You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I received one of the spam emails mentioned in other issues which led me to this repo (nice of you by the way to give back to opensource this way).
I just wanted to let you know that your scheme can not work with FIDO based ssh keys (with the type sk-ssh-ed25519@openssh.com ), where by design the real private key cannot leave the hardware token (you still have a private key file if you want, but that's just a handle).
So you probably want to exclude those from your result set next time (or change your proof scheme), because it's impossible to generate proofs for them (unless you can extract the secret of a the hardware token, which seems a bit ... hard 🤔 )
(FIDO hardware tokens do have encryption capabilities via hmac-secret but AFAIK that cannot do asymmetric encryption)
Good luck with your stuff !
The text was updated successfully, but these errors were encountered:
Hi,
I received one of the spam emails mentioned in other issues which led me to this repo (nice of you by the way to give back to opensource this way).
I just wanted to let you know that your scheme can not work with FIDO based ssh keys (with the type
sk-ssh-ed25519@openssh.com), where by design the real private key cannot leave the hardware token (you still have a private key file if you want, but that's just a handle).So you probably want to exclude those from your result set next time (or change your proof scheme), because it's impossible to generate proofs for them (unless you can extract the secret of a the hardware token, which seems a bit ... hard 🤔 )
(FIDO hardware tokens do have encryption capabilities via
hmac-secretbut AFAIK that cannot do asymmetric encryption)Good luck with your stuff !
The text was updated successfully, but these errors were encountered: