Ed25519 Support
joshyrobot opened this issue · 5 comments
I saw that Ed25519 isn't supported because Microsoft doesn't expose it, but I found what appears to be a very similar project that supports it: https://github.com/tavrez/openssh-sk-winhello. I'm not familiar with Windows Hello or FIDO2 really, but could this project perhaps do a similar thing? Or does it actually accomplish a different goal than that project?
I've never used it, but it's interesting that Ed25519 works with that other project. Some light digging shows it passes an undocumented value to Microsoft's API which matches a value in the list of COSE algorithms (specifically -8 for EdDSA with the Ed25519 curve). It looks like Microsoft's algorithm definitions literally correspond to those COSE values since WEBAUTHN_COSE_ALGORITHM_ECDSA_P256_WITH_SHA256 maps to -7, which is the value listed on the previously linked page for ECDSA with SHA256.
I'll see if I can try passing -8 to Microsoft's API, and if it does, I'm happy to add support for it.
Can you try building from master and see if it works for you? I was able to test it successfully with a YubiKey 5 Nano with recent firmware.
Works perfectly on a brand new YubiKey 5C! Also compiled without a hitch on Alpine WSL, so that was nice :)
Glad to hear! I'll go ahead and close this; feel free to reach out again if you have any other issues.
Were you planning on updating the .deb hosted on your apt repo or should we just be building from source? The apt repo appears to still be 1.1.0 without support for ed25519-sk.