Resident Keys Support?

[rjocoleman]

Thanks for project, it's very helpful!

Do you have any advice on if it's possible somehow to copy resident keys?

e.g.

$ ssh-add -K -v -S /usr/lib/libwindowsfidobridge.so
Enter PIN for authenticator:
debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
debug1: sshsk_load_resident: provider "/usr/lib/libwindowsfidobridge.so", have-pin
debug1: sshsk_open: provider /usr/lib/libwindowsfidobridge.so implements version 0x00070000
Provider "/usr/lib/libwindowsfidobridge.so" returned failure -2
debug1: ssh-sk-helper:  sshsk_load_resident failed: requested feature not supported
debug1: ssh-sk-helper: reply len 8
debug1: client_converse: helper returned error -59
Unable to load resident keys: requested feature not supported

[mgbowen]

Thank you for the kind words!

windows-fido-bridge doesn't support resident keys right now; I haven't looked at adding support, but as far as I know, Windows' WebAuthn API should support it, so there shouldn't be anything preventing it from being implemented in windows-fido-bridge. Unfortunately, I've become quite busy over the past few months, so I likely won't have time to look into it in the near future. I'll keep this open though to gauge interest and to remind myself when I have a free weekend :)

[tuxity]

I have the same error when trying to import my resident key from my Yubikey. +1 on this feature

[yamen]

+1 on this

[yourfate]

Also, when I try to load a key handle for the resident keys with ssh-keygen -K I get:

❯ ssh-keygen -K
Enter PIN for authenticator:
You may need to touch your authenticator to authorize key download.
Provider "/usr/lib/libwindowsfidobridge.so" returned failure -2
Unable to load resident keys: requested feature not supported

I had the SSH_SK_PROVIDER variable set.

[yourfate]

+1. I had to create the key stub file for my resident key on a linux machine before I could use this lib.

[michalburger1]

+1 on resident key support

[eliottness]

+1 on this