module SSHData::PublicKey::SecurityKey

Constants

DEFAULT_SK_VERIFY_OPTS

Defaults to match OpenSSH, user presence is required by verification is not.

SK_FLAG_USER_PRESENCE
SK_FLAG_USER_VERIFICATION

Public Instance Methods

build_signing_blob(application, signed_data, signature) click to toggle source
# File lib/ssh_data/public_key/security_key.rb, line 14
def build_signing_blob(application, signed_data, signature)
  read = 0
  sig_algo, raw_sig, signature_read = Encoding.decode_signature(signature)
  read += signature_read
  sk_flags, sk_flags_read = Encoding.decode_uint8(signature, read)
  read += sk_flags_read
  counter, counter_read = Encoding.decode_uint32(signature, read)
  read += counter_read

  if read != signature.bytesize
    raise DecodeError, "unexpected trailing data"
  end

  application_hash = OpenSSL::Digest::SHA256.digest(application)
  message_hash = OpenSSL::Digest::SHA256.digest(signed_data)

  blob =
    application_hash +
    Encoding.encode_uint8(sk_flags) +
    Encoding.encode_uint32(counter) +
    message_hash

  [sig_algo, raw_sig, sk_flags, blob]
end