You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

379 lines
14 KiB

4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
  1. ## What's wrong with ED25519 and Yubikey 5 ?
  2. #### TL;DR :
  3. In the last weeks, I tried to setup ed25519 gnupg keys for use with SSH on my new Yubikey 5C NFC. It works like a charm but when used with an ED25519 SSH certificate, the authentication failed with an error like :
  4. sign_and_send_pubkey: signing failed for ED25519 "cardno:000615280015": agent refused operation
  5. Let's try it. For this demo, I'll let the Yubikey generate GnuPG's keys. This is easier to setup but not recommended in production as the master key can't be reused to generate other keys.
  6. (see here [https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP))
  7. Let's make things clear :
  8. $ **rm -R .gnupg**
  9. * **rm -R .ssh**
  10. $ **ykman openpgp reset**
  11. WARNING! This will delete all stored OpenPGP keys and data and restore factory settings? [y/N]: **y**
  12. Resetting OpenPGP data, don't remove your YubiKey...
  13. Success! All data has been cleared and default PINs are set.
  14. PIN: 123456
  15. Reset code: NOT SET
  16. Admin PIN: 12345678
  17. Good, let's start with key generation :
  18. $ gpg --card-edit
  19. gpg: directory '/home/user/.gnupg' created
  20. gpg: keybox '/home/user/.gnupg/pubring.kbx' created
  21. Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
  22. Application ID ...: D2760001240103040006152800150000
  23. Application type .: OpenPGP
  24. Version ..........: 3.4
  25. Manufacturer .....: Yubico
  26. Serial number ....: 15280015
  27. Name of cardholder: [not set]
  28. Language prefs ...: [not set]
  29. Salutation .......:
  30. URL of public key : [not set]
  31. Login data .......: [not set]
  32. Signature PIN ....: not forced
  33. Key attributes ...: rsa2048 rsa2048 rsa2048
  34. Max. PIN lengths .: 127 127 127
  35. PIN retry counter : 3 0 3
  36. Signature counter : 0
  37. KDF setting ......: off
  38. Signature key ....: [none]
  39. Encryption key....: [none]
  40. Authentication key: [none]
  41. General key info..: [none]
  42. gpg/card> admin
  43. Admin commands are allowed
  44. gpg/card> admin
  45. Admin commands are allowed
  46. gpg/card> key-attr
  47. Changing card key attribute for: Signature key
  48. Please select what kind of key you want:
  49. (1) RSA
  50. (2) ECC
  51. Your selection? 2
  52. Please select which elliptic curve you want:
  53. (1) Curve 25519
  54. (4) NIST P-384
  55. Your selection? 1
  56. The card will now be re-configured to generate a key of type: ed25519
  57. Note: There is no guarantee that the card supports the requested size.
  58. If the key generation does not succeed, please check the
  59. documentation of your card to see what sizes are allowed.
  60. Changing card key attribute for: Encryption key
  61. Please select what kind of key you want:
  62. (1) RSA
  63. (2) ECC
  64. Your selection? 2
  65. Please select which elliptic curve you want:
  66. (1) Curve 25519
  67. (4) NIST P-384
  68. Your selection? 1
  69. The card will now be re-configured to generate a key of type: cv25519
  70. Changing card key attribute for: Authentication key
  71. Please select what kind of key you want:
  72. (1) RSA
  73. (2) ECC
  74. Your selection? 2
  75. Please select which elliptic curve you want:
  76. (1) Curve 25519
  77. (4) NIST P-384
  78. Your selection? 1
  79. The card will now be re-configured to generate a key of type: ed25519
  80. gpg/card> generate
  81. Make off-card backup of encryption key? (Y/n) n
  82. Please note that the factory settings of the PINs are
  83. PIN = '123456' Admin PIN = '12345678'
  84. You should change them using the command --change-pin
  85. Please specify how long the key should be valid.
  86. 0 = key does not expire
  87. <n> = key expires in n days
  88. <n>w = key expires in n weeks
  89. <n>m = key expires in n months
  90. <n>y = key expires in n years
  91. Key is valid for? (0)
  92. Key does not expire at all
  93. Is this correct? (y/N) y
  94. GnuPG needs to construct a user ID to identify your key.
  95. Real name: Dummy
  96. Email address: dummy@dummy.co
  97. Comment:
  98. You selected this USER-ID:
  99. "Dummy <dummy@dummy.co>"
  100. Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
  101. gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
  102. gpg: key B4A67FB911B1ED6B marked as ultimately trusted
  103. gpg: directory '/home/user/.gnupg/openpgp-revocs.d' created
  104. gpg: revocation certificate stored as '/home/user/.gnupg/openpgp-revocs.d/A157C7E15F3D6C7445B40626B4A67FB911B1ED6B.rev'
  105. public and secret key created and signed.
