[ssh_x509] new development branch to test experimental security keys support

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sat Mar 21 12:43:12 EET 2020


ssh_x509 at roumenpetrov.info wrote:
> On Tue, 18 Feb 2020 09:49:54 +0200
> ssh_x509 at roumenpetrov.info wrote:
>
>> Hello,
>>
>> Adaptation of "security keys" is published in separate branch:
>> https://gitlab.com/secsh/pkixssh/-/tree/security_keys .
>>
>> It could be activated at configure time --enable-security-key .
>>
>> Direct support requires additional libraries - fido2 and dependent cbor.
>> It could be disabled with --without-security-key-builtin . Note that
>> fido2 detection uses pkg-config - inherited limitation.
> Thank you for publishing this. Would it be possible to also publish a
> patch for this?
No plan to include in source "tarbal" yet.
It will be updated on non-regular basis. Last was 3 days ago.

This functionality looks experimental and there is indication that will be changed. At least communication with device.
Also code (written in 2019!) uses outdated crypto interface (API) for signature operations.

Another point is lack of use of attestation certificate - so there is now way servers to forbid some devices :(.


Regards,
Roumen




More information about the ssh_x509 mailing list