Article 5964M Cryptographic Signing using ssh-keygen(1) with a FIDO Authenticator

Cryptographic Signing using ssh-keygen(1) with a FIDO Authenticator

by
from OpenBSD Journal on (#5964M)
Introduction

Hitherto, releases of thefwobacsoftware (which underliesUndeadly)have been unsigned.This is overdue for change, so for the latest release [version 1.7], we are providing a digital signature.As signing is being performed manually, why not employ an additional [hardware] factor?

signify(1)does not support the use of FIDO authenticators.However, recent versions ofOpenSSH do support signingusing the [under-appreciated]-Y sign option ofssh-keygen(1),and with the recent addition of FIDO authenticator support to OpenSSH[as reported previously],we have a means (using tools in base OpenBSD) of using a hardware factor when signing files.

Read more...

External Content
Source RSS or Atom Feed
Feed Location http://undeadly.org/cgi?action=rss
Feed Title OpenBSD Journal
Feed Link http://undeadly.org/
Reply 0 comments