shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-02-02 09:47:03 +03:00
Code

man: reword of fido2 key derivation

Browse Source 
"keyed by" is indeed a bit jargony. Say " a HMAC hash of the salt combined with
an internal secret key" instead.

For #17177.

(cherry picked from commit e0c60bf6a0065ba447b50fcb1bb171725e8bd00d)
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2020-10-05 14:11:02 +02:00
parent 0e4e26bb85
commit 2e77eda39a
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
man/homectl.xml
View File

@ -355,11 +355,11 @@
<listitem><para>Takes a path to a Linux <literal>hidraw</literal> device
(e.g. <filename>/dev/hidraw1</filename>), referring to a FIDO2 security token implementing the
<literal>hmac-secret</literal> extension, that shall be able to unlock the user account. If used, a
random salt value is generated on the host, which is passed to the FIDO2 device, which calculates a
HMAC hash of it, keyed by its internal secret key. The result is then used as key for unlocking the
user account. The random salt is included in the user record, so that whenever authentication is
needed it can be passed again to the FIDO2 token, to retrieve the actual key.</para>
<literal>hmac-secret</literal> extension that shall be able to unlock the user account. A random salt
value is generated on the host and passed to the FIDO2 device, which calculates a HMAC hash of the
salt combined with an internal secret key. The result is then used as the key to unlock the user
account. The random salt is included in the user record, so that whenever authentication is needed it
can be passed again to the FIDO2 token again.</para>
<para>Instead of a valid path to a FIDO2 <literal>hidraw</literal> device the special strings
<literal>list</literal> and <literal>auto</literal> may be specified. If <literal>list</literal> is