latest iPad OS / Blink fails to create FIDO2 key

[jac-cbi]

Checklist

• [X ] Using latest version on the App Store
• [- ] Read the docs
• [X ] Searched for existing GitHub issues

Configuration

iPadOS 16.4.1
Blink v16.1.7.748

Describe the bug

blink> ssh-keygen -t ed25519-sk
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
sshsk_enroll: missing provider
Key enrollment failed: invalid argument

I prefer to avoid ECDSA and non-Edwards curves where possible. Would be nice if I could either specify the key type in Config -> Keys, or generate it as above.

[jac-cbi]

Token is a Yubikey 5c attached to iPad via USB-C. Same device has been used to generate ed25519-sk keys for my Mac to ssh via FIDO2

[carloscabanero]

Hi! To use secure keys, please use the user interface for it as described at https://docs.blink.sh/advanced/webauthn. There are also limitations on the type of keys that we can create as our implementation is based on WebAuthn and it is implemented by iOS itself. Only ECDSA keys are supported atm.

We won't support FIDO2 atm as it would require custom support per key and honestly, the user interest is just not there.

[jac-cbi]

ahhh, dabbit. Burned by my own assumption. Assumed "webauthn == fido2" whereas I now see webauthn is a subset of FIDO2. Specifically, the web apis.

Regardless, the advantage of using external tokens outweighs my preference to avoid non-Edwards curves. So P256 it is for now. Ick.

[carloscabanero]

Opening a Discussion from the content on this thread:

#1875
Please please leave your comments there. I need to know that there is real interest to solve this. Otherwise we won't know if it may be worth our time.