search

ojarva / python-sshpubkeys

OpenSSH public key parser for Python
BSD 3-Clause "New" or "Revised" License
101 stars 42 forks source link

openssh security key public key formats #70

Closed michaelforney closed 3 years ago

michaelforney commented 4 years ago

openssh 8.2 introduced two new key formats for use with U2F/FIDO2 security keys. It would be quite nice to have support for these key types in sshpubkeys.

Their formats are described in PROTOCOL.u2f:

The format of a sk-ecdsa-sha2-nistp256@openssh.com public key is:

    string      "sk-ecdsa-sha2-nistp256@openssh.com"
    string      curve name
    ec_point    Q
    string      application (user-specified, but typically "ssh:")

The format of a sk-ssh-ed25519@openssh.com public key is:

    string      "sk-ssh-ed25519@openssh.com"
    string      public key
    string      application (user-specified, but typically "ssh:")

I believe that these key formats are the same as the non sk- prefixed versions, except with the addition of an "application" string, so they should be fairly easy to support.

ojarva commented 3 years ago

These have been merged. I'll wait a bit if other open PRs will proceed and release a new version.