Jó Ágila Bitsch
Jó Ágila Bitsch
the relevant output from `piv-tool -vvv --serial` is ``` 0x7fde966ba1c0 00:59:47.797 [piv-tool] card-piv.c:733:piv_select_aid: called 0x7fde966ba1c0 00:59:47.797 [piv-tool] card-piv.c:736:piv_select_aid: Got args: aid=0x7fde972e5060, aidlen=9, response=0x7fffbb91d020, responselen=261 0x7fde966ba1c0 00:59:47.797 [piv-tool] apdu.c:554:sc_transmit_apdu: called 0x7fde966ba1c0...
I confirmed that it is working as intended when the answer to select is 129 bytes or shorter.
By the way, the test output is from version 0.19.0 (debian10), that's why the debug output refers to https://github.com/OpenSC/OpenSC/blob/0.19.0/src/libopensc/card-piv.c#L838. This part of the code didn't change though, since.
Interestingly enough, when I just fixed the ASN1 structure generated from the code of the PivApplet: https://github.com/arekinath/PivApplet/blob/806a035d39199c4d666b733e74194c35f0ff8063/src/net/cooperi/pivapplet/PivApplet.java#L855 to use `push256` instead of `push` my quick test with `piv-tool -vvv --serial`...
I was able to use my yubikey for webauthn/fido2 in chrome via an NFC reader using this bridge: https://github.com/BryanJacobs/fido2-hid-bridge Hope this helps. (Btw: PIV and Fido2 are some very different...
The server would certainly not need `libfido2`. The public key is the just the ssh-ed25519 key, plus an application string (typically `ssh:`), see https://github.com/openssh/openssh-portable/blob/88351eca17dcc55189991ba60e50819b6d4193c1/PROTOCOL.u2f > The format of a [email protected]...
I experimented a bit with this and came up with an initial patch: https://github.com/jo-bitsch/tinyssh/tree/sk-ed25519 The main change is a new file sshcrypto_key_sk_ed25519.c, which adds the relevant functions for parsing and...
I currently don't have a yubikey with the right firmware available, so I'd be very thankful if someone could help in testing. I have a colleague who has one, but...
I was able to test everything and it seems to work. I therefore raised a PR (#87). Testing or code review by other people is highly appreciated.
I agree, the server does not need libfido2. The patch I prepared also does not add libfido2 as a dependency. It allows clients that have their ed25519 private keys saved...