-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merging ssh-key and sshcerts #4
Comments
Hello! I just want to say that this is the first time I’ve seen your crate. It definitely looks like we’re working on similar goals. |
I think the biggest thing we could port over is the support for signing with FIDO keys. I use |
That sounds interesting. As it were, my original plan was to add I could see going the other way for something like |
The YubiHSM does support SSH Certificates buts we can build SSH certificate support on regular Yubikeys as well (though there are some algorithm limitations such as lack of Ed25519 and NISTP521). I was honestly quite annoyed with the fact that Yubico only provided APIs for SSH certificates on the HSM and that was where the Yubikey portion of sshcerts came from! :p |
sshcerts is the primary dependency of my Rustica project (https://github.com/obelisk/rustica) which is my automated SSH certificate issuance system. Thus I'll generally be looking through the lens of that project when thinking about features to port or reimplement :) |
#169 implements some similar functionality |
A lot of the missing functionality is there in I've also got the Mozilla backend almost fully integrated as well so you can choose what you'd like to pull in dependency tree wise. I've personally found dealing with CTAP to be very time consuming and difficult so if more people can benefit from it we should see what can be done to port it over here. Do you have a strong opinion on ctap2_hid vs authenticator-rs? |
Awesome!
authenticator-rs looks much more widely used and actively maintained |
@tarcieri If you could take a look at: https://github.com/obelisk/sshcerts/tree/moz_auth_2023/src/fido Let me know what you think we might be able to move over from there. The CTAP2 code is more mature and has prove to be very stable but I agree with you, Also I'm self taught in Rust so I would welcome any reviews on how to better structure the project, either in issues or pull requests so long as functionality is the same. The goal of sshcerts was to provide a solid foundation for Rustica allowing provably backed hardware keys at scale, but as long as |
Add universal `listen` function
I'm about to cut over the default backend implementation for dealing with authenticators to |
Heyo,
So I've been working on SSH Certificate parsing in pure rust for a while and might have some features that we could port over. I would also love to be able to get feedback on the code I've been writing for the past 2 years.
https://github.com/obelisk/sshcerts
Ultimately it would probably be best if we could port all the functionality for dealing with SSH certificates over then I can retire that crate and build more specific ones for the Yubikey portions.
The text was updated successfully, but these errors were encountered: