Hardware tokens #245

vext01 · 2020-08-07T14:58:00Z

vext01
Aug 7, 2020

Hi there,

This isn't really a bug report.

I was wondering if there's any plan to allow the use of hardware tokens (like yubikey) with age?

I'm super-keen to ditch gpg, but I'd also like to be able to use my yubikeys!

Thanks

bdd · 2020-08-07T16:36:28Z

bdd
Aug 7, 2020

It is. Check out the "Later" section at https://age-encryption.org/v1

Author already implemented the necessary PKCS#11 handling parts for another project at https://github.com/FiloSottile/yubikey-agent. Maybe someone will contribute such code, maybe the author will add the feature when they can find time.

0 replies

str4d · 2020-08-07T16:43:19Z

str4d
Aug 7, 2020

This is blocking on the plugin system (currently under design), which is how we plan to support hardware tokens. I implemented an initial draft of YubiKey support in str4d/rage#25, but it's likely to be revised once reworked as an age plugin.

0 replies

vext01 · 2020-08-07T18:27:11Z

vext01
Aug 7, 2020
Author

That's great news! Thanks!

Shall I close this, or would it be useful to keep it open?

0 replies

tv42 · 2020-09-03T23:57:28Z

tv42
Sep 3, 2020

As far as I understand, go-piv/piv-go#79 is needed to do ECDH with Yubikeys from pure Go (EDIT: as pure as it gets, at this time). Input on the API would be welcome, I guess? Just doing a drive-by contribution...

0 replies

joonas-fi · 2020-10-29T11:00:19Z

joonas-fi
Oct 29, 2020

Related: #142

0 replies

tv42 · 2021-02-01T16:09:06Z

tv42
Feb 1, 2021

Heads up: I have a age-plugin-yubikey prototype that just started working right. It relies on the plugin mechanism implemented in rage v0.5.0. Next up: clean up the code base, then I'll publish it with a big "unstable format" sticker.

0 replies

str4d · 2021-02-01T18:06:11Z

str4d
Feb 1, 2021

@tv42 if you haven't seen it, I already have a YubiKey Rust plugin at https://github.com/str4d/age-plugin-yubikey which is working (the full impl is in this branch and I'm incrementally cleaning it up and merging to main); if you're building something in another language, we should sync to ensure you are using the same protocol.

0 replies

tv42 · 2021-02-01T18:31:24Z

tv42
Feb 1, 2021

@str4d I read your plugin but only found the nonfunctional code on master. Will take a second look.

0 replies

tv42 · 2021-02-02T18:14:59Z

tv42
Feb 2, 2021

@str4d My code is now format-compatible with yours, you can mix & match encryption and decryption plugins and everything works. Clean up and then publishing...

0 replies

tv42 · 2021-02-03T19:53:42Z

tv42
Feb 3, 2021

Here's my implementation of Yubikey support as a plugin: https://github.com/tv42/yubage

Nudge @str4d

0 replies

str4d · 2021-05-02T04:45:11Z

str4d
May 2, 2021

I have just published age-plugin-yubikey 0.1.0, the first beta release of YubiKey support. It can be used with rage 0.6.0 (also just published).

@tv42 there were some changes to the draft piv-p256 stanza protocol during pre-release review (str4d/age-plugin-yubikey#31 and str4d/age-plugin-yubikey#32). https://hackmd.io/@str4d/age-plugin-yubikey has been updated accordingly.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Hardware tokens #245

{{title}}

Replies: 11 comments

{{title}}

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Hardware tokens #245

Replies: 11 comments

vext01 Aug 7, 2020 Author

vext01
Aug 7, 2020
Author