| Age | Commit message (Collapse) | Author |
|---|
|
at present, so don't say otherwise in SYNOPSIS; spotted jmc@
|
|
principals names against an allowed signers file.
Requested by and mostly written by Fabian Stelzer, towards a TOFU
model for SSH signatures in git. Some tweaks by me.
"doesn't bother me" deraadt@
|
|
to dump the full public key to stdout; based on patch from Fabian
Stelzer; ok markus@
|
|
|
|
lifetimes, and allow the verification mode to specify a signature time
to check at. This is intended for use by git to support signing
objects using ssh keys. ok dtucker@
|
|
to use the same parameters (ie groups), the DH-GEX protocol takes care
of that and both ends do not need the same contents in the moduli file,
which is what the previous text suggested. ok djm@ jmc@
|
|
a better error message if it's not correct. Prompted by bz#2879,
ok djm@ jmc@
|
|
from rafork, ok markus@, mdoc correction jmc@
|
|
manpage-l10n project via bz#3223. feedback deraadt@, ok jmc@
|
|
needed to verify the attestation. Previously we were missing the
"authenticator data" that is included in the signature.
spotted by Ian Haken
feedback Pedro Martelletto and Ian Haken; ok markus@
|
|
|
|
When we know that a particular action will require a PIN, such as
downloading resident keys or generating a verify-required key, request
the PIN before attempting it.
joint work with Pedro Martelletto; ok markus@
|
|
FIDO2 supports a notion of "user verification" where the user is
required to demonstrate their identity to the token before particular
operations (e.g. signing). Typically this is done by authenticating
themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where
the verification happens via PIN (other options might be added in the
future, but none are in common use now). Practically, this adds
another key generation option "verify-required" that yields a key that
requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
|
|
- Reorder parameters list in the first usage() case
- Sentence rewording
ok dtucker@
jmc@ noticed usage() missed -a flag too
|
|
|
|
revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker
|
|
|
|
that of the SecurityKeyProvider ssh/sshd_config(5) directive, as the
latter was more descriptive.
|
|
|
|
and rejig the challenge text a little;
ok djm
|
|
|
|
Allow writing to disk the attestation certificate that is generated by
the FIDO token at key enrollment time. These certificates may be used
by an out-of-band workflow to prove that a particular key is held in
trustworthy hardware.
Allow passing in a challenge that will be sent to the card during
key enrollment. These are needed to build an attestation workflow
that resists replay attacks.
ok markus@
|
|
use "principals" instead of principal, as allowed_signers lines may list
multiple.
When the signing key is a certificate, emit only principals that match
the certificate principal list.
NB. the command -Y name changes: "find-principal" => "find-principals"
ok markus@
|
|
|
|
principal associated with a signature from an allowed-signers
file. Work by Sebastian Kinne; ok dtucker@
|
|
|
|
|
|
ok markus@
|
|
ok djm
|
|
operations. These are intended to future-proof the API a little by
making it easier to specify additional fields for without having to
change the API version for each.
At present, only two options are defined: one to explicitly specify
the device for an operation (rather than accepting the middleware's
autoselection) and another to specify the FIDO2 username that may
be used when generating a resident key. These new options may be
invoked at key generation time via ssh-keygen -O
This also implements a suggestion from Markus to avoid "int" in favour
of uint32_t for the algorithm argument in the API, to make implementation
of ssh-sk-client/helper a little easier.
feedback, fixes and ok markus@
|
|
ok djm
|
|
"ssh-keygen -K". This will save public/private keys into the
current directory.
This is handy if you move a token between hosts.
feedback & ok markus@
|
|
|
|
Instead these flags may be specified via -O.
ok markus@
|
|
Move all moduli generation options to live under the -O flag.
Frees up seven single-letter flags.
NB. this change break existing ssh-keygen commandline syntax for moduli-
related operations. Very few people use these fortunately.
feedback and ok markus@
|
|
Move list of available certificate options in ssh-keygen.1 to the
CERTIFICATES section.
Collect options specified by -O but delay parsing/validation of
certificate options until we're sure that we're acting as a CA.
ok markus@
|
|
|
|
|
|
The polysemous use of "key" was too confusing. Input from markus@.
ok jmc@
|
|
ok markus
|
|
keypair to request one that does not require a touch for each
authentication attempt. The default remains to require touch.
feedback deraadt; ok markus@
|
|
extension for certificates. This option disables the default
requirement that security key signatures attest that the user touched
their key to authorize them.
feedback deraadt, ok markus
|
|
|
|
|
|
against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for
Bluetooth, NFC and test/debugging.
|
|
Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's
SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable,
and ssh-keygen's new -w and -x options.
Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal
substitutions.
ok djm@
|
|
|
|
while here, no need for Bk/Ek;
ok dtucker
|
|
|
|
because this required a comma, i added a comma to the first part, for balance...
|