  106. gpg/card> list
  107. Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
  108. Application ID ...: D2760001240103040006152800150000
  109. Application type .: OpenPGP
  110. Version ..........: 3.4
  111. Manufacturer .....: Yubico
  112. Serial number ....: 15280015
  113. Name of cardholder: [not set]
  114. Language prefs ...: [not set]
  115. Salutation .......:
  116. URL of public key : [not set]
  117. Login data .......: [not set]
  118. Signature PIN ....: not forced
  119. Key attributes ...: ed25519 cv25519 ed25519
  120. Max. PIN lengths .: 127 127 127
  121. PIN retry counter : 3 0 3
  122. Signature counter : 4
  123. KDF setting ......: off
  124. Signature key ....: A157 C7E1 5F3D 6C74 45B4 0626 B4A6 7FB9 11B1 ED6B
  125. created ....: 2020-10-05 09:45:47
  126. Encryption key....: 2B46 118B DEB3 4AAC 4951 63DE 286C 74DF 1104 5D46
  127. created ....: 2020-10-05 09:45:47
  128. Authentication key: FFE2 8767 DD98 CD3F 587A 19F9 B1B9 E836 16EF 39E7
  129. created ....: 2020-10-05 09:45:47
  130. General key info..:
  131. pub ed25519/B4A67FB911B1ED6B 2020-10-05 Dummy <dummy@dummy.co>
  132. sec> ed25519/B4A67FB911B1ED6B created: 2020-10-05 expires: never
  133. card-no: 0006 15280015
  134. ssb> ed25519/B1B9E83616EF39E7 created: 2020-10-05 expires: never
  135. card-no: 0006 15280015
  136. ssb> cv25519/286C74DF11045D46 created: 2020-10-05 expires: never
  137. card-no: 0006 15280015
  138. gpg/card> quit
  139. pub ed25519 2020-10-05 [SC]
  140. A157C7E15F3D6C7445B40626B4A67FB911B1ED6B
  141. uid Dummy <dummy@dummy.co>
  142. sub ed25519 2020-10-05 [A]
  143. sub cv25519 2020-10-05 [E]
  144. $ ssh-add -L
  145. ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGzO7860chQPMw0NuLDhBqZd1IcfIqBnvy4GSbzZd4vu cardno:000615280015
  146. $ mkdir sshca
  147. $ ssh-keygen -t ed25519 -N '' -C 'Test CA' -f sshca/ca
  148. $ cat sshca/ca.pub
  149. ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICAL7l1sQuKe4daLfKGZuiRPZZXquokQyH+p6utlZxZ+ Test CA
  150. $ ssh-add -L > sshca/id_ed25519.pub
  151. $ ssh-keygen -s sshca/ca -I test-dummy sshca/id_ed25519.pub
  152. Signed user key sshca/id_ed25519-cert.pub: id "test-dummy" serial 0 valid forever
  153. $ mkdir ~/.ssh
  154. $ cp sshca/id_ed25519-cert.pub ~/.ssh/
  155. $ ssh-keygen -Lf .ssh/id_ed25519-cert.pub
  156. .ssh/id_ed25519-cert.pub:
  157. Type: ssh-ed25519-cert-v01@openssh.com user certificate
  158. Public key: ED25519-CERT SHA256:fuoQ5RdcNRAj0VAyw/vqA584nNW2HMYNGk4NQEFjTSM
  159. Signing CA: ED25519 SHA256:2PibPv047BiDZQgl51bKRnY2ZXpcbAP1g7GjAZ0DArI (using ssh-ed25519)
  160. Key ID: "test-dummy"
  161. Serial: 0
  162. Valid: forever
  163. Principals: (none)
  164. Critical Options: (none)
  165. Extensions:
  166. permit-X11-forwarding
  167. permit-agent-forwarding
  168. permit-port-forwarding
  169. permit-pty
  170. permit-user-rc
  171. At this point, you have to copy the CA's public key into your server's authorized_keys file . This can't be done with ssh-copy-id as the CA's key is not loaded into you ssh-agent nor available in the ~/.ssh directory.
  172. You should have something like :
  173. server:~# cat .ssh/authorized_keys
  174. cert-authority ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICAL7l1sQuKe4daLfKGZuiRPZZXquokQyH+p6utlZxZ+ Test CA
  175. Note the line beginning with cert-authority which is not common. For reference, read "AUTHORIZED_KEYS FILE FORMAT" chapter here : [http://man.he.net/man5/authorized_keys](http://man.he.net/man5/authorized_keys)
  176. Now, try to login :
  177. $ ssh root@server
  178. sign_and_send_pubkey: signing failed for ED25519 "cardno:000615280015": agent refused operation
  179. Password:
  180. So we're completely out of luck : authentication doesn't works.
  181. For comparison, let's try with an NIST P384 key :
  182. $ ykman openpgp reset
  183. WARNING! This will delete all stored OpenPGP keys and data and restore factory settings? [y/N]: y
  184. Resetting OpenPGP data, don't remove your YubiKey...
  185. Success! All data has been cleared and default PINs are set.
  186. PIN: 123456
  187. Reset code: NOT SET
  188. Admin PIN: 12345678
  189. $ rm -R .gnupg
  190. $ rm -R .ssh
  191. $ gpg --card-edit
  192. Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
  193. Application ID ...: D2760001240103040006152800150000
  194. Application type .: OpenPGP
  195. Version ..........: 3.4
  196. Manufacturer .....: Yubico
  197. Serial number ....: 15280015
  198. Name of cardholder: [not set]
  199. Language prefs ...: [not set]
  200. Salutation .......:
  201. URL of public key : [not set]
  202. Login data .......: [not set]
  203. Signature PIN ....: not forced
  204. Key attributes ...: rsa2048 rsa2048 rsa2048
  205. Max. PIN lengths .: 127 127 127
  206. PIN retry counter : 3 0 3
  207. Signature counter : 0
  208. KDF setting ......: off
  209. Signature key ....: [none]
  210. Encryption key....: [none]
  211. Authentication key: [none]
  212. General key info..: [none]
  213. gpg/card> admin
  214. Admin commands are allowed
  215. gpg/card> key-attr
  216. Changing card key attribute for: Signature key
  217. Please select what kind of key you want:
  218. (1) RSA
  219. (2) ECC
  220. Your selection? 2
  221. Please select which elliptic curve you want:
  222. (1) Curve 25519
  223. (4) NIST P-384
  224. Your selection? 4
  225. The card will now be re-configured to generate a key of type: nistp384
  226. Note: There is no guarantee that the card supports the requested size.
  227. If the key generation does not succeed, please check the
  228. documentation of your card to see what sizes are allowed.
