Backup ed25519-sk generated by ssh-keygen #24
-
|
Whether the backup function of pico-fido-tool.py can back up ed25519-sk generated by ssh-keygen? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
This is not allowed by FIDO Alliance. The way to backup your keys is using a secondary FIDO device. Instead of having a replica of your keys in your secondary device, secondary device is also registered in all your services. Every time you add your primary device, you should also add your secondary device. Therefore, in case your primary device gets broken, you will be able to login using the secondary device, the backup. This also applies for ssh accounts. In case you need really the backup of your ssh keys, Pico HSM would be a better choice. Pico HSM allows to export and import private/secret keys by using secure mechanisms (DKEK and XKEK). You can use Pico HSM with SSH as explained here: https://www.smartcard-hsm.com/2015/03/11/Using_the_SmartCard-HSM_with_SSH.html |
Beta Was this translation helpful? Give feedback.
This is not allowed by FIDO Alliance. The way to backup your keys is using a secondary FIDO device. Instead of having a replica of your keys in your secondary device, secondary device is also registered in all your services. Every time you add your primary device, you should also add your secondary device. Therefore, in case your primary device gets broken, you will be able to login using the secondary device, the backup. This also applies for ssh accounts.
In case you need really the backup of your ssh keys, Pico HSM would be a better choice. Pico HSM allows to export and import private/secret keys by using secure mechanisms (DKEK and XKEK). You can use Pico HSM with SSH as explained here: