ecdsa-sk and ed25519-sk support

Question

ecdsa-sk and ed25519-sk support

git-tec opened this issue a year ago · 10 comments

First of all great work you did here.

Is there any way to support you so that support for ecdsa-sk, ed25519-sk will be integrated in the future?

Answer 1 · 2023-07-21T04:58:35.000Z

It seems that the SSH package in Golang may support SK keys. I would like to test if it's possible when I have some time.
https://github.com/search?q=repo%3Agolang%2Fcrypto%20SKED25519&type=code

Answer 2 · 2023-08-04T15:02:24.000Z

Is there any news on this topic yet?

Answer 3 · 2023-08-05T05:35:13.000Z

I am currently investigating how to use the SK key. The following is the progress of the check and TODO.

The golang crypto/ssh library defines the structure for the SK key, but it doesn't seem to have an interface ready to use the SK key.
OpenSSH uses the libfido2 library. How to use it from go?
FIDO authenticator has several options.

TODO:

Investigate how to use libfido2
Investigate which FIDO authenticator options are necessary

Answer 4 · 2023-08-13T07:02:21.000Z

You might be able to use ssh-sk-helper to your advantage.

https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html

Using FIDO2 Keys with Windows Subsystem for Linux (WSL) on Windows

In addition to a native SSH client, the Windows OpenSSH beta release also contains an SSH_SK_HELPER that can be used to bridge the host’s FIDO2 support to WSL. All of this configuration must be done from inside the WSL environment, and relies on the Windows environment to be working correctly.

Answer 5 · 2023-08-19T05:27:06.000Z

https://www.reddit.com/r/yubikey/comments/11bot5f/minimum_requirements_for_notouchrequired_ssh/

It seems there are various challenges in using the no-touch-required option to enable key usage without touching. The YubiKey5 I have on hand doesn't work well with Openssh v9.2.2.0p1-Beta.

Answer 6 · 2023-08-21T08:09:41.000Z

Basically I think the no-touch feature makes little sense with Yubikeys, then I can create a key and put it on an encrypted drive and only mount it when needed. The "more" security is then simply moot.

Answer 7 · 2024-03-27T14:12:37.000Z

Hello, I got the ed25519-sk to work without changing the SSH library. You might find some ideas in go-ssh-sk-example.

Answer 8 · 2024-03-29T05:19:32.000Z

@ztmzzz
Thanks for the ed25519-sk tip and the go-ssh-sk-example! Really appreciate it. 👍

Answer 9 · 2024-11-15T14:40:49.000Z

some news?

Answer 10 · 2024-11-20T14:28:39.000Z

@git-tec
I apologize for the delay in addressing this issue. I am planning to allocate time to work on it and kindly ask for your patience a little longer.

Best regards,