SSH-KEYGEN returns ''invalid format" when generating ecdsa-sk key and storing it on another device

[Ivomola]

Prerequisites

• Write a descriptive title.
• Make sure you are able to repro it on the latest version
• Search the existing issues.

Steps to reproduce

While using OpenSSH_for_Windows_9.5p1, LibreSSL 3.8.2 on Windows 11 24H2 on a non-elevated command prompt, generating an ecdsa-sk key with ssh-keygen -t ecdsa-sk does not work when, at the pop-up opened by ssh-sk-helper.exe titled "Where do you want to store this passkey?" an external device or "iPhone, iPad or Android device" is selected, even if the key is stored correctly on the Android device. Selecting, however, an on-device authentication method like an onboard fingerprint reader or Windows Hello face scanner, does generate a key correctly most of the time.

Expected behavior

C:\Users\User>ssh-keygen -t ecdsa-sk
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter file in which to save the key (C:\Users\User/.ssh/id_ecdsa_sk):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\User/.ssh/id_ecdsa_sk
Your public key has been saved in C:\Users\User/.ssh/id_ecdsa_sk.pub
The key fingerprint is:
SHA256:AyVE8F6emXJEpgpyWTZG+oDKjI0uWVbV5xMPIRvh6t0 User@HOSTNAME
The key's randomart image is:
+-[ECDSA-SK 256]--+
|   .B+=.B...     |
| . * + rB.++     |
|o * . +a HD=)    |
|== = o n* +o .   |
|+o+ o + d S  .   |
|.+   . + o       |
|o.    . . m E    |
|.        g       |
|                 |
+----[SHA256]-----+

Actual behavior

C:\Users\User>ssh-keygen -t ecdsa-sk
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
You may need to touch your authenticator again to authorize key generation.
Key enrollment failed: invalid format

Error details

C:\Users\User>ssh-keygen -t ecdsa-sk -vvvv
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
debug1: find_helper: using "C:\\WINDOWS\\System32\\OpenSSH\\ssh-sk-helper.exe" as helper
debug3: Creating process with CREATE_NO_WINDOW
debug3: spawning "C:\\WINDOWS\\System32\\OpenSSH\\ssh-sk-helper.exe" as subprocess
debug3: start_helper: started pid=73540
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: client_converse: helper returned error -4
debug3: reap_helper: pid=73540
Key enrollment failed: invalid format

Environment data

Name                           Value
----                           -----
PSVersion                      5.1.26100.1591
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.26100.1591
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version

OpenSSH_for_Windows_9.5p1, LibreSSL 3.8.2 being run on Windows Terminal 1.21.2701.0 on Windows 11 24H2 build 26100.1742

Visuals

INFO THAT DIDN'T FIT ELSEWHERE

• ed25519-sk keys are not supported for storage at least on my Android phone and my Windows Device (Lenovo Thinkpad Yoga L13 2022).
• Specifying -O "resident" or not didn't change the actual behaviour.
• When performed on an elevated Powershell or CMD prompt, even storing the keys locally on device by choosing an embedded Windows Hello enabled authentication method does not work, and gives the same error (Key enrollment failed: invalid format)

MEDIA TO ILLUSTRATE THE ISSUE

Succesful key generation on-device

VID-20241008-WA0000.mp4

Failed key generation on another device

ssh_fail.-.Trim.mp4

Note that when the second to last pop up dissapears on its own is when I confirm my biometrics on my Android device and it confirms the process was succesful.

[Ivomola]

Output with FIDO_DEBUG=1:

Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
debug1: find_helper: using "C:\\WINDOWS\\System32\\OpenSSH\\ssh-sk-helper.exe" as helper
debug3: spawning "C:\\WINDOWS\\System32\\OpenSSH\\ssh-sk-helper.exe" as subprocess
debug3: start_helper: started pid=43952
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: sshsk_enroll: provider "internal", device "(null)", application "ssh:", userid "(null)", flags 0x25, challenge len 0
debug1: sshsk_enroll: using random challenge
webauthn_load: api version 7
debug1: ssh_sk_enroll: using device windows://hello
debug1: ssh_sk_enroll: key exists
debug1: sshsk_enroll: provider "internal" failure -5
debug1: ssh-sk-helper: Enrollment failed: bad permissions
debug1: main: reply len 8
debug3: ssh_msg_send: type 5
debug1: client_converse: helper returned error -44
debug3: reap_helper: pid=43952
A resident key scoped to 'ssh:' with user id 'null' already exists.
Overwrite key in token (y/n)? y
You may need to touch your authenticator again to authorize key generation.
debug1: find_helper: using "C:\\WINDOWS\\System32\\OpenSSH\\ssh-sk-helper.exe" as helper
debug3: spawning "C:\\WINDOWS\\System32\\OpenSSH\\ssh-sk-helper.exe" as subprocess
debug3: start_helper: started pid=77712
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: sshsk_enroll: provider "internal", device "(null)", application "ssh:", userid "(null)", flags 0x35, challenge len 0
debug1: sshsk_enroll: using random challenge
webauthn_load: api version 7
debug1: ssh_sk_enroll: using device windows://hello
cbor_decode_cred_authdata: buf=000001E8D8C78480, len=148
0000: e3 06 10 e8 a1 62 11 59 60 fe 1e c2 23 e6 52 9c
0016: 9f 4b 6e 80 20 0d cb 5e 5c 32 1c 8a f1 e2 b1 bf
0032: 5d 00 00 00 00 ea 9b 8d 66 4d 01 1d 21 3c e4 b6
0048: b4 8c b5 75 d4 00 10 7b 9c db fc 23 e7 68 76 a0
0064: c3 77 af d5 85 15 12 a5 01 02 03 26 20 01 21 58
0080: 20 0f 6d 83 5a 21 54 34 5f c1 13 43 80 d3 c9 76
0096: bc 24 db b0 61 b3 c8 d7 7f 1d c1 9e d7 53 34 79
0112: a9 22 58 20 5a aa be c4 e5 85 89 28 b4 48 ff d2
0128: 3e 4b 91 a6 91 5d 94 cf cf e9 1f 1a 3e 15 cb f5
0144: ba f1 ad ad
decode_attcred: buf=000001E8D8C784A5, len=111
0000: ea 9b 8d 66 4d 01 1d 21 3c e4 b6 b4 8c b5 75 d4
0016: 00 10 7b 9c db fc 23 e7 68 76 a0 c3 77 af d5 85
0032: 15 12 a5 01 02 03 26 20 01 21 58 20 0f 6d 83 5a
0048: 21 54 34 5f c1 13 43 80 d3 c9 76 bc 24 db b0 61
0064: b3 c8 d7 7f 1d c1 9e d7 53 34 79 a9 22 58 20 5a
0080: aa be c4 e5 85 89 28 b4 48 ff d2 3e 4b 91 a6 91
0096: 5d 94 cf cf e9 1f 1a 3e 15 cb f5 ba f1 ad ad
decode_attcred: attcred->id.len=16
debug1: ssh_sk_enroll: self-attested credential
fido_cred_verify_self: cdh=000001E8D8C4F060, authdata=000001E8D8C761E0, x5c=0000000000000000, sig=0000000000000000, fmt=000001E8D8C3BEC0 id=000001E8D8C474C0, rp.id=ssh:
debug1: ssh_sk_enroll: fido_cred_verify_self: FIDO_ERR_INVALID_ARGUMENT
debug1: sshsk_enroll: provider "internal" failure -1
debug1: ssh-sk-helper: Enrollment failed: invalid format
debug1: main: reply len 8
debug3: ssh_msg_send: type 5
debug1: client_converse: helper returned error -4
debug3: reap_helper: pid=77712
Key enrollment failed: invalid format

[ricklahaye]

Can confirm same behaviour from my side.

Laptop with facial + fingerprint works.
PC with only Windows Hello pin doesn't work.

Another related issue is #2040

[ricklahaye]

I bought a discrete TPM module and with that I was able to enroll the key. Think it has something to do that the firmware TPM that I was using does not allow that type of key.