Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: x/crypto/ssh: support parsing sk-* private keys #69904

Open
bmh10 opened this issue Oct 16, 2024 · 1 comment
Open

proposal: x/crypto/ssh: support parsing sk-* private keys #69904

bmh10 opened this issue Oct 16, 2024 · 1 comment
Labels
Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Milestone

Comments

@bmh10
Copy link

bmh10 commented Oct 16, 2024

Proposal Details

Support for sk-* key types on the server-side was added in 2019: golang/crypto@86a7050

While working on a FIDO2 for SSH project I noticed that the library supports parsing [email protected] and [email protected] public keys, but seems to have no corresponding support for parsing private keys for these key types (i.e. in https://github.com/golang/crypto/blob/7cfb9161e8d828fd6d9f34560e78460435b63503/ssh/keys.go#L1488).

Perhaps this is because sk-* private keys are not true private keys but just contain a key handle which references the private key on the security key (as mentioned in https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html). However, I believe we should still be able to parse the private key and extract the key handle + the public key part.

Just curious if there's any reason support was not added for this already?

@bmh10 bmh10 added the Proposal label Oct 16, 2024
@gopherbot gopherbot added this to the Proposal milestone Oct 16, 2024
@gabyhelp
Copy link

Related Issues and Documentation

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Projects
Status: Incoming
Development

No branches or pull requests

4 participants