The release is signed with C100 3466 7663 4E80 C940 FB9E 9C02 FF41 9FEC BE16.

⚠️ Breaking Changes ⚠️

The key format has been changed from the custom binary format to the TPM 2.0 Key
files specification. Keys from v0.1.0 and v0.2.0 are no longer supported and
ssh-tpm-agent will give you a warning when it finds such a key.

The reason for this change is that the older format was a custom binary format
that doesn't support TPM key policies and authpolicies that will be needed in
the future. The format would have to be versioned at some point so using an
established format makes more sense.

This change also creates incompatible TPM keys without a hardcoded signature
schemes. This allows us to support other hashing algorithms instead of always
relying on sha256.

This change also changes the TPM primary key from being RSA or ECDSA to
always standardizing on a NIST-P256 primary key.

For the spec:
https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html

The library for the key format:
https://github.com/Foxboron/go-tpm-keyfiles

New Features

Support for ecdsa 384 and 521 bit lengths

ECDSA p384 and p521 keys are now supported. They can be created with a the
-b switch.

λ ~ » ssh-tpm-keygen -t ecdsa -b 384
λ ~ » ssh-tpm-keygen -t ecdsa -b 521

Note that the availability of the different bit lengths depends on the TPM
available on the system. Use ssh-tpm-keygen --supported to list supported bit
lengths.

λ ~ » ssh-tpm-keygen --supported
ecdsa bit lengths: 256 384
rsa bit lengths: 2048

What's Changed

Support p256, p384 and p521 by @Foxboron in #40
Move key format to ASN.1 TPM Keys by @Foxboron in #41

Full Changelog: v0.2.0...v0.3.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.3.0

⚠️ Breaking Changes ⚠️

New Features

Support for ecdsa 384 and 521 bit lengths

What's Changed

Contributors