I was curious about the details of FIDO2/U2F authentication and attestation with hardware tokens / security keys in both the browser's `WebAuthn` as well as `ssh`, so I spent the day working through the protocols and validating each step with `openssl`: https://trmm.net/U2F/
@th Argh! My OpenSSH is too old still (on my client): OpenSSH_8.1p1, LibreSSL 2.7.3
@sindastra I wrote a guide for that, too! https://trmm.net/Yubikey/#gpg-agent-and-ssh
Although I found it very flakey when the token went away and came back, so I stopped using it. The u2f code has been much more reliable so far, and doesn't conflate my PGP identity with my computer identity, so I'm hoping to switch more of my servers to this new code.
@th Oh, it seems your article is quite old, GPGMail isn't free software anymore and thus not an option for me. They ask for quite a lot of money (for what it is), and you need to upgrade (pay again) every year to remain compatible which I can't agree with.
@th Honestly, I also have been having issues with smartcards and PGP in general, especially now with the latest Thunderbird which I mentioned here: https://www.sindastra.de/p/1583/dear-mozilla-why-thunderbird-78-x-is-both-great-and-awful-pgp/