coelner/gedankensplitter
1
0
Fork 0
Code Pull Requests Releases Activity
8f6baaddef
gedankensplitter/fido2.md

40 lines
1.7 KiB
Markdown
Raw Normal View History

minor writeups
2022-02-26 16:32:15 +00:00
---
keywords:
- IT
- Security
---
# Fido2
### features
- WebAuth
- main feature, login with username (known value by user), ChallengeResponse ( secret ) and button (interactive)/PIN
- resident keys
- HMAC-secret extension
- symmetric key scoped to a credential
- https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#sctn-hmac-secret-extension
## hardware
#### OpenSK
#### solo2
#### nitrokey
### code snippets
```[https://gist.github.com/alexgwolff/5d7f6802996cad2847c4a16995da410b]
Using resident keys If your security key supports FIDO2 resident keys*, like the YubiKey 5 Series, YubiKey 5 FIPS Series, or the Security Key NFC by Yubico, you can enable this when creating your SSH key:
$ ssh-keygen -t ecdsa-sk -O resident
This works the same as before, except a resident key is easier to import to a new computer because it can be loaded directly from the security key. To use the SSH key on a new computer, make sure you have ssh-agent running and simply run:
$ ssh-add -K
This will load a “key handle” into the SSH agent and make the key available for use on the new computer. This works great for short visits, but it wont last forever youll need to run ssh-add again if you reboot the computer, for example. To import the key permanently, instead run:
$ ssh-keygen -K
This will write two files into the current directory: id\_ecdsa\_sk\_rk and id\_ecdsa\_sk\_rk.pub. Now you just need to rename the private key file to id\_ecdsa\_sk and move it into your SSH directory:
$ mv id\_ecdsa\_sk\_rk ~/.ssh/id\_ecdsa_sk
Finally, theres one more feature to be excited about…
```
## references
https://2fa.directory/int/
Copy Permalink