Resident Keys Support?
rjocoleman opened this issue · 7 comments
Thanks for project, it's very helpful!
Do you have any advice on if it's possible somehow to copy resident keys?
e.g.
$ ssh-add -K -v -S /usr/lib/libwindowsfidobridge.so
Enter PIN for authenticator:
debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
debug1: sshsk_load_resident: provider "/usr/lib/libwindowsfidobridge.so", have-pin
debug1: sshsk_open: provider /usr/lib/libwindowsfidobridge.so implements version 0x00070000
Provider "/usr/lib/libwindowsfidobridge.so" returned failure -2
debug1: ssh-sk-helper: sshsk_load_resident failed: requested feature not supported
debug1: ssh-sk-helper: reply len 8
debug1: client_converse: helper returned error -59
Unable to load resident keys: requested feature not supportedThank you for the kind words!
windows-fido-bridge doesn't support resident keys right now; I haven't looked at adding support, but as far as I know, Windows' WebAuthn API should support it, so there shouldn't be anything preventing it from being implemented in windows-fido-bridge. Unfortunately, I've become quite busy over the past few months, so I likely won't have time to look into it in the near future. I'll keep this open though to gauge interest and to remind myself when I have a free weekend :)
I have the same error when trying to import my resident key from my Yubikey. +1 on this feature
+1 on this
Also, when I try to load a key handle for the resident keys with ssh-keygen -K I get:
❯ ssh-keygen -K
Enter PIN for authenticator:
You may need to touch your authenticator to authorize key download.
Provider "/usr/lib/libwindowsfidobridge.so" returned failure -2
Unable to load resident keys: requested feature not supported
I had the SSH_SK_PROVIDER variable set.
+1. I had to create the key stub file for my resident key on a linux machine before I could use this lib.
+1 on resident key support
+1 on this