048: b3 63 09 f9 3e 22 58 20 09 75 b3 b3 be 35 5c 75
rx: payload_len=81
rx: buf=0x7ffc3a0d0ba0, len=64
0000: 97 5a 55 31 00 5c 58 4a 3b 51 1e e6 97 9e 37 ee
0016: e4 a3 9c 2d 1b eb 78 ba cb 59 8a 37 3f 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x7ffc3a0d0c30, len=81
0000: 00 a1 01 a5 01 02 03 38 18 20 01 21 58 20 be f5
0016: 04 5c 44 fe 15 5b f4 49 a0 54 2c 34 3d 5e 9f e9
0032: 33 23 d6 8a 4c fc 7b 7d dd b3 63 09 f9 3e 22 58
0048: 20 09 75 b3 b3 be 35 5c 75 5c 58 4a 3b 51 1e e6
0064: 97 9e 37 ee e4 a3 9c 2d 1b eb 78 ba cb 59 8a 37
0080: 3f
fido_tx: dev=0x555b7a52c300, cmd=0x10
fido_tx: buf=0x555b7a52b500, len=120
0000: 06 a4 01 02 02 05 03 a5 01 02 03 38 18 20 01 21
0016: 58 20 ef 2d ed 61 26 31 fc b3 c1 30 6d 46 a5 8e
0032: ab 56 f7 96 2c 20 f4 14 56 a9 c9 5c 94 6b 9b 61
0048: 9e 06 22 58 20 c2 c6 3d 73 1d 1f d1 59 f6 96 2e
0064: be bd f5 eb 44 40 d4 c4 08 e7 98 e2 a2 e4 f6 36
0080: 86 2c c1 fd 13 06 58 20 db 7e 07 63 d7 ad 68 78
0096: ea 47 8a b6 3f 7d 5d 11 87 b8 d8 a6 57 2e 65 e7
0112: 2d 82 e3 a2 0d 13 11 d9
fido_rx: dev=0x555b7a52c300, cmd=0x10, ms=-1
rx_preamble: buf=0x7ffc3a0d0b90, len=64
0000: 97 5a 55 31 90 00 35 00 a1 02 58 30 a0 24 e0 26
0016: d7 a2 c6 7d 69 ae 1b ea 40 3d e9 de f1 2c f0 df
0032: 1e 49 d9 f5 19 9f ae 4c 5c de 82 d3 1a 00 1b bc
0048: f4 60 cc ef b3 4d ee fb 51 5b 82 b7 00 00 00 00
rx: payload_len=53
fido_rx: buf=0x7ffc3a0d0c20, len=53
0000: 00 a1 02 58 30 a0 24 e0 26 d7 a2 c6 7d 69 ae 1b
0016: ea 40 3d e9 de f1 2c f0 df 1e 49 d9 f5 19 9f ae
0032: 4c 5c de 82 d3 1a 00 1b bc f4 60 cc ef b3 4d ee
0048: fb 51 5b 82 b7
fido_tx: dev=0x555b7a52c300, cmd=0x10
fido_tx: buf=0x555b7a544dd0, len=195
0000: 01 a7 01 58 20 36 4f 2b bf e7 3d de f8 f9 1e d2
0016: 88 2b 7e 32 f1 68 ab 13 30 19 04 8e eb 7d da 6e
0032: 00 63 1b 1b 6f 02 a1 62 69 64 64 73 73 68 3a 03
0048: a3 62 69 64 58 20 00 00 00 00 00 00 00 00 00 00
0064: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0080: 00 00 00 00 00 00 64 6e 61 6d 65 67 6f 70 65 6e
0096: 73 73 68 6b 64 69 73 70 6c 61 79 4e 61 6d 65 67
0112: 6f 70 65 6e 73 73 68 04 81 a2 63 61 6c 67 27 64
0128: 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79 06
0144: a1 6b 63 72 65 64 50 72 6f 74 65 63 74 03 08 58
0160: 20 12 2d 42 91 63 54 d6 61 a7 7d a3 df 8c 62 5c
0176: 91 fa 30 09 8d 6c 4f f0 76 4e e6 6a 23 63 f4 6a
0192: f1 09 02
fido_rx: dev=0x555b7a52c300, cmd=0x10, ms=-1
rx_preamble: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 90 04 35 00 a3 01 66 70 61 63 6b 65
0016: 64 02 58 ef e3 06 10 e8 a1 62 11 59 60 fe 1e c2
0032: 23 e6 52 9c 9f 4b 6e 80 20 0d cb 5e 5c 32 1c 8a
0048: f1 e2 b1 bf c5 00 00 00 01 2f c0 57 9f 81 13 47
rx: payload_len=1077
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 00 ea b1 16 bb 5a 8d b9 20 2a 00 80
0016: df 54 30 7f fc 1d e0 88 ee 9f 02 67 7d e5 d2 f8
0032: 75 c4 ba d0 cf 01 8c 63 55 a0 d5 af 55 17 51 b6
0048: 01 51 63 87 e2 7c 94 ae 29 f2 e4 b1 e9 9c 68 96
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 01 ac 4b f5 21 06 49 aa d7 2f a9 71
0016: 26 c5 79 ec 42 dd 11 67 4b c4 c6 a7 b5 2d 15 04
0032: d2 65 1c 9e e1 07 b2 38 90 1f e5 4e 1b 8e 33 7d
0048: e6 2d 0f 88 28 8c e0 94 37 ca 5a b1 ee 68 4b 9b
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 02 e1 64 f0 b4 73 d8 9a ac 0f 7e 70
0016: 20 85 86 f8 38 82 fe 29 d3 18 a4 01 01 03 27 20
0032: 06 21 58 20 7f 72 45 ed ef b6 98 b1 55 48 3d d2
0048: 5c 08 e9 62 c3 a2 b0 26 79 9a 93 96 87 51 03 29
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 03 c7 88 23 77 a1 6b 63 72 65 64 50
0016: 72 6f 74 65 63 74 03 03 a3 63 61 6c 67 26 63 73
0032: 69 67 58 48 30 46 02 21 00 db 78 b4 3c 93 e9 8c
0048: 02 ab cb 4f 42 8d eb bf 66 cf 34 2d 8a 51 61 13
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 04 a7 ae 57 75 b2 d2 11 ab 00 02 21
0016: 00 e2 41 7b 17 7a 74 87 7e 33 69 df 80 3d 35 08
0032: 26 e0 33 d4 f0 47 d4 92 2d c7 da 77 62 01 6d f7
0048: a0 63 78 35 63 81 59 02 dc 30 82 02 d8 30 82 01
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 05 c0 a0 03 02 01 02 02 09 00 b0 39
0016: 2a 37 5f 38 a2 eb 30 0d 06 09 2a 86 48 86 f7 0d
0032: 01 01 0b 05 00 30 2e 31 2c 30 2a 06 03 55 04 03
0048: 13 23 59 75 62 69 63 6f 20 55 32 46 20 52 6f 6f
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 06 74 20 43 41 20 53 65 72 69 61 6c
0016: 20 34 35 37 32 30 30 36 33 31 30 20 17 0d 31 34
0032: 30 38 30 31 30 30 30 30 30 30 5a 18 0f 32 30 35
0048: 30 30 39 30 34 30 30 30 30 30 30 5a 30 6e 31 0b
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 07 30 09 06 03 55 04 06 13 02 53 45
0016: 31 12 30 10 06 03 55 04 0a 0c 09 59 75 62 69 63
0032: 6f 20 41 42 31 22 30 20 06 03 55 04 0b 0c 19 41
0048: 75 74 68 65 6e 74 69 63 61 74 6f 72 20 41 74 74
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 08 65 73 74 61 74 69 6f 6e 31 27 30
0016: 25 06 03 55 04 03 0c 1e 59 75 62 69 63 6f 20 55
0032: 32 46 20 45 45 20 53 65 72 69 61 6c 20 39 32 35
0048: 35 31 34 31 36 30 30 59 30 13 06 07 2a 86 48 ce
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 09 3d 02 01 06 08 2a 86 48 ce 3d 03
0016: 01 07 03 42 00 04 c1 53 30 db c7 0e d5 c8 a3 eb
