Add FIDO priviate key info

2026-02-17 08:04:23 -05:00
parent 75944c8ea1
commit e34d51e0d5
1 changed files with 8 additions and 0 deletions
--- a/FIDO-priviate-key-info.md
+++ b/FIDO-priviate-key-info.md
@@ -0,0 +1,8 @@
+ssh-keygen -t ed25519-sk -O resident command, the private key's critical material is stored on your FIDO2 hardware security key, not as a traditional file on your computer's disk. 
+Instead of the actual private key, a small "key handle" or "credential ID" file is saved locally on your computer (by default in ~/.ssh/id_ed25519_sk in a Unix-like environment). This file is essentially a pointer that tells your SSH client how to find and use the key material securely stored on the physical security device. 
+Key characteristics of resident keys:
+
+    Physical Storage: The actual private key is secured within the secure element of your FIDO2 authenticator (e.g., a [YubiKey](https://www.complete.org/easily-using-ssh-with-fido2-u2f-hardware-security-keys/)).
+    Local File: A companion file is created on your host machine to act as a reference to the on-device key.
+    Portability: The primary advantage of a resident key is that you can use it on any computer without having to transfer any sensitive key files; the key can be loaded directly from the security key using ssh-add -K or ssh-keygen -K.
+    Security: Accessing the key for an SSH session requires both physical possession of the security key and authentication via a PIN (and potentially a physical touch, depending on the device/operation).