Support for ed25519-sk

[dr-br]

I would like to use ed25519-sk with my FIDO2 stick. Currently the situation is as follows:

ssh-keygen -t ed25519-sk -f ~/.ssh/id_ed25519_sk
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Key enrollment failed: requested feature not supported

ssh -V
OpenSSH_8.2p1 Ubuntu-4, OpenSSL 1.1.1f  31 Mar 2020

Thanks!

[dr-br]

Any updates? Yubikey supports ed25519.

[szszszsz]

Hi @dr-br ! We do not have plans for it at the moment, however I believe we would like to have it supported in the future.

[dr-br]

Thanks for the update.

[geor-g]

Any update on this?

[szszszsz]

Hi @ge-fa ! Sorry for the delay.

Hopefully this should be added in the coming firmware, scheduled for the release in the next 1-2 weeks.

[thkoch2001]

Sorry to stress you. But could you please update the estimate? My Nitrokey is laying around unused since April because I thought I could directly start using it with my preferred algorithm.

Thnk you!

[szszszsz]

Hi @thkoch2001 !

Sorry for the delay. Quick follow up, initial solution is under tests in https://github.com/Nitrokey/nitrokey-fido2-firmware/tree/39-support-ed25519 branch. So far looks good.

Log

``` sz@stumpy ~/w/n/t/stm32l432 (39-support-ed25519) [SIGINT]> ssh-keygen -t ed25519-sk -f ~/.ssh/id_ed25519_sk-test Generating public/private ed25519-sk key pair. You may need to touch your authenticator to authorize key generation. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sz/.ssh/id_ed25519_sk-test Your public key has been saved in /home/sz/.ssh/id_ed25519_sk-test.pub The key fingerprint is: SHA256:+BApab7L4r2UabfwxFNa9cWe1K4RUqWHkpVO0GEAuRg sz@stumpy The key's randomart image is: +[ED25519-SK 256]-+ | .oo+=+.| | . .E . *++ | | + o o..+oB o| | o . o.... *.= | | . o S . + .| | = * o | | B * . . | | .= * o | | ...=.o | +----[SHA256]-----+ sz@stumpy ~/w/n/t/stm32l432 (39-support-ed25519)> ssh -V OpenSSH_8.4p1, OpenSSL 1.1.1k FIPS 25 Mar 2021 ```

[dr-br]

Will this be merged into master? How to flash the resulting nitrokey-fido2-firmware/builds/debug-256/nitrokey-fido2-firmware-256kB-dev-2.4.1.nitrokey-30-g1346baa-all-to_flash.hex onto the device? Or how do I tell nitropy to use this file? Thank you.

[szszszsz]

Hi @dr-br !

1. That's the plan, but first we need to run the internal tests. After that it should be released.
2. The development firmware cannot be updated over a production one on the sold devices by design (only signed firmwares are accepted). You can only connect a debug adapter to it and directly flash any firmware in this way, but with Nitrokey's certificates and keys removed. Further updates can be done through nitropy. This way as a user you can be sure that if the device authenticates with our keys, the firmware should not be altered.

[colttt]

after nearly a year, any updates? it still doesn't work

[matthewjharmon]

Today, it works. Thanks for the firmware update.

[colttt]

Today, it works. Thanks for the firmware update.

? there was no update since May 2021

[szszszsz]

I am sorry, but work on this ticket is not planned as of now due to lack of time. While this feature was implemented and tested on the development hardware while flashed freshly, after a firmware update the devices were not booting at all. It still needs a couple of days to determine the cause and find a solution.

[ailox]

What merge request is associated with the ed25519-sk keys? I was not able to find one, but maybe it can be linked here

And how long is a couple of days? Because if there are no resources available for this ticket, I understand we cannot expect progress as well?

[szszszsz]

Hey @ailox , I've made a draft PR with the branch containing the mentioned unfinished code. My last work estimation for this issue was a couple of days/a week (with potential extension further, since the cause of the problem is unknown), but we do not have that in the time budget right now. Currently project is treated as mature, with new releases containing bugfixes only and no new features. In case some volunteers would like to push this work further with good results, I could ask in the team about deciding to release that officially.

[LinuxDragon57]

I hate to sound like a broken record, but I too would like to know if there are any updates regarding this issue.

[jans23]

The way forward is to use Nitrokey 3 which supports ed25519.

[colttt]

@jans23 that's true, but why I should buy and support them if the support is so bad? They have supported the Fido2 Stick for less than 2years.. why should this not repeat itself? that makes little courage to buy new when these are supported just as short... that reminds me of Android phones and their update strategy

[jans23]

Essentially the business model of selling hardware is the challenge here. How much did you donate to us for firmware development after buying the Nitrokey FIDO2 for € 29? I assume zero. So your expectation to implement new features after purchasing the product conflicts with our economical resources. This is why from many other vendors you receive no or little firmware updates. BTW, we did support many of our Nitrokeys for many years, far more than two years and we do want to keep doing so.

In order to be able to provide longer software support we came up with two solutions:

• Users can donate for firmware updates. (Did you?)
• We consolidate several of our Nitrokey models to a single platform which is Nitrokey 3. This way we can focus our development efforts and provide continuous firmware support for several Nitrokey 3 models.

[LinuxDragon57]

Woah now, I did not realize there was an expectation of paying for security updates. If you guys need more money, then charge more for the security keys. It's not economically sound to expect users to pay for firmware updates. I think I will just buy a product from yubico instead. Sure the firmware is closed source, but so is my computer's firmware. And by the way, Lenovo, MSI, or even System76 do not charge for firmware update support.

[jans23]

This is not a security update but a feature request to support another cipher. If you want ed25519 support, please buy Nitrokey 3.

[ChristianTacke]

I actually bought a fido2 and a nitrokey3, and donated for firmware updates for the fido2.