0032: 8b f3 5c 07 9a 32 fd e5 56 06 4c 24 5d f4 0d 53
0048: 58 0b 73 e9 cb 47 91 0f ef 17 15 f7 79 79 68 70
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 0a e9 ab 5c 17 8c eb 99 03 98 c1 26
0016: 85 a9 6f a9 db 86 15 8e 23 d9 c2 a3 81 81 30 7f
0032: 30 13 06 0a 2b 06 01 04 01 82 c4 0a 0d 01 04 05
0048: 04 03 05 04 03 30 22 06 09 2b 06 01 04 01 82 c4
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 0b 0a 02 04 15 31 2e 33 2e 36 2e 31
0016: 2e 34 2e 31 2e 34 31 34 38 32 2e 31 2e 37 30 13
0032: 06 0b 2b 06 01 04 01 82 e5 1c 02 01 01 04 04 03
0048: 02 04 30 30 21 06 0b 2b 06 01 04 01 82 e5 1c 01
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 0c 01 04 04 12 04 10 2f c0 57 9f 81
0016: 13 47 ea b1 16 bb 5a 8d b9 20 2a 30 0c 06 03 55
0032: 1d 13 01 01 ff 04 02 30 00 30 0d 06 09 2a 86 48
0048: 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 01 69 31
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 0d 64 e4 98 f6 88 a3 3b 49 0f ab 21
0016: 2f 58 2c 48 f8 c7 1c 89 94 9f 5f 18 ea 22 74 39
0032: 65 ce 3e 33 ed 4a 5d 0b 62 50 fa e7 0e 04 f6 3c
0048: d4 93 ba 84 94 f0 70 49 08 77 0a 10 3d 16 4e e5
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 0e 90 12 72 60 43 36 e2 22 cc 9c 6a
0016: 89 07 2d ee f1 78 27 a4 89 1f 01 1e c5 6a 45 e1
0032: 7c ed 20 7b 56 12 67 7c 25 b9 e5 bc cc 35 94 cc
0048: 31 f9 4b 83 d3 a9 75 d4 bc 64 7e 12 bf 2c de b5
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 0f dd 2f 75 14 00 5c 7f f5 62 1f aa
0016: ea 99 2a 47 bb e2 08 db a8 d6 79 81 25 b6 4d 16
0032: 7f b8 ef 3a d4 45 2a 44 4e 14 19 76 58 f7 36 0e
0048: 0d 5e 45 16 0e 29 22 4c a9 08 50 9f 60 6e 77 cd
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 10 ee 3c 5c 53 d4 7e 72 4f 6f 4c 2a
0016: d8 f2 e8 32 72 cc fe 3f 51 08 e1 2e 6b b2 f4 d0
0032: ed fa d9 5b b6 f7 eb 5d ba c8 8a d5 4c 44 4e a8
0048: 45 ea ed d2 3b af 33 c3 cf 31 be ad bd 56 10 7e
rx: buf=0x7ffc3a0d1490, len=64
0000: 97 5a 55 31 11 23 36 21 a6 0b 28 28 67 e7 21 42
0016: cb 0b d1 f5 76 be 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x555b7a5472f0, len=1077
0000: 00 a3 01 66 70 61 63 6b 65 64 02 58 ef e3 06 10
0016: e8 a1 62 11 59 60 fe 1e c2 23 e6 52 9c 9f 4b 6e
0032: 80 20 0d cb 5e 5c 32 1c 8a f1 e2 b1 bf c5 00 00
0048: 00 01 2f c0 57 9f 81 13 47 ea b1 16 bb 5a 8d b9
0064: 20 2a 00 80 df 54 30 7f fc 1d e0 88 ee 9f 02 67
0080: 7d e5 d2 f8 75 c4 ba d0 cf 01 8c 63 55 a0 d5 af
0096: 55 17 51 b6 01 51 63 87 e2 7c 94 ae 29 f2 e4 b1
0112: e9 9c 68 96 ac 4b f5 21 06 49 aa d7 2f a9 71 26
0128: c5 79 ec 42 dd 11 67 4b c4 c6 a7 b5 2d 15 04 d2
0144: 65 1c 9e e1 07 b2 38 90 1f e5 4e 1b 8e 33 7d e6
0160: 2d 0f 88 28 8c e0 94 37 ca 5a b1 ee 68 4b 9b e1
0176: 64 f0 b4 73 d8 9a ac 0f 7e 70 20 85 86 f8 38 82
0192: fe 29 d3 18 a4 01 01 03 27 20 06 21 58 20 7f 72
0208: 45 ed ef b6 98 b1 55 48 3d d2 5c 08 e9 62 c3 a2
0224: b0 26 79 9a 93 96 87 51 03 29 c7 88 23 77 a1 6b
0240: 63 72 65 64 50 72 6f 74 65 63 74 03 03 a3 63 61
0256: 6c 67 26 63 73 69 67 58 48 30 46 02 21 00 db 78
0272: b4 3c 93 e9 8c 02 ab cb 4f 42 8d eb bf 66 cf 34
0288: 2d 8a 51 61 13 a7 ae 57 75 b2 d2 11 ab 00 02 21
0304: 00 e2 41 7b 17 7a 74 87 7e 33 69 df 80 3d 35 08
0320: 26 e0 33 d4 f0 47 d4 92 2d c7 da 77 62 01 6d f7
0336: a0 63 78 35 63 81 59 02 dc 30 82 02 d8 30 82 01
0352: c0 a0 03 02 01 02 02 09 00 b0 39 2a 37 5f 38 a2
0368: eb 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00
0384: 30 2e 31 2c 30 2a 06 03 55 04 03 13 23 59 75 62
0400: 69 63 6f 20 55 32 46 20 52 6f 6f 74 20 43 41 20
0416: 53 65 72 69 61 6c 20 34 35 37 32 30 30 36 33 31
0432: 30 20 17 0d 31 34 30 38 30 31 30 30 30 30 30 30
0448: 5a 18 0f 32 30 35 30 30 39 30 34 30 30 30 30 30
0464: 30 5a 30 6e 31 0b 30 09 06 03 55 04 06 13 02 53
0480: 45 31 12 30 10 06 03 55 04 0a 0c 09 59 75 62 69
0496: 63 6f 20 41 42 31 22 30 20 06 03 55 04 0b 0c 19
0512: 41 75 74 68 65 6e 74 69 63 61 74 6f 72 20 41 74
0528: 74 65 73 74 61 74 69 6f 6e 31 27 30 25 06 03 55
0544: 04 03 0c 1e 59 75 62 69 63 6f 20 55 32 46 20 45
0560: 45 20 53 65 72 69 61 6c 20 39 32 35 35 31 34 31
0576: 36 30 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06
0592: 08 2a 86 48 ce 3d 03 01 07 03 42 00 04 c1 53 30
0608: db c7 0e d5 c8 a3 eb 8b f3 5c 07 9a 32 fd e5 56
0624: 06 4c 24 5d f4 0d 53 58 0b 73 e9 cb 47 91 0f ef
0640: 17 15 f7 79 79 68 70 e9 ab 5c 17 8c eb 99 03 98
0656: c1 26 85 a9 6f a9 db 86 15 8e 23 d9 c2 a3 81 81
0672: 30 7f 30 13 06 0a 2b 06 01 04 01 82 c4 0a 0d 01
0688: 04 05 04 03 05 04 03 30 22 06 09 2b 06 01 04 01
0704: 82 c4 0a 02 04 15 31 2e 33 2e 36 2e 31 2e 34 2e
0720: 31 2e 34 31 34 38 32 2e 31 2e 37 30 13 06 0b 2b
0736: 06 01 04 01 82 e5 1c 02 01 01 04 04 03 02 04 30
0752: 30 21 06 0b 2b 06 01 04 01 82 e5 1c 01 01 04 04
0768: 12 04 10 2f c0 57 9f 81 13 47 ea b1 16 bb 5a 8d
0784: b9 20 2a 30 0c 06 03 55 1d 13 01 01 ff 04 02 30
0800: 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00
0816: 03 82 01 01 00 01 69 31 64 e4 98 f6 88 a3 3b 49
0832: 0f ab 21 2f 58 2c 48 f8 c7 1c 89 94 9f 5f 18 ea
0848: 22 74 39 65 ce 3e 33 ed 4a 5d 0b 62 50 fa e7 0e
0864: 04 f6 3c d4 93 ba 84 94 f0 70 49 08 77 0a 10 3d
