cryptenroll,homectl: Introduce --fido2-credential-algorithm option

[thirdparty/systemd.git] / man / systemd-cryptenroll.xml

diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml
index 6616d8bdb9f2476cd037d3531adf6b3401294dae..a18b070a3262416f502905d6c9c4a1a2d08dedab 100644 (file)
--- a/man/systemd-cryptenroll.xml
+++ b/man/systemd-cryptenroll.xml
@@ -122,6 +122,19 @@
         <filename>/etc/crypttab</filename> line.</para></listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><option>--fido2-credential-algorithm=</option><replaceable>STRING</replaceable></term>
+        <listitem><para>Specify COSE algorithm used in credential generation. The default value is
+        <literal>es256</literal>. Supported values are <literal>es256</literal>, <literal>rs256</literal>
+        and <literal>eddsa</literal>.</para>
+
+        <para><literal>es256</literal> denotes ECDSA over NIST P-256 with SHA-256. <literal>rs256</literal>
+        denotes 2048-bit RSA with PKCS#1.5 padding and SHA-256. <literal>eddsa</literal> denotes
+        EDDSA over Curve25519 with SHA-512.</para>
+
+        <para>Note that your authenticator may not support some algorithms.</para></listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><option>--fido2-device=</option><replaceable>PATH</replaceable></term>