When using a PIV certificate (RSA2048) stored in a YubiKey for SSH authentication, Secretive derives a different SSH key than other SSH agents like WinCrypt SSH Agent on Windows and TermBot on Android. Both of these agents gives the same SSH key starts with ssh-rsa, whereas Secretive derives a different key that begins with rsa-sha2-512.
Steps to Reproduce
Configure a certificate on YubiKey 9a slot
Install cert on Windows Certificate Store and use WinCrypt SSH Agent to check the public key
Plug YubiKey into Mac and open Secretive and check the public key and fingerprint
Proposed Solution
Provide a compatibility mode in Secretive that will derive the same SSH Key as other agents
Description
When using a PIV certificate (RSA2048) stored in a YubiKey for SSH authentication, Secretive derives a different SSH key than other SSH agents like WinCrypt SSH Agent on Windows and TermBot on Android. Both of these agents gives the same SSH key starts with
ssh-rsa
, whereas Secretive derives a different key that begins withrsa-sha2-512
.Steps to Reproduce
9a
slotProposed Solution
Provide a compatibility mode in Secretive that will derive the same SSH Key as other agents