0880: 16 4e e5 90 12 72 60 43 36 e2 22 cc 9c 6a 89 07
0896: 2d ee f1 78 27 a4 89 1f 01 1e c5 6a 45 e1 7c ed
0912: 20 7b 56 12 67 7c 25 b9 e5 bc cc 35 94 cc 31 f9
0928: 4b 83 d3 a9 75 d4 bc 64 7e 12 bf 2c de b5 dd 2f
0944: 75 14 00 5c 7f f5 62 1f aa ea 99 2a 47 bb e2 08
0960: db a8 d6 79 81 25 b6 4d 16 7f b8 ef 3a d4 45 2a
0976: 44 4e 14 19 76 58 f7 36 0e 0d 5e 45 16 0e 29 22
0992: 4c a9 08 50 9f 60 6e 77 cd ee 3c 5c 53 d4 7e 72
1008: 4f 6f 4c 2a d8 f2 e8 32 72 cc fe 3f 51 08 e1 2e
1024: 6b b2 f4 d0 ed fa d9 5b b6 f7 eb 5d ba c8 8a d5
1040: 4c 44 4e a8 45 ea ed d2 3b af 33 c3 cf 31 be ad
1056: bd 56 10 7e 23 36 21 a6 0b 28 28 67 e7 21 42 cb
1072: 0b d1 f5 76 be
cbor_decode_cred_authdata: buf=0x555b7a53a5b0, len=239
0000: e3 06 10 e8 a1 62 11 59 60 fe 1e c2 23 e6 52 9c
0016: 9f 4b 6e 80 20 0d cb 5e 5c 32 1c 8a f1 e2 b1 bf
0032: c5 00 00 00 01 2f c0 57 9f 81 13 47 ea b1 16 bb
0048: 5a 8d b9 20 2a 00 80 df 54 30 7f fc 1d e0 88 ee
0064: 9f 02 67 7d e5 d2 f8 75 c4 ba d0 cf 01 8c 63 55
0080: a0 d5 af 55 17 51 b6 01 51 63 87 e2 7c 94 ae 29
0096: f2 e4 b1 e9 9c 68 96 ac 4b f5 21 06 49 aa d7 2f
0112: a9 71 26 c5 79 ec 42 dd 11 67 4b c4 c6 a7 b5 2d
0128: 15 04 d2 65 1c 9e e1 07 b2 38 90 1f e5 4e 1b 8e
0144: 33 7d e6 2d 0f 88 28 8c e0 94 37 ca 5a b1 ee 68
0160: 4b 9b e1 64 f0 b4 73 d8 9a ac 0f 7e 70 20 85 86
0176: f8 38 82 fe 29 d3 18 a4 01 01 03 27 20 06 21 58
0192: 20 7f 72 45 ed ef b6 98 b1 55 48 3d d2 5c 08 e9
0208: 62 c3 a2 b0 26 79 9a 93 96 87 51 03 29 c7 88 23
0224: 77 a1 6b 63 72 65 64 50 72 6f 74 65 63 74 03
decode_attcred: buf=0x555b7a53a5d5, len=202
0000: 2f c0 57 9f 81 13 47 ea b1 16 bb 5a 8d b9 20 2a
0016: 00 80 df 54 30 7f fc 1d e0 88 ee 9f 02 67 7d e5
0032: d2 f8 75 c4 ba d0 cf 01 8c 63 55 a0 d5 af 55 17
0048: 51 b6 01 51 63 87 e2 7c 94 ae 29 f2 e4 b1 e9 9c
0064: 68 96 ac 4b f5 21 06 49 aa d7 2f a9 71 26 c5 79
0080: ec 42 dd 11 67 4b c4 c6 a7 b5 2d 15 04 d2 65 1c
0096: 9e e1 07 b2 38 90 1f e5 4e 1b 8e 33 7d e6 2d 0f
0112: 88 28 8c e0 94 37 ca 5a b1 ee 68 4b 9b e1 64 f0
0128: b4 73 d8 9a ac 0f 7e 70 20 85 86 f8 38 82 fe 29
0144: d3 18 a4 01 01 03 27 20 06 21 58 20 7f 72 45 ed
0160: ef b6 98 b1 55 48 3d d2 5c 08 e9 62 c3 a2 b0 26
0176: 79 9a 93 96 87 51 03 29 c7 88 23 77 a1 6b 63 72
0192: 65 64 50 72 6f 74 65 63 74 03
decode_attcred: attcred->id.len=128
decode_cred_extensions: buf=0x555b7a53a691, len=14
0000: a1 6b 63 72 65 64 50 72 6f 74 65 63 74 03
fido_check_flags: flags=c5
fido_check_flags: up=2, uv=0
fido_dev_get_cbor_info_tx: dev=0x555b7a52c300
fido_tx: dev=0x555b7a52c300, cmd=0x10
fido_tx: buf=0x7ffc3a0d1587, len=1
0000: 04
fido_dev_get_cbor_info_rx: dev=0x555b7a52c300, ci=0x555b7a5576a0, ms=-1
fido_rx: dev=0x555b7a52c300, cmd=0x10, ms=-1
rx_preamble: buf=0x7ffc3a0d0cb0, len=64
0000: 97 5a 55 31 90 00 cc 00 ac 01 83 66 55 32 46 5f
0016: 56 32 68 46 49 44 4f 5f 32 5f 30 6c 46 49 44 4f
0032: 5f 32 5f 31 5f 50 52 45 02 82 6b 63 72 65 64 50
0048: 72 6f 74 65 63 74 6b 68 6d 61 63 2d 73 65 63 72
rx: payload_len=204
rx: buf=0x7ffc3a0d0cb0, len=64
0000: 97 5a 55 31 00 65 74 03 50 2f c0 57 9f 81 13 47
0016: ea b1 16 bb 5a 8d b9 20 2a 04 a5 62 72 6b f5 62
0032: 75 70 f5 64 70 6c 61 74 f4 69 63 6c 69 65 6e 74
0048: 50 69 6e f5 75 63 72 65 64 65 6e 74 69 61 6c 4d
rx: buf=0x7ffc3a0d0cb0, len=64
0000: 97 5a 55 31 01 67 6d 74 50 72 65 76 69 65 77 f5
0016: 05 19 04 b0 06 82 02 01 07 08 08 18 80 09 82 63
0032: 6e 66 63 63 75 73 62 0a 82 a2 63 61 6c 67 26 64
0048: 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79 a2
rx: buf=0x7ffc3a0d0cb0, len=64
0000: 97 5a 55 31 02 63 61 6c 67 27 64 74 79 70 65 6a
0016: 70 75 62 6c 69 63 2d 6b 65 79 0d 04 0e 1a 00 05
0032: 04 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x7ffc3a0d0d40, len=204
0000: 00 ac 01 83 66 55 32 46 5f 56 32 68 46 49 44 4f
0016: 5f 32 5f 30 6c 46 49 44 4f 5f 32 5f 31 5f 50 52
0032: 45 02 82 6b 63 72 65 64 50 72 6f 74 65 63 74 6b
0048: 68 6d 61 63 2d 73 65 63 72 65 74 03 50 2f c0 57
0064: 9f 81 13 47 ea b1 16 bb 5a 8d b9 20 2a 04 a5 62
0080: 72 6b f5 62 75 70 f5 64 70 6c 61 74 f4 69 63 6c
0096: 69 65 6e 74 50 69 6e f5 75 63 72 65 64 65 6e 74
0112: 69 61 6c 4d 67 6d 74 50 72 65 76 69 65 77 f5 05
0128: 19 04 b0 06 82 02 01 07 08 08 18 80 09 82 63 6e
0144: 66 63 63 75 73 62 0a 82 a2 63 61 6c 67 26 64 74
0160: 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79 a2 63
0176: 61 6c 67 27 64 74 79 70 65 6a 70 75 62 6c 69 63
0192: 2d 6b 65 79 0d 04 0e 1a 00 05 04 03
parse_reply_element: cbor type
fido_tx: dev=0x555b7a52c300, cmd=0x11
fido_tx: buf=(nil), len=0
Enter file in which to save the key (/home/test/.ssh/id_ed25519_sk): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/test/.ssh/id_ed25519_sk
Your public key has been saved in /home/test/.ssh/id_ed25519_sk.pub
The key fingerprint is:
SHA256:hu0SvLrM+IdTnWEGcov2egM7T/lzbbC5hb7GeEuEiLw test
The key's randomart image is:
+[ED25519-SK 256]-+
|                 |
|    . o          |
|     + o         |
|   .oo.++.       |
|   .o.=+So.      |
|    ..o*o...     |
|    E*= .oo=.    |
|   +*o+oooB.o    |
|  ..*B...===     |
+----[SHA256]-----+

