libssh 0.11.0
The SSH library
Loading...
Searching...
No Matches
Data Fields
ssh_pki_ctx_struct Struct Reference

Security key context structure. More...

#include <pki_context.h>

Data Fields

int rsa_key_size
 Desired RSA modulus size in bits.
const struct ssh_sk_callbacks_structsk_callbacks
 Security key callbacks.
char * sk_application
 Application identifier string for the security key credential.
uint8_t sk_flags
 FIDO2 operation flags.
ssh_auth_callback sk_pin_callback
 PIN callback for authenticator user verification (optional).
void * sk_userdata
 User supplied pointer passed to callbacks (optional).
ssh_buffer sk_challenge_buffer
 Custom challenge data for enrollment (optional).
struct sk_option ** sk_callbacks_options
 Options to be passed to the sk_callbacks (optional).
ssh_buffer sk_attestation_buffer
 The buffer used to store attestation information returned in a key enrollment operation.

Detailed Description

Security key context structure.

Context structure containing all parameters and callbacks needed for FIDO2/U2F security key operations.

Field Documentation

◆ rsa_key_size

int ssh_pki_ctx_struct::rsa_key_size

Desired RSA modulus size in bits.

Specified size of RSA keys to generate. If set to 0, defaults to 3072 bits. Must be greater than or equal to 1024, as anything below is considered insecure.

◆ sk_application

char* ssh_pki_ctx_struct::sk_application

Application identifier string for the security key credential.

FIDO2 relying party identifier, typically "ssh:user@hostname" format. This is required for all security key operations.

◆ sk_callbacks

const struct ssh_sk_callbacks_struct* ssh_pki_ctx_struct::sk_callbacks

Security key callbacks.

Provides enroll/sign/load_resident_keys operations.

◆ sk_callbacks_options

struct sk_option** ssh_pki_ctx_struct::sk_callbacks_options

Options to be passed to the sk_callbacks (optional).

NULL-terminated array of sk_option pointers owned by this context.

◆ sk_challenge_buffer

ssh_buffer ssh_pki_ctx_struct::sk_challenge_buffer

Custom challenge data for enrollment (optional).

Buffer containing challenge data signed by the authenticator. If NULL, a random 32-byte challenge is automatically generated.

◆ sk_flags

uint8_t ssh_pki_ctx_struct::sk_flags

FIDO2 operation flags.

Bitfield controlling authenticator behavior. Combine with bitwise OR:

  • SSH_SK_USER_PRESENCE_REQD (0x01): Require user touch
  • SSH_SK_USER_VERIFICATION_REQD (0x04): Require PIN/biometric
  • SSH_SK_FORCE_OPERATION (0x10): Override duplicate detection
  • SSH_SK_RESIDENT_KEY (0x20): Create discoverable credential

◆ sk_pin_callback

ssh_auth_callback ssh_pki_ctx_struct::sk_pin_callback

PIN callback for authenticator user verification (optional).

Callback invoked to obtain a PIN or perform user verification when SSH_SK_USER_VERIFICATION_REQD is set or the authenticator requires it. If NULL, no interactive PIN retrieval is performed.

◆ sk_userdata

void* ssh_pki_ctx_struct::sk_userdata

User supplied pointer passed to callbacks (optional).

Generic pointer set by the application and forwarded to interactive callbacks (e.g. PIN callback) to allow applications to carry state context.

The documentation for this struct was generated from the following file:
  • /home/asn/workspace/prj/oss/libssh/asn-docs/include/libssh/pki_context.h