Cannot create secure-key (ed25519-sk) via windows-hello (pin) #2413
Description
Prerequisites
- Write a descriptive title.
- Make sure you are able to repro it on the latest version
- Search the existing issues.
Steps to reproduce
I'm trying to setup a secure-key (ed25519-sk) in my machines TPM, which should be protected via windows-hello (PIN).
Windows prompts, that the key will be stored on the device.
When continueing, another prompt appears, telling me that I should insert a security-device.
ssh-keygen -t ed25519-sk
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Interestingly enough, doing the same with
ssh-keygen -t ecdsa-sk
DOES prompt for a PIN, but then just also displays another prompt to "insert a security-device"
Expected behavior
> ssh-keygen -t ed25519-sk
> Generating public/private ed25519-sk key pair.
> You may need to touch your authenticator to authorize key generation.
- prompt to "save your passkey" appears
- upon "continue", prompted to "enter you pin"
- when entered, key gets created and stored in TPMActual behavior
> ssh-keygen -t ed25519-sk
> Generating public/private ed25519-sk key pair.
> You may need to touch your authenticator to authorize key generation.
- prompt to "save your passkey" appears
- upon "continue", "Insert your security key into the USB port" appearsError details
Environment data
Name Value
---- -----
PSVersion 7.5.4
PSEdition Core
GitCommitId 7.5.4
OS Microsoft Windows 10.0.26200
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0Version
OpenSSH_for_Windows_10.0p2 Win32-OpenSSH-GitHub, LibreSSL 4.2.0
Visuals
No response