Add the generated SSH key to a ssh-agent

$ ls ~/.ssh
id_ed25519_sk  id_ed25519_sk.pub
$ ssh-add ~/.ssh/id_ed25519_sk
Enter passphrase for /home/test/.ssh/id_ed25519_sk: 
Identity added: /home/test/.ssh/id_ed25519_sk (test)

Add the generated pub key to a GH account
Try to authorize with the key

FIDO_DEBUG=1 ssh -vT git@github.com

$ FIDO_DEBUG=1 ssh -vT git@github.com
penSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to github.com [140.82.121.4] port 22.
debug1: Connection established.
debug1: identity file /home/test/.ssh/id_rsa type -1
debug1: identity file /home/test/.ssh/id_rsa-cert type -1
debug1: identity file /home/test/.ssh/id_ecdsa type -1
debug1: identity file /home/test/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/test/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/test/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/test/.ssh/id_ed25519 type -1
debug1: identity file /home/test/.ssh/id_ed25519-cert type -1
debug1: identity file /home/test/.ssh/id_ed25519_sk type 12
debug1: identity file /home/test/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/test/.ssh/id_xmss type -1
debug1: identity file /home/test/.ssh/id_xmss-cert type -1
debug1: identity file /home/test/.ssh/id_dsa type -1
debug1: identity file /home/test/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
debug1: Remote protocol version 2.0, remote software version babeld-b708a481
debug1: compat_banner: no match: babeld-b708a481
debug1: Authenticating to github.com:22 as 'git'
debug1: load_hostkeys: fopen /home/test/.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /home/test/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC:  compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC:  compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU
debug1: load_hostkeys: fopen /home/test/.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /home/test/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: hostkeys_find_by_key_hostfile: hostkeys file /home/test/.ssh/known_hosts does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /home/test/.ssh/known_hosts2 does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts2 does not exist
The authenticity of host 'github.com (140.82.121.4)' can't be established.
ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'github.com' (ED25519) to the list of known hosts.
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/test/.ssh/id_ed25519_sk ED25519-SK SHA256:hu0SvLrM+IdTnWEGcov2egM7T/lzbbC5hb7GeEuEiLw authenticator agent
debug1: Will attempt key: /home/test/.ssh/id_rsa 
debug1: Will attempt key: /home/test/.ssh/id_ecdsa 
debug1: Will attempt key: /home/test/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/test/.ssh/id_ed25519 
debug1: Will attempt key: /home/test/.ssh/id_xmss 
debug1: Will attempt key: /home/test/.ssh/id_dsa 
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/test/.ssh/id_ed25519_sk ED25519-SK SHA256:hu0SvLrM+IdTnWEGcov2egM7T/lzbbC5hb7GeEuEiLw authenticator agent
debug1: Server accepts key: /home/test/.ssh/id_ed25519_sk ED25519-SK SHA256:hu0SvLrM+IdTnWEGcov2egM7T/lzbbC5hb7GeEuEiLw authenticator agent
sign_and_send_pubkey: signing failed for ED25519-SK "/home/test/.ssh/id_ed25519_sk" from agent: agent refused operation
debug1: Trying private key: /home/test/.ssh/id_rsa
debug1: Trying private key: /home/test/.ssh/id_ecdsa
debug1: Trying private key: /home/test/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/test/.ssh/id_ed25519
debug1: Trying private key: /home/test/.ssh/id_xmss
debug1: Trying private key: /home/test/.ssh/id_dsa
debug1: No more authentication methods to try.
git@github.com: Permission denied (publickey).

Result

git@github.com: Permission denied (publickey).

Same stepts without `-O verify-required` (works):

Remove existing SSH keys

$ rm -rf ~/.ssh/*
$ ssh-add -D
All identities removed.

Generate a new key without the verify-required option

$ FIDO_DEBUG=1 ssh-keygen -t ed25519-sk -C "test"

