Your proof scheme will not work with FIDO based ssh keys

[VannTen]

Hi,

I received one of the spam emails mentioned in other issues which led me to this repo (nice of you by the way to give back to opensource this way).

I just wanted to let you know that your scheme can not work with FIDO based ssh keys (with the type [email protected] ), where by design the real private key cannot leave the hardware token (you still have a private key file if you want, but that's just a handle). So you probably want to exclude those from your result set next time (or change your proof scheme), because it's impossible to generate proofs for them (unless you can extract the secret of a the hardware token, which seems a bit ... hard :thinking: )

(FIDO hardware tokens do have encryption capabilities via hmac-secret but AFAIK that cannot do asymmetric encryption)

Good luck with your stuff !