Sign an SSH Certificate request.
Produce an SSH Certificate signature. The certificate can then be used to login to hosts.
This functionality is only available with RSA keys for the time being.
Produce a new SSH Certificate.
yubihsm> certify 0 0xabcd 0x1234 rsa-pkcs-sha256 req.dat cert.dat
Tc = 0x5d |
Lc = 2 + 2 + 1 + 4 + 256 + LR |
Vc = I || T || A || N || S || R |
Sign and SSH Certificate by using the given Asymmetric Key and SSH Template.
I := Object ID of the Asymmetric Key (2 bytes)
T := Object ID of the SSH Template (2 bytes)
A := Algorithm (1 byte)
N := Timestamp with the definition of Now (4 bytes)
S := Signature over the request and timestamp (256 bytes)
R := Request (LR bytes)
Tr = 0xd6 |
Lr = LS |
Vr = S |
S := Certificate Signature (LS bytes)