$ FIDO_DEBUG=1 ssh-keygen -t ed25519-sk -C "test"
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
fido_hid_unix_open: open /dev/hidraw2: Permission denied
fido_hid_unix_open: open /dev/hidraw3: Permission denied
fido_hid_unix_open: open /dev/hidraw4: Permission denied
fido_hid_unix_open: open /dev/hidraw5: Permission denied
fido_hid_unix_open: open /dev/hidraw6: Permission denied
fido_hid_unix_open: open /dev/hidraw7: Permission denied
fido_hid_unix_open: open /dev/hidraw8: Permission denied
fido_hid_unix_open: open /dev/hidraw0: Permission denied
run_manifest: found 1 hid device
run_manifest: found 0 nfc devices
fido_tx: dev=0x55e5bf09a2e0, cmd=0x06
fido_tx: buf=0x55e5bf09a2e0, len=8
0000: 77 b4 0b 25 cc be 19 47
fido_rx: dev=0x55e5bf09a2e0, cmd=0x06, ms=-1
rx_preamble: buf=0x7fff1b850360, len=64
0000: ff ff ff ff 86 00 11 77 b4 0b 25 cc be 19 47 ef
0016: 51 03 98 02 05 04 03 05 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=17
fido_rx: buf=0x55e5bf09a2e8, len=17
0000: 77 b4 0b 25 cc be 19 47 ef 51 03 98 02 05 04 03
0016: 05
fido_dev_get_cbor_info_tx: dev=0x55e5bf09a2e0
fido_tx: dev=0x55e5bf09a2e0, cmd=0x10
fido_tx: buf=0x7fff1b850417, len=1
0000: 04
fido_dev_get_cbor_info_rx: dev=0x55e5bf09a2e0, ci=0x55e5bf088da0, ms=-1
fido_rx: dev=0x55e5bf09a2e0, cmd=0x10, ms=-1
rx_preamble: buf=0x7fff1b84fb20, len=64
0000: ef 51 03 98 90 00 cc 00 ac 01 83 66 55 32 46 5f
0016: 56 32 68 46 49 44 4f 5f 32 5f 30 6c 46 49 44 4f
0032: 5f 32 5f 31 5f 50 52 45 02 82 6b 63 72 65 64 50
0048: 72 6f 74 65 63 74 6b 68 6d 61 63 2d 73 65 63 72
rx: payload_len=204
rx: buf=0x7fff1b84fb20, len=64
0000: ef 51 03 98 00 65 74 03 50 2f c0 57 9f 81 13 47
0016: ea b1 16 bb 5a 8d b9 20 2a 04 a5 62 72 6b f5 62
0032: 75 70 f5 64 70 6c 61 74 f4 69 63 6c 69 65 6e 74
0048: 50 69 6e f5 75 63 72 65 64 65 6e 74 69 61 6c 4d
rx: buf=0x7fff1b84fb20, len=64
0000: ef 51 03 98 01 67 6d 74 50 72 65 76 69 65 77 f5
0016: 05 19 04 b0 06 82 02 01 07 08 08 18 80 09 82 63
0032: 6e 66 63 63 75 73 62 0a 82 a2 63 61 6c 67 26 64
0048: 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79 a2
rx: buf=0x7fff1b84fb20, len=64
0000: ef 51 03 98 02 63 61 6c 67 27 64 74 79 70 65 6a
0016: 70 75 62 6c 69 63 2d 6b 65 79 0d 04 0e 1a 00 05
0032: 04 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x7fff1b84fbb0, len=204
0000: 00 ac 01 83 66 55 32 46 5f 56 32 68 46 49 44 4f
0016: 5f 32 5f 30 6c 46 49 44 4f 5f 32 5f 31 5f 50 52
0032: 45 02 82 6b 63 72 65 64 50 72 6f 74 65 63 74 6b
0048: 68 6d 61 63 2d 73 65 63 72 65 74 03 50 2f c0 57
0064: 9f 81 13 47 ea b1 16 bb 5a 8d b9 20 2a 04 a5 62
0080: 72 6b f5 62 75 70 f5 64 70 6c 61 74 f4 69 63 6c
0096: 69 65 6e 74 50 69 6e f5 75 63 72 65 64 65 6e 74
0112: 69 61 6c 4d 67 6d 74 50 72 65 76 69 65 77 f5 05
0128: 19 04 b0 06 82 02 01 07 08 08 18 80 09 82 63 6e
0144: 66 63 63 75 73 62 0a 82 a2 63 61 6c 67 26 64 74
0160: 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79 a2 63
0176: 61 6c 67 27 64 74 79 70 65 6a 70 75 62 6c 69 63
0192: 2d 6b 65 79 0d 04 0e 1a 00 05 04 03
parse_reply_element: cbor type
fido_dev_open_rx: FIDO_MAXMSG=2048, maxmsgsiz=1200
fido_tx: dev=0x55e5bf09a2e0, cmd=0x10
fido_tx: buf=0x55e5bf088d00, len=143
0000: 01 a4 01 58 20 52 a6 f6 34 a8 5e 0b 53 f6 c2 01
0016: b1 58 bc 56 11 3c 26 56 e4 08 fe 0b d0 e2 bd 1a
0032: e4 9c 51 13 4b 02 a1 62 69 64 64 73 73 68 3a 03
0048: a3 62 69 64 58 20 00 00 00 00 00 00 00 00 00 00
0064: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0080: 00 00 00 00 00 00 64 6e 61 6d 65 67 6f 70 65 6e
0096: 73 73 68 6b 64 69 73 70 6c 61 79 4e 61 6d 65 67
0112: 6f 70 65 6e 73 73 68 04 81 a2 63 61 6c 67 27 64
0128: 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79
fido_rx: dev=0x55e5bf09a2e0, cmd=0x10, ms=-1
rx_preamble: buf=0x7fff1b850450, len=64
0000: ef 51 03 98 90 00 01 36 00 00 00 00 00 00 00 00
0016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=1
fido_rx: buf=0x55e5bf092c10, len=1
0000: 36
cbor_parse_reply: blob[0]=0x36
fido_dev_make_cred_rx: parse_makecred_reply
fido_tx: dev=0x55e5bf09a2e0, cmd=0x11
fido_tx: buf=(nil), len=0
Enter PIN for authenticator: 
You may need to touch your authenticator (again) to authorize key generation.
fido_hid_unix_open: open /dev/hidraw2: Permission denied
fido_hid_unix_open: open /dev/hidraw3: Permission denied
fido_hid_unix_open: open /dev/hidraw4: Permission denied
fido_hid_unix_open: open /dev/hidraw5: Permission denied
fido_hid_unix_open: open /dev/hidraw6: Permission denied
fido_hid_unix_open: open /dev/hidraw7: Permission denied
fido_hid_unix_open: open /dev/hidraw8: Permission denied
fido_hid_unix_open: open /dev/hidraw0: Permission denied
run_manifest: found 1 hid device
run_manifest: found 0 nfc devices
fido_tx: dev=0x55830be7a300, cmd=0x06
fido_tx: buf=0x55830be7a300, len=8
0000: 9c 2a 39 be 1c e7 01 67
fido_rx: dev=0x55830be7a300, cmd=0x06, ms=-1
rx_preamble: buf=0x7ffedd143410, len=64
0000: ff ff ff ff 86 00 11 9c 2a 39 be 1c e7 01 67 14
0016: e8 4f 44 02 05 04 03 05 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=17
fido_rx: buf=0x55830be7a308, len=17
0000: 9c 2a 39 be 1c e7 01 67 14 e8 4f 44 02 05 04 03
0016: 05
fido_dev_get_cbor_info_tx: dev=0x55830be7a300
fido_tx: dev=0x55830be7a300, cmd=0x10
fido_tx: buf=0x7ffedd1434c7, len=1
0000: 04
fido_dev_get_cbor_info_rx: dev=0x55830be7a300, ci=0x55830be68dc0, ms=-1
fido_rx: dev=0x55830be7a300, cmd=0x10, ms=-1
rx_preamble: buf=0x7ffedd142bd0, len=64
0000: 14 e8 4f 44 90 00 cc 00 ac 01 83 66 55 32 46 5f
0016: 56 32 68 46 49 44 4f 5f 32 5f 30 6c 46 49 44 4f
0032: 5f 32 5f 31 5f 50 52 45 02 82 6b 63 72 65 64 50
0048: 72 6f 74 65 63 74 6b 68 6d 61 63 2d 73 65 63 72
rx: payload_len=204
rx: buf=0x7ffedd142bd0, len=64
0000: 14 e8 4f 44 00 65 74 03 50 2f c0 57 9f 81 13 47
0016: ea b1 16 bb 5a 8d b9 20 2a 04 a5 62 72 6b f5 62
0032: 75 70 f5 64 70 6c 61 74 f4 69 63 6c 69 65 6e 74
0048: 50 69 6e f5 75 63 72 65 64 65 6e 74 69 61 6c 4d
rx: buf=0x7ffedd142bd0, len=64
0000: 14 e8 4f 44 01 67 6d 74 50 72 65 76 69 65 77 f5
0016: 05 19 04 b0 06 82 02 01 07 08 08 18 80 09 82 63
0032: 6e 66 63 63 75 73 62 0a 82 a2 63 61 6c 67 26 64
0048: 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79 a2
rx: buf=0x7ffedd142bd0, len=64
0000: 14 e8 4f 44 02 63 61 6c 67 27 64 74 79 70 65 6a
0016: 70 75 62 6c 69 63 2d 6b 65 79 0d 04 0e 1a 00 05
0032: 04 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x7ffedd142c60, len=204
0000: 00 ac 01 83 66 55 32 46 5f 56 32 68 46 49 44 4f
0016: 5f 32 5f 30 6c 46 49 44 4f 5f 32 5f 31 5f 50 52
0032: 45 02 82 6b 63 72 65 64 50 72 6f 74 65 63 74 6b
0048: 68 6d 61 63 2d 73 65 63 72 65 74 03 50 2f c0 57
0064: 9f 81 13 47 ea b1 16 bb 5a 8d b9 20 2a 04 a5 62
0080: 72 6b f5 62 75 70 f5 64 70 6c 61 74 f4 69 63 6c
0096: 69 65 6e 74 50 69 6e f5 75 63 72 65 64 65 6e 74
0112: 69 61 6c 4d 67 6d 74 50 72 65 76 69 65 77 f5 05
0128: 19 04 b0 06 82 02 01 07 08 08 18 80 09 82 63 6e
