SIGN SSH CERTIFICATE

Sign an SSH Certificate request.

Description

Produce an SSH Certificate signature. The certificate can then be used to login to hosts.

Shell Example

Produce a new SSH Certificate.

yubihsm> certify 0 0xabcd 0x1234 rsa-pkcs-sha256 req.dat cert.dat

Protocol Details

Command

Tc = 0x5d

Lc = 2 + 2 + 1 + 4 + 256 + LR

Vc = I || T || A || N || S || R

Sign and SSH Certificate by using the given Asymmetric Key and SSH Template.

I := Object ID of the Asymmetric Key (2 bytes)

T := Object ID of the SSH Template (2 bytes)

A := Algorithm (1 byte)

N := Timestamp with the definition of Now (4 bytes)

S := Signature over the request and timestamp (256 bytes)

R := Request (LR bytes)

Response

Tr = 0xd6

Lr = LS

Vr = S

S := Certificate Signature (LS bytes)