CVSROOT: /cvs Module name: src Changes by: d...@cvs.openbsd.org 2020/01/28 01:01:34
Modified files: usr.bin/ssh : PROTOCOL.u2f sk-usbhid.c ssh-keygen.1 ssh-keygen.c ssh-sk.c Log message: changes to support FIDO attestation Allow writing to disk the attestation certificate that is generated by the FIDO token at key enrollment time. These certificates may be used by an out-of-band workflow to prove that a particular key is held in trustworthy hardware. Allow passing in a challenge that will be sent to the card during key enrollment. These are needed to build an attestation workflow that resists replay attacks. ok markus@