0144: 66 63 63 75 73 62 0a 82 a2 63 61 6c 67 26 64 74
0160: 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79 a2 63
0176: 61 6c 67 27 64 74 79 70 65 6a 70 75 62 6c 69 63
0192: 2d 6b 65 79 0d 04 0e 1a 00 05 04 03
parse_reply_element: cbor type
fido_dev_open_rx: FIDO_MAXMSG=2048, maxmsgsiz=1200
fido_dev_authkey_tx: dev=0x55830be7a300
fido_tx: dev=0x55830be7a300, cmd=0x10
fido_tx: buf=0x55830be850b0, len=6
0000: 06 a2 01 02 02 02
fido_dev_authkey_rx: dev=0x55830be7a300, authkey=0x55830bde8920, ms=-1
fido_rx: dev=0x55830be7a300, cmd=0x10, ms=-1
rx_preamble: buf=0x7ffedd142c10, len=64
0000: 14 e8 4f 44 90 00 51 00 a1 01 a5 01 02 03 38 18
0016: 20 01 21 58 20 be f5 04 5c 44 fe 15 5b f4 49 a0
0032: 54 2c 34 3d 5e 9f e9 33 23 d6 8a 4c fc 7b 7d dd
0048: b3 63 09 f9 3e 22 58 20 09 75 b3 b3 be 35 5c 75
rx: payload_len=81
rx: buf=0x7ffedd142c10, len=64
0000: 14 e8 4f 44 00 5c 58 4a 3b 51 1e e6 97 9e 37 ee
0016: e4 a3 9c 2d 1b eb 78 ba cb 59 8a 37 3f 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x7ffedd142ca0, len=81
0000: 00 a1 01 a5 01 02 03 38 18 20 01 21 58 20 be f5
0016: 04 5c 44 fe 15 5b f4 49 a0 54 2c 34 3d 5e 9f e9
0032: 33 23 d6 8a 4c fc 7b 7d dd b3 63 09 f9 3e 22 58
0048: 20 09 75 b3 b3 be 35 5c 75 5c 58 4a 3b 51 1e e6
0064: 97 9e 37 ee e4 a3 9c 2d 1b eb 78 ba cb 59 8a 37
0080: 3f
fido_tx: dev=0x55830be7a300, cmd=0x10
fido_tx: buf=0x55830be79500, len=120
0000: 06 a4 01 02 02 05 03 a5 01 02 03 38 18 20 01 21
0016: 58 20 e4 22 1d 8a d1 50 e7 ba a9 50 47 e9 4f 16
0032: 7b da 58 48 30 e3 27 1e da ba 43 79 33 a4 e2 92
0048: c3 f0 22 58 20 1c 5e 1d 4c 84 82 9a 02 b6 2a de
0064: 59 85 b8 8a 3b fb 85 f6 d5 55 ec ed 02 b7 fd 7c
0080: d4 0f 55 09 2e 06 58 20 31 9b 6c 79 89 55 a1 21
0096: 91 5b 11 90 91 e6 d7 10 91 d7 6e ef 65 f8 7a b5
0112: 61 c5 9b a6 81 09 99 7e
fido_rx: dev=0x55830be7a300, cmd=0x10, ms=-1
rx_preamble: buf=0x7ffedd142c00, len=64
0000: 14 e8 4f 44 90 00 35 00 a1 02 58 30 bf 81 aa 1f
0016: b2 10 52 40 4f 49 65 39 9f 56 06 0f 03 92 ee fe
0032: 2b b5 47 ed 64 c5 c8 0f e0 c4 bd 14 1f 3f 7c ff
0048: 28 cf ca 43 e2 49 b4 9a 1b b3 8f 7b 00 00 00 00
rx: payload_len=53
fido_rx: buf=0x7ffedd142c90, len=53
0000: 00 a1 02 58 30 bf 81 aa 1f b2 10 52 40 4f 49 65
0016: 39 9f 56 06 0f 03 92 ee fe 2b b5 47 ed 64 c5 c8
0032: 0f e0 c4 bd 14 1f 3f 7c ff 28 cf ca 43 e2 49 b4
0048: 9a 1b b3 8f 7b
fido_tx: dev=0x55830be7a300, cmd=0x10
fido_tx: buf=0x55830be76e70, len=180
0000: 01 a6 01 58 20 d0 1a c6 dc 25 e8 58 f3 f0 a8 27
0016: 68 83 77 3d 6a 97 78 ff c7 4e b5 8b 64 56 ed 29
0032: 62 a4 c3 5e 42 02 a1 62 69 64 64 73 73 68 3a 03
0048: a3 62 69 64 58 20 00 00 00 00 00 00 00 00 00 00
0064: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0080: 00 00 00 00 00 00 64 6e 61 6d 65 67 6f 70 65 6e
0096: 73 73 68 6b 64 69 73 70 6c 61 79 4e 61 6d 65 67
0112: 6f 70 65 6e 73 73 68 04 81 a2 63 61 6c 67 27 64
0128: 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79 08
0144: 58 20 20 67 6f 63 02 fd de 08 ca f0 34 dd fb 2c
0160: 2e 28 89 ad 76 73 2e 84 ad d8 df b9 11 61 6f 88
0176: fe 29 09 02
fido_rx: dev=0x55830be7a300, cmd=0x10, ms=-1
rx_preamble: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 90 04 25 00 a3 01 66 70 61 63 6b 65
0016: 64 02 58 e1 e3 06 10 e8 a1 62 11 59 60 fe 1e c2
0032: 23 e6 52 9c 9f 4b 6e 80 20 0d cb 5e 5c 32 1c 8a
0048: f1 e2 b1 bf 45 00 00 00 04 2f c0 57 9f 81 13 47
rx: payload_len=1061
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 00 ea b1 16 bb 5a 8d b9 20 2a 00 80
0016: c1 b1 3d 55 1a d7 86 19 f9 24 b3 f2 d8 ab 57 ea
0032: 83 52 14 f1 48 8a f0 6d aa d8 7f 92 c1 d1 11 b0
0048: d2 d7 0e 5d e9 db c0 41 76 ca 88 39 3f 5f fa 02
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 01 08 55 58 89 13 eb be d0 b3 c2 0a
0016: fd 27 04 5e 9a 7a 31 ea f4 f0 2d 16 04 ab 5b 64
0032: 78 d3 f5 44 83 63 2e 17 19 fd 49 ec 82 6f db 04
0048: 83 cd c1 b2 92 af 6b d9 57 ce 2b b9 a2 9a de ab
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 02 5d b0 41 ab 6f 35 57 0d 2b 31 f4
0016: 2a d2 51 55 8e ea 3f 2e 95 41 a4 01 01 03 27 20
0032: 06 21 58 20 0f c6 69 d8 a1 4b 66 a8 51 ce 22 fd
0048: 4e 5d a8 d6 a0 3d 95 5a e9 70 93 e3 36 66 df 97
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 03 a2 14 85 b4 03 a3 63 61 6c 67 26
0016: 63 73 69 67 58 46 30 44 02 20 52 66 69 8c c7 4d
0032: 8b e9 63 7f fb 68 33 ef ee 8e 6e 3d 73 2f 43 0a
0048: 8e 29 44 96 a5 a8 b3 e3 da 82 02 20 38 dd 0c 42
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 04 68 86 47 8e 31 db a4 f0 09 0f 2c
0016: 9b 62 d9 0c 67 aa fe 75 d5 a7 ed 7b 20 62 f5 16
0032: b4 63 78 35 63 81 59 02 dc 30 82 02 d8 30 82 01
0048: c0 a0 03 02 01 02 02 09 00 b0 39 2a 37 5f 38 a2
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 05 eb 30 0d 06 09 2a 86 48 86 f7 0d
0016: 01 01 0b 05 00 30 2e 31 2c 30 2a 06 03 55 04 03
0032: 13 23 59 75 62 69 63 6f 20 55 32 46 20 52 6f 6f
0048: 74 20 43 41 20 53 65 72 69 61 6c 20 34 35 37 32
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 06 30 30 36 33 31 30 20 17 0d 31 34
0016: 30 38 30 31 30 30 30 30 30 30 5a 18 0f 32 30 35
0032: 30 30 39 30 34 30 30 30 30 30 30 5a 30 6e 31 0b
0048: 30 09 06 03 55 04 06 13 02 53 45 31 12 30 10 06
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 07 03 55 04 0a 0c 09 59 75 62 69 63
0016: 6f 20 41 42 31 22 30 20 06 03 55 04 0b 0c 19 41
0032: 75 74 68 65 6e 74 69 63 61 74 6f 72 20 41 74 74
0048: 65 73 74 61 74 69 6f 6e 31 27 30 25 06 03 55 04
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 08 03 0c 1e 59 75 62 69 63 6f 20 55
0016: 32 46 20 45 45 20 53 65 72 69 61 6c 20 39 32 35
0032: 35 31 34 31 36 30 30 59 30 13 06 07 2a 86 48 ce
0048: 3d 02 01 06 08 2a 86 48 ce 3d 03 01 07 03 42 00
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 09 04 c1 53 30 db c7 0e d5 c8 a3 eb
0016: 8b f3 5c 07 9a 32 fd e5 56 06 4c 24 5d f4 0d 53
0032: 58 0b 73 e9 cb 47 91 0f ef 17 15 f7 79 79 68 70
0048: e9 ab 5c 17 8c eb 99 03 98 c1 26 85 a9 6f a9 db
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 0a 86 15 8e 23 d9 c2 a3 81 81 30 7f
0016: 30 13 06 0a 2b 06 01 04 01 82 c4 0a 0d 01 04 05
0032: 04 03 05 04 03 30 22 06 09 2b 06 01 04 01 82 c4
0048: 0a 02 04 15 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 0b 34 31 34 38 32 2e 31 2e 37 30 13
0016: 06 0b 2b 06 01 04 01 82 e5 1c 02 01 01 04 04 03
0032: 02 04 30 30 21 06 0b 2b 06 01 04 01 82 e5 1c 01
0048: 01 04 04 12 04 10 2f c0 57 9f 81 13 47 ea b1 16
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 0c bb 5a 8d b9 20 2a 30 0c 06 03 55
0016: 1d 13 01 01 ff 04 02 30 00 30 0d 06 09 2a 86 48
0032: 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 01 69 31
0048: 64 e4 98 f6 88 a3 3b 49 0f ab 21 2f 58 2c 48 f8
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 0d c7 1c 89 94 9f 5f 18 ea 22 74 39
0016: 65 ce 3e 33 ed 4a 5d 0b 62 50 fa e7 0e 04 f6 3c
0032: d4 93 ba 84 94 f0 70 49 08 77 0a 10 3d 16 4e e5
