Open pinkavaj opened 1 year ago
@pinkavaj We have received reports of issues with backup and restore of FIDO2 resident keys. We are looking to address this in the next firmware release.
I've faced same issue with 2 onlykeys and WebAuthn as second factor, same scenario backup 1st and restore to 2ns one. On some sites both onlykeys works fine (https://privateemail.com/), on other (https://github.com/ and aws sso) only one could be used.
@niko-lay This sounds like a different issue. With OnlyKey security keys you can have a primary and a backup key. Both keys are not meant to be used at the same time because one key will inevitably be out of sync, or the counter of that key will be lower than the expected counter for the next authentication. In order to correct the counter of the backup key to make primary it needs to connect to the OnlyKey App.
I have 2 OnlyKey tokens, both share the same key for backup/restore. I have tried to transfer the FIDO2 credentials using backup/restore, but the ssh-key stored in the credentials is in non-usable state after the restore.
Steps to reproduce:
onlykey-cli set-pin
ssh-keygen -b 521 -t ecdsa-sk -O resident -f ~/.ssh/id_ecdsa_resident
(press 1 to allow upload)onlykey-cli credential ls
shows 1 item,ssh-add -K
works as expected#1
button and store to file backup.txtbackup.txt