CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2020/01/28 01:01:34
Modified files:
usr.bin/ssh : PROTOCOL.u2f sk-usbhid.c ssh-keygen.1
ssh-keygen.c ssh-sk.c
Log message:
changes to support FIDO attestation
Allow writing to disk the attestation certificate that is generated by
the FIDO token at key enrollment time. These certificates may be used
by an out-of-band workflow to prove that a particular key is held in
trustworthy hardware.
Allow passing in a challenge that will be sent to the card during
key enrollment. These are needed to build an attestation workflow
that resists replay attacks.
ok markus@