0048: 90 12 72 60 43 36 e2 22 cc 9c 6a 89 07 2d ee f1
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 0e 78 27 a4 89 1f 01 1e c5 6a 45 e1
0016: 7c ed 20 7b 56 12 67 7c 25 b9 e5 bc cc 35 94 cc
0032: 31 f9 4b 83 d3 a9 75 d4 bc 64 7e 12 bf 2c de b5
0048: dd 2f 75 14 00 5c 7f f5 62 1f aa ea 99 2a 47 bb
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 0f e2 08 db a8 d6 79 81 25 b6 4d 16
0016: 7f b8 ef 3a d4 45 2a 44 4e 14 19 76 58 f7 36 0e
0032: 0d 5e 45 16 0e 29 22 4c a9 08 50 9f 60 6e 77 cd
0048: ee 3c 5c 53 d4 7e 72 4f 6f 4c 2a d8 f2 e8 32 72
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 10 cc fe 3f 51 08 e1 2e 6b b2 f4 d0
0016: ed fa d9 5b b6 f7 eb 5d ba c8 8a d5 4c 44 4e a8
0032: 45 ea ed d2 3b af 33 c3 cf 31 be ad bd 56 10 7e
0048: 23 36 21 a6 0b 28 28 67 e7 21 42 cb 0b d1 f5 76
rx: buf=0x7ffedd143500, len=64
0000: 14 e8 4f 44 11 be 00 00 00 00 00 00 00 00 00 00
0016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x55830be95200, len=1061
0000: 00 a3 01 66 70 61 63 6b 65 64 02 58 e1 e3 06 10
0016: e8 a1 62 11 59 60 fe 1e c2 23 e6 52 9c 9f 4b 6e
0032: 80 20 0d cb 5e 5c 32 1c 8a f1 e2 b1 bf 45 00 00
0048: 00 04 2f c0 57 9f 81 13 47 ea b1 16 bb 5a 8d b9
0064: 20 2a 00 80 c1 b1 3d 55 1a d7 86 19 f9 24 b3 f2
0080: d8 ab 57 ea 83 52 14 f1 48 8a f0 6d aa d8 7f 92
0096: c1 d1 11 b0 d2 d7 0e 5d e9 db c0 41 76 ca 88 39
0112: 3f 5f fa 02 08 55 58 89 13 eb be d0 b3 c2 0a fd
0128: 27 04 5e 9a 7a 31 ea f4 f0 2d 16 04 ab 5b 64 78
0144: d3 f5 44 83 63 2e 17 19 fd 49 ec 82 6f db 04 83
0160: cd c1 b2 92 af 6b d9 57 ce 2b b9 a2 9a de ab 5d
0176: b0 41 ab 6f 35 57 0d 2b 31 f4 2a d2 51 55 8e ea
0192: 3f 2e 95 41 a4 01 01 03 27 20 06 21 58 20 0f c6
0208: 69 d8 a1 4b 66 a8 51 ce 22 fd 4e 5d a8 d6 a0 3d
0224: 95 5a e9 70 93 e3 36 66 df 97 a2 14 85 b4 03 a3
0240: 63 61 6c 67 26 63 73 69 67 58 46 30 44 02 20 52
0256: 66 69 8c c7 4d 8b e9 63 7f fb 68 33 ef ee 8e 6e
0272: 3d 73 2f 43 0a 8e 29 44 96 a5 a8 b3 e3 da 82 02
0288: 20 38 dd 0c 42 68 86 47 8e 31 db a4 f0 09 0f 2c
0304: 9b 62 d9 0c 67 aa fe 75 d5 a7 ed 7b 20 62 f5 16
0320: b4 63 78 35 63 81 59 02 dc 30 82 02 d8 30 82 01
0336: c0 a0 03 02 01 02 02 09 00 b0 39 2a 37 5f 38 a2
0352: eb 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00
0368: 30 2e 31 2c 30 2a 06 03 55 04 03 13 23 59 75 62
0384: 69 63 6f 20 55 32 46 20 52 6f 6f 74 20 43 41 20
0400: 53 65 72 69 61 6c 20 34 35 37 32 30 30 36 33 31
0416: 30 20 17 0d 31 34 30 38 30 31 30 30 30 30 30 30
0432: 5a 18 0f 32 30 35 30 30 39 30 34 30 30 30 30 30
0448: 30 5a 30 6e 31 0b 30 09 06 03 55 04 06 13 02 53
0464: 45 31 12 30 10 06 03 55 04 0a 0c 09 59 75 62 69
0480: 63 6f 20 41 42 31 22 30 20 06 03 55 04 0b 0c 19
0496: 41 75 74 68 65 6e 74 69 63 61 74 6f 72 20 41 74
0512: 74 65 73 74 61 74 69 6f 6e 31 27 30 25 06 03 55
0528: 04 03 0c 1e 59 75 62 69 63 6f 20 55 32 46 20 45
0544: 45 20 53 65 72 69 61 6c 20 39 32 35 35 31 34 31
0560: 36 30 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06
0576: 08 2a 86 48 ce 3d 03 01 07 03 42 00 04 c1 53 30
0592: db c7 0e d5 c8 a3 eb 8b f3 5c 07 9a 32 fd e5 56
0608: 06 4c 24 5d f4 0d 53 58 0b 73 e9 cb 47 91 0f ef
0624: 17 15 f7 79 79 68 70 e9 ab 5c 17 8c eb 99 03 98
0640: c1 26 85 a9 6f a9 db 86 15 8e 23 d9 c2 a3 81 81
0656: 30 7f 30 13 06 0a 2b 06 01 04 01 82 c4 0a 0d 01
0672: 04 05 04 03 05 04 03 30 22 06 09 2b 06 01 04 01
0688: 82 c4 0a 02 04 15 31 2e 33 2e 36 2e 31 2e 34 2e
0704: 31 2e 34 31 34 38 32 2e 31 2e 37 30 13 06 0b 2b
0720: 06 01 04 01 82 e5 1c 02 01 01 04 04 03 02 04 30
0736: 30 21 06 0b 2b 06 01 04 01 82 e5 1c 01 01 04 04
0752: 12 04 10 2f c0 57 9f 81 13 47 ea b1 16 bb 5a 8d
0768: b9 20 2a 30 0c 06 03 55 1d 13 01 01 ff 04 02 30
0784: 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00
0800: 03 82 01 01 00 01 69 31 64 e4 98 f6 88 a3 3b 49
0816: 0f ab 21 2f 58 2c 48 f8 c7 1c 89 94 9f 5f 18 ea
0832: 22 74 39 65 ce 3e 33 ed 4a 5d 0b 62 50 fa e7 0e
0848: 04 f6 3c d4 93 ba 84 94 f0 70 49 08 77 0a 10 3d
0864: 16 4e e5 90 12 72 60 43 36 e2 22 cc 9c 6a 89 07
0880: 2d ee f1 78 27 a4 89 1f 01 1e c5 6a 45 e1 7c ed
0896: 20 7b 56 12 67 7c 25 b9 e5 bc cc 35 94 cc 31 f9
0912: 4b 83 d3 a9 75 d4 bc 64 7e 12 bf 2c de b5 dd 2f
0928: 75 14 00 5c 7f f5 62 1f aa ea 99 2a 47 bb e2 08
0944: db a8 d6 79 81 25 b6 4d 16 7f b8 ef 3a d4 45 2a
0960: 44 4e 14 19 76 58 f7 36 0e 0d 5e 45 16 0e 29 22
0976: 4c a9 08 50 9f 60 6e 77 cd ee 3c 5c 53 d4 7e 72
0992: 4f 6f 4c 2a d8 f2 e8 32 72 cc fe 3f 51 08 e1 2e
1008: 6b b2 f4 d0 ed fa d9 5b b6 f7 eb 5d ba c8 8a d5
1024: 4c 44 4e a8 45 ea ed d2 3b af 33 c3 cf 31 be ad
1040: bd 56 10 7e 23 36 21 a6 0b 28 28 67 e7 21 42 cb
1056: 0b d1 f5 76 be
cbor_decode_cred_authdata: buf=0x55830be77300, len=225
0000: e3 06 10 e8 a1 62 11 59 60 fe 1e c2 23 e6 52 9c
0016: 9f 4b 6e 80 20 0d cb 5e 5c 32 1c 8a f1 e2 b1 bf
0032: 45 00 00 00 04 2f c0 57 9f 81 13 47 ea b1 16 bb
0048: 5a 8d b9 20 2a 00 80 c1 b1 3d 55 1a d7 86 19 f9
0064: 24 b3 f2 d8 ab 57 ea 83 52 14 f1 48 8a f0 6d aa
0080: d8 7f 92 c1 d1 11 b0 d2 d7 0e 5d e9 db c0 41 76
0096: ca 88 39 3f 5f fa 02 08 55 58 89 13 eb be d0 b3
0112: c2 0a fd 27 04 5e 9a 7a 31 ea f4 f0 2d 16 04 ab
0128: 5b 64 78 d3 f5 44 83 63 2e 17 19 fd 49 ec 82 6f
0144: db 04 83 cd c1 b2 92 af 6b d9 57 ce 2b b9 a2 9a
0160: de ab 5d b0 41 ab 6f 35 57 0d 2b 31 f4 2a d2 51
0176: 55 8e ea 3f 2e 95 41 a4 01 01 03 27 20 06 21 58
0192: 20 0f c6 69 d8 a1 4b 66 a8 51 ce 22 fd 4e 5d a8
0208: d6 a0 3d 95 5a e9 70 93 e3 36 66 df 97 a2 14 85
0224: b4
decode_attcred: buf=0x55830be77325, len=188
0000: 2f c0 57 9f 81 13 47 ea b1 16 bb 5a 8d b9 20 2a
0016: 00 80 c1 b1 3d 55 1a d7 86 19 f9 24 b3 f2 d8 ab
0032: 57 ea 83 52 14 f1 48 8a f0 6d aa d8 7f 92 c1 d1
0048: 11 b0 d2 d7 0e 5d e9 db c0 41 76 ca 88 39 3f 5f
0064: fa 02 08 55 58 89 13 eb be d0 b3 c2 0a fd 27 04
0080: 5e 9a 7a 31 ea f4 f0 2d 16 04 ab 5b 64 78 d3 f5
0096: 44 83 63 2e 17 19 fd 49 ec 82 6f db 04 83 cd c1
0112: b2 92 af 6b d9 57 ce 2b b9 a2 9a de ab 5d b0 41
0128: ab 6f 35 57 0d 2b 31 f4 2a d2 51 55 8e ea 3f 2e
0144: 95 41 a4 01 01 03 27 20 06 21 58 20 0f c6 69 d8
0160: a1 4b 66 a8 51 ce 22 fd 4e 5d a8 d6 a0 3d 95 5a
0176: e9 70 93 e3 36 66 df 97 a2 14 85 b4
decode_attcred: attcred->id.len=128
fido_check_flags: flags=45
fido_check_flags: up=2, uv=0
fido_tx: dev=0x55830be7a300, cmd=0x11
fido_tx: buf=(nil), len=0
Enter file in which to save the key (/home/test/.ssh/id_ed25519_sk): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/test/.ssh/id_ed25519_sk
Your public key has been saved in /home/test/.ssh/id_ed25519_sk.pub
The key fingerprint is:
SHA256:yJzxpUVKMnlXlMEa3hs50W7/dhwQhBwe3E9Ewa2qtpA test
The key's randomart image is:
+[ED25519-SK 256]-+
|      o.. +*O=++o|
|      .+.o++=o.o.|
|      ...oo= ++. |
|     o = +o =.+. |
|      = S    *.. |
|         .  o  ..|
|        E  .   .o|
|         .o     =|
|         ...   ..|
+----[SHA256]-----+

