From e34d51e0d5c44d4f8a8f659af51f976f94ba50d2 Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 17 Feb 2026 08:04:23 -0500 Subject: [PATCH] Add FIDO priviate key info --- FIDO-priviate-key-info.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 FIDO-priviate-key-info.md diff --git a/FIDO-priviate-key-info.md b/FIDO-priviate-key-info.md new file mode 100644 index 0000000..3b274b3 --- /dev/null +++ b/FIDO-priviate-key-info.md @@ -0,0 +1,8 @@ +ssh-keygen -t ed25519-sk -O resident command, the private key's critical material is stored on your FIDO2 hardware security key, not as a traditional file on your computer's disk. +Instead of the actual private key, a small "key handle" or "credential ID" file is saved locally on your computer (by default in ~/.ssh/id_ed25519_sk in a Unix-like environment). This file is essentially a pointer that tells your SSH client how to find and use the key material securely stored on the physical security device. +Key characteristics of resident keys: + + Physical Storage: The actual private key is secured within the secure element of your FIDO2 authenticator (e.g., a [YubiKey](https://www.complete.org/easily-using-ssh-with-fido2-u2f-hardware-security-keys/)). + Local File: A companion file is created on your host machine to act as a reference to the on-device key. + Portability: The primary advantage of a resident key is that you can use it on any computer without having to transfer any sensitive key files; the key can be loaded directly from the security key using ssh-add -K or ssh-keygen -K. + Security: Accessing the key for an SSH session requires both physical possession of the security key and authentication via a PIN (and potentially a physical touch, depending on the device/operation). \ No newline at end of file