admin/gg
1
0
Code Issues Packages Projects Wiki

Add FIDO priviate key info

admin
2026-02-17 08:04:23 -05:00
parent 75944c8ea1
commit e34d51e0d5
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
FIDO-priviate-key-info.md Normal file

@@ -0,0 +1,8 @@
ssh-keygen -t ed25519-sk -O resident command, the private key's critical material is stored on your FIDO2 hardware security key, not as a traditional file on your computer's disk.
Instead of the actual private key, a small "key handle" or "credential ID" file is saved locally on your computer (by default in ~/.ssh/id_ed25519_sk in a Unix-like environment). This file is essentially a pointer that tells your SSH client how to find and use the key material securely stored on the physical security device.
Key characteristics of resident keys:
Physical Storage: The actual private key is secured within the secure element of your FIDO2 authenticator (e.g., a [YubiKey](https://www.complete.org/easily-using-ssh-with-fido2-u2f-hardware-security-keys/)).
Local File: A companion file is created on your host machine to act as a reference to the on-device key.
Portability: The primary advantage of a resident key is that you can use it on any computer without having to transfer any sensitive key files; the key can be loaded directly from the security key using ssh-add -K or ssh-keygen -K.
Security: Accessing the key for an SSH session requires both physical possession of the security key and authentication via a PIN (and potentially a physical touch, depending on the device/operation).