aboutsummaryrefslogtreecommitdiff
path: root/contrib/libfido2/examples/README.adoc
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/libfido2/examples/README.adoc')
-rw-r--r--contrib/libfido2/examples/README.adoc19
1 files changed, 10 insertions, 9 deletions
diff --git a/contrib/libfido2/examples/README.adoc b/contrib/libfido2/examples/README.adoc
index bcecb22f5258..d44218c2cf87 100644
--- a/contrib/libfido2/examples/README.adoc
+++ b/contrib/libfido2/examples/README.adoc
@@ -20,12 +20,11 @@ The following definitions are used in the description below:
- <pubkey>
- The file system path of a file containing a NIST P-256 public key in
- PEM format.
+ The file system path of a file containing a public key in PEM format.
- <blobkey>
- A credential's associated FIDO 2.1 "largeBlob" symmetric key.
+ A credential's associated CTAP 2.1 "largeBlob" symmetric key.
=== Description
@@ -48,8 +47,8 @@ The following examples are provided:
Configures <pin> as the new PIN of <device>. If [oldpin] is provided,
the device's PIN is changed from [oldpin] to <pin>.
-- cred [-t ecdsa|rsa|eddsa] [-k pubkey] [-ei cred_id] [-P pin] [-T seconds]
- [-b blobkey] [-hruv] <device>
+- cred [-t es256|es384|rs256|eddsa] [-k pubkey] [-ei cred_id] [-P pin]
+ [-T seconds] [-b blobkey] [-hruv] <device>
Creates a new credential on <device> and verify that the credential
was signed by the authenticator. The device's attestation certificate
@@ -66,14 +65,16 @@ The following examples are provided:
option -b is specified, the credential's "largeBlob" key is stored in
<blobkey>.
-- assert [-t ecdsa|rsa|eddsa] [-a cred_id] [-h hmac_secret] [-s hmac_salt]
- [-P pin] [-T seconds] [-b blobkey] [-puv] <pubkey> <device>
+- assert [-t es256|es384|rs256|eddsa] [-a cred_id] [-h hmac_secret] [-P pin]
+ [-s hmac_salt] [-T seconds] [-b blobkey] [-puv] <pubkey> <device>
Asks <device> for a FIDO2 assertion corresponding to [cred_id],
which may be omitted for resident keys. The obtained assertion
is verified using <pubkey>. The -p option requests that the user
- be present. User verification may be requested through the -v
- option. If option -u is specified, the assertion is generated using
+ be present and checks whether the user presence bit was signed by the
+ authenticator. The -v option requests user verification and checks
+ whether the user verification bit was signed by the authenticator.
+ If option -u is specified, the assertion is generated using
U2F (CTAP1) instead of FIDO2 (CTAP2) commands. If option -s is
specified, a FIDO2 hmac-secret is requested from the authenticator,
and the contents of <hmac_salt> are used as the salt. If option -h
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-20 15:23:43 +0000