FITstagram

admin https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html

admin Note: when you generate a non-resident ssh key, it counts as a non-discoverable credential, that is, the key handle needs the yubikey device master key that never leaves the yubikey to derive the private key. Furthermore, it only ever exists in the clear in the yubikey memory and not anywhere else, not even on the computer the yubikey is connected to. See https://developers.yubico.com/U2F/Protocol_details/Key_generation.html and and also https://crypto.stackexchange.com/questions/105942/how-do-non-resident-keys-work-in-webauthn