  229. Changing card key attribute for: Encryption key
  230. Please select what kind of key you want:
  231. (1) RSA
  232. (2) ECC
  233. Your selection? 2
  234. Please select which elliptic curve you want:
  235. (1) Curve 25519
  236. (4) NIST P-384
  237. Your selection? 4
  238. The card will now be re-configured to generate a key of type: nistp384
  239. Changing card key attribute for: Authentication key
  240. Please select what kind of key you want:
  241. (1) RSA
  242. (2) ECC
  243. Your selection? 2
  244. Please select which elliptic curve you want:
  245. (1) Curve 25519
  246. (4) NIST P-384
  247. Your selection? 4
  248. The card will now be re-configured to generate a key of type: nistp384
  249. gpg/card> generate
  250. Make off-card backup of encryption key? (Y/n) n
  251. Please note that the factory settings of the PINs are
  252. PIN = '123456' Admin PIN = '12345678'
  253. You should change them using the command --change-pin
  254. Please specify how long the key should be valid.
  255. 0 = key does not expire
  256. <n> = key expires in n days
  257. <n>w = key expires in n weeks
  258. <n>m = key expires in n months
  259. <n>y = key expires in n years
  260. Key is valid for? (0)
  261. Key does not expire at all
  262. Is this correct? (y/N) y
  263. GnuPG needs to construct a user ID to identify your key.
  264. Real name: Dummy
  265. Email address: dummy@dummy.co
  266. Comment:
  267. You selected this USER-ID:
  268. "Dummy <dummy@dummy.co>"
  269. Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
  270. gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
  271. gpg: key BA792909F5154B7A marked as ultimately trusted
  272. gpg: directory '/home/user/.gnupg/openpgp-revocs.d' created
  273. gpg: revocation certificate stored as '/home/user/.gnupg/openpgp-revocs.d/B591751A56B42EA25C8BEF60BA792909F5154B7A.rev'
  274. public and secret key created and signed.
  275. gpg/card> list
  276. Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
  277. Application ID ...: D2760001240103040006152800150000
  278. Application type .: OpenPGP
  279. Version ..........: 3.4
  280. Manufacturer .....: Yubico
  281. Serial number ....: 15280015
  282. Name of cardholder: [not set]
  283. Language prefs ...: [not set]
  284. Salutation .......:
  285. URL of public key : [not set]
  286. Login data .......: [not set]
  287. Signature PIN ....: not forced
  288. Key attributes ...: nistp384 nistp384 nistp384
  289. Max. PIN lengths .: 127 127 127
  290. PIN retry counter : 3 0 3
  291. Signature counter : 4
  292. KDF setting ......: off
  293. Signature key ....: B591 751A 56B4 2EA2 5C8B EF60 BA79 2909 F515 4B7A
  294. created ....: 2020-10-05 10:04:12
  295. Encryption key....: F087 DFD0 65E8 AFE3 8835 41EA 062D F688 F54D 721D
  296. created ....: 2020-10-05 10:04:12
  297. Authentication key: 8556 35FB BFD2 E642 8CFC D41B 47B0 098B 165E 8325
  298. created ....: 2020-10-05 10:04:12
  299. General key info..:
  300. pub nistp384/BA792909F5154B7A 2020-10-05 Dummy <dummy@dummy.co>
  301. sec> nistp384/BA792909F5154B7A created: 2020-10-05 expires: never
  302. card-no: 0006 15280015
  303. ssb> nistp384/47B0098B165E8325 created: 2020-10-05 expires: never
  304. card-no: 0006 15280015
  305. ssb> nistp384/062DF688F54D721D created: 2020-10-05 expires: never
  306. card-no: 0006 15280015
  307. gpg/card> quit
  308. pub nistp384 2020-10-05 [SC]
  309. B591751A56B42EA25C8BEF60BA792909F5154B7A
  310. uid Dummy <dummy@dummy.co>
  311. sub nistp384 2020-10-05 [A]
  312. sub nistp384 2020-10-05 [E]
  313. $ ssh-add -L > sshca/id_ecdsa.pub
  314. $ ssh-keygen -s sshca/ca -I test-dummy sshca/id_ecdsa.pub
  315. Signed user key sshca/id_ecdsa-cert.pub: id "test-dummy" serial 0 valid forever
  316. $ cp sshca/id_ecdsa-cert.pub ~/.ssh/
  317. $ ssh-keygen -Lf .ssh/id_ecdsa-cert.pub
  318. .ssh/id_ecdsa-cert.pub:
  319. Type: ecdsa-sha2-nistp384-cert-v01@openssh.com user certificate
  320. Public key: ECDSA-CERT SHA256:N3JmjLOQ5VClsChOlmeyh5a8kF0RCMdAOz1VWde8lwk
  321. Signing CA: ED25519 SHA256:2PibPv047BiDZQgl51bKRnY2ZXpcbAP1g7GjAZ0DArI (using ssh-ed25519)
  322. Key ID: "test-dummy"
  323. Serial: 0
  324. Valid: forever
  325. Principals: (none)
  326. Critical Options: (none)
  327. Extensions:
  328. permit-X11-forwarding
  329. permit-agent-forwarding
  330. permit-port-forwarding
  331. permit-pty
  332. permit-user-rc
  333. $ ssh root@server
  334. Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-47-generic x86_64)
  335. root@server:~#
  336. **Authentication is working as expected here !**