upstream: some more corrections for documentation problems spotted

by Ron Frederick document certifiate private key format correct flags type for sk-ssh-ed25519@openssh.com keys OpenBSD-Commit-ID: fc4e9a1ed7f9f7f9dd83e2e2c59327912e933e74
2024-12-22 10:00:14 +00:00 · 2019-12-10 23:37:31 +00:00 · 2019-12-10 23:37:31 +00:00 · a62f4e1960
commit a62f4e1960
parent 22d4beb796
1 changed files with 12 additions and 2 deletions
--- a/PROTOCOL.u2f
+++ b/PROTOCOL.u2f
@ -86,7 +86,7 @@ With a private half consisting of:
 	string		"sk-ssh-ed25519@openssh.com"
 	string		public key
 	string		application (user-specified, but typically "ssh:")
-	uint32		flags
+	uint8		flags
 	string		key_handle
 	string		reserved

@ -110,6 +110,8 @@ information to the public key:
 	string		signature key
 	string		signature

+and for security key ed25519 certificates:
+
 	string		"sk-ssh-ed25519-cert-v01@openssh.com"
 	string		nonce
 	string		public key
@ -126,6 +128,15 @@ information to the public key:
 	string		signature key
 	string		signature

+Both security key certificates use the following encoding for private keys:
+
+	string		type (e.g. "sk-ssh-ed25519-cert-v01@openssh.com")
+	string		pubkey (the above key/cert structure)
+	string		application
+	uint8		flags
+	string		key_handle
+	string		reserved
+
 During key generation, the hardware also returns attestation information
 that may be used to cryptographically prove that a given key is
 hardware-backed. Unfortunately, the protocol required for this proof is
@ -188,7 +199,6 @@ For Ed25519 keys the signature is encoded as:
 	byte		flags
 	uint32		counter

-
 ssh-agent protocol extensions
 -----------------------------