Add the generated SSH key to a ssh-agent

$ ls ~/.ssh
id_ed25519_sk  id_ed25519_sk.pub
$ ssh-add ~/.ssh/id_ed25519_sk
Enter passphrase for /home/test/.ssh/id_ed25519_sk: 
Identity added: /home/test/.ssh/id_ed25519_sk (test)

Add the generated pub key to a GH account
Try to authorize with the key

FIDO_DEBUG=1 ssh -vT git@github.com

FIDO_DEBUG=1 ssh -vT git@github.com
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to github.com [140.82.121.4] port 22.
debug1: Connection established.
debug1: identity file /home/test/.ssh/id_rsa type -1
debug1: identity file /home/test/.ssh/id_rsa-cert type -1
debug1: identity file /home/test/.ssh/id_ecdsa type -1
debug1: identity file /home/test/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/test/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/test/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/test/.ssh/id_ed25519 type -1
debug1: identity file /home/test/.ssh/id_ed25519-cert type -1
debug1: identity file /home/test/.ssh/id_ed25519_sk type 12
debug1: identity file /home/test/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/test/.ssh/id_xmss type -1
debug1: identity file /home/test/.ssh/id_xmss-cert type -1
debug1: identity file /home/test/.ssh/id_dsa type -1
debug1: identity file /home/test/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
debug1: Remote protocol version 2.0, remote software version babeld-b708a481
debug1: compat_banner: no match: babeld-b708a481
debug1: Authenticating to github.com:22 as 'git'
debug1: load_hostkeys: fopen /home/test/.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /home/test/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC:  compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC:  compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU
debug1: load_hostkeys: fopen /home/test/.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /home/test/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: hostkeys_find_by_key_hostfile: hostkeys file /home/test/.ssh/known_hosts does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /home/test/.ssh/known_hosts2 does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts2 does not exist
The authenticity of host 'github.com (140.82.121.4)' can't be established.
ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'github.com' (ED25519) to the list of known hosts.
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/test/.ssh/id_ed25519_sk ED25519-SK SHA256:yJzxpUVKMnlXlMEa3hs50W7/dhwQhBwe3E9Ewa2qtpA authenticator agent
debug1: Will attempt key: /home/test/.ssh/id_rsa 
debug1: Will attempt key: /home/test/.ssh/id_ecdsa 
debug1: Will attempt key: /home/test/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/test/.ssh/id_ed25519 
debug1: Will attempt key: /home/test/.ssh/id_xmss 
debug1: Will attempt key: /home/test/.ssh/id_dsa 
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/test/.ssh/id_ed25519_sk ED25519-SK SHA256:yJzxpUVKMnlXlMEa3hs50W7/dhwQhBwe3E9Ewa2qtpA authenticator agent
debug1: Server accepts key: /home/test/.ssh/id_ed25519_sk ED25519-SK SHA256:yJzxpUVKMnlXlMEa3hs50W7/dhwQhBwe3E9Ewa2qtpA authenticator agent
Authenticated to github.com ([140.82.121.4]:22) using "publickey".
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: client_input_hostkeys: searching /home/test/.ssh/known_hosts for github.com / (none)
debug1: client_input_hostkeys: searching /home/test/.ssh/known_hosts2 for github.com / (none)
debug1: client_input_hostkeys: hostkeys file /home/test/.ssh/known_hosts2 does not exist
debug1: Sending environment.
debug1: channel 0: setting env LC_ADDRESS = "uk_UA.UTF-8"
debug1: channel 0: setting env LC_NAME = "uk_UA.UTF-8"
debug1: channel 0: setting env LC_MONETARY = "uk_UA.UTF-8"
debug1: channel 0: setting env LC_PAPER = "uk_UA.UTF-8"
debug1: channel 0: setting env LANG = "en_US.UTF-8"
debug1: channel 0: setting env LC_IDENTIFICATION = "uk_UA.UTF-8"
debug1: channel 0: setting env LC_TELEPHONE = "uk_UA.UTF-8"
debug1: channel 0: setting env LC_MEASUREMENT = "uk_UA.UTF-8"
debug1: channel 0: setting env LC_TIME = "uk_UA.UTF-8"
debug1: channel 0: setting env LC_NUMERIC = "uk_UA.UTF-8"
Learned new hostkey: RSA SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
Learned new hostkey: ECDSA SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM
Adding new key for github.com to /home/test/.ssh/known_hosts: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
Adding new key for github.com to /home/test/.ssh/known_hosts: ecdsa-sha2-nistp256 SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM
debug1: update_known_hosts: known hosts file /home/test/.ssh/known_hosts2 does not exist
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi testtesttesttest! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3180, received 2800 bytes, in 0.3 seconds
Bytes per second: sent 12138.7, received 10688.1
debug1: Exit status 1

Result

Hi testtesttesttest! You've successfully authenticated, but GitHub does not provide shell access.

Does the problem happen with different authenticators?
No

Please include the output of fido2-token -L.

fido2-token -L

$ fido2-token -L
/dev/hidraw9: vendor=0x1050, product=0x0407 (Yubico YubiKey OTP+FIDO+CCID)

Please include the output of fido2-token -I.

fido2-token -I

$ fido2-token -I /dev/hidraw9
proto: 0x02
major: 0x05
minor: 0x04
build: 0x03
caps: 0x05 (wink, cbor, msg)
version strings: U2F_V2, FIDO_2_0, FIDO_2_1_PRE
extension strings: credProtect, hmac-secret
transport strings: nfc, usb
algorithms: es256 (public-key), eddsa (public-key)
aaguid: 2fc0579f811347eab116bb5a8db9202a
options: rk, up, noplat, clientPin, credentialMgmtPreview
maxmsgsiz: 1200
maxcredcntlst: 8
maxcredlen: 128
maxlargeblob: 0
fwversion: 0x50403
pin protocols: 2, 1
pin retries: 8
uv retries: undefined

Answer 1 · 2022-08-31T11:28:41.000Z

I also had tried verify-required option with -O resident but it has had unstable behavior: sometimes it had worked (verify-required functionality had worked as expected) until the first reboot (ssh-add -K or ssh-keygen -K haven't helped), sometimes it had not worked even from the beginning.

Answer 2 · 2022-08-31T12:23:36.000Z

Hi,

I believe ssh-agent will require ssh-askpass for credentials with verify-required. Do you have such a program installed on your system (e.g. ssh-askpass, ssh-askpass-gnome, or similar)?

Ludvig.

Answer 3 · 2022-08-31T17:14:44.000Z

Hi, @LDVG

I had installed both ssh-askpass and ssh-askpass-gnome it hasn't helped.
Are they require some additional configuration?

Answer 4 · 2022-09-01T07:33:11.000Z

Are they require some additional configuration?

Not to my knowledge. Would you mind providing the output of ssh-agent in debug mode (with FIDO_DEBUG=1)?

For example,

$ FIDO_DEBUG=1 ssh-agent -d -a /tmp/ssh.sock

then in another console

$ SSH_AUTH_SOCK=/tmp/ssh.sock ssh-add ~/.ssh/id_ed25519_sk
$ SSH_AUTH_SOCK=/tmp/ssh.sock FIDO_DEBUG=1 ssh -vvvT git@github.com

Answer 5 · 2022-09-01T16:01:03.000Z

It works as expected with your commands.
Also looks like a form that asked me to enter a PIN is ssh-askpass-gnome form.

But what can be the reason that it doesn't work with a binding to a default socket?

Answer 6 · 2022-09-02T06:19:05.000Z

I am an idiot! I've forgotten to start ssh-agent in the beginning.
With ssh-agent running everything works as expected.
Sorry for taking your time. Thank you!

Problem solved.

Answer 7 · 2022-09-02T06:27:58.000Z

Happy to hear that it's working!

Steps with -O verify-required (fails)

Same stepts without -O verify-required (works):

Steps with `-O verify-required` (fails)

Same stepts without `-O verify-required` (works):