Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hardware tokens #137

Closed
vext01 opened this issue Aug 7, 2020 · 10 comments
Closed

Hardware tokens #137

vext01 opened this issue Aug 7, 2020 · 10 comments

Comments

@vext01
Copy link

vext01 commented Aug 7, 2020

Hi there,

This isn't really a bug report.

I was wondering if there's any plan to allow the use of hardware tokens (like yubikey) with age?

I'm super-keen to ditch gpg, but I'd also like to be able to use my yubikeys!

Thanks
@bdd
Copy link
Contributor

bdd commented Aug 7, 2020

It is. Check out the "Later" section at https://age-encryption.org/v1

Author already implemented the necessary PKCS#11 handling parts for another project at https://github.com/FiloSottile/yubikey-agent. Maybe someone will contribute such code, maybe the author will add the feature when they can find time.

@str4d
Copy link

str4d commented Aug 7, 2020

This is blocking on the plugin system (currently under design), which is how we plan to support hardware tokens. I implemented an initial draft of YubiKey support in str4d/rage#25, but it's likely to be revised once reworked as an age plugin.

@vext01
Copy link
Author

vext01 commented Aug 7, 2020

That's great news! Thanks!

Shall I close this, or would it be useful to keep it open?

@tv42
Copy link

tv42 commented Sep 3, 2020
edited
Loading

As far as I understand, go-piv/piv-go#79 is needed to do ECDH with Yubikeys from pure Go (EDIT: as pure as it gets, at this time). Input on the API would be welcome, I guess? Just doing a drive-by contribution...

@joonas-fi
Copy link

Related: #142

@tv42
Copy link

tv42 commented Feb 1, 2021

Heads up: I have a age-plugin-yubikey prototype that just started working right. It relies on the plugin mechanism implemented in rage v0.5.0. Next up: clean up the code base, then I'll publish it with a big "unstable format" sticker.

@str4d
Copy link

str4d commented Feb 1, 2021
edited
Loading

@tv42 if you haven't seen it, I already have a YubiKey Rust plugin at https://github.com/str4d/age-plugin-yubikey which is working (the full impl is in this branch and I'm incrementally cleaning it up and merging to main); if you're building something in another language, we should sync to ensure you are using the same protocol.

@tv42
Copy link

tv42 commented Feb 1, 2021

@str4d I read your plugin but only found the nonfunctional code on master. Will take a second look.

@tv42
Copy link

tv42 commented Feb 2, 2021

@str4d My code is now format-compatible with yours, you can mix & match encryption and decryption plugins and everything works. Clean up and then publishing...

@tv42
Copy link

tv42 commented Feb 3, 2021

Here's my implementation of Yubikey support as a plugin: https://github.com/tv42/yubage

Nudge @str4d

@orolhawion orolhawion mentioned this issue Mar 25, 2021
Closed
Repository owner locked and limited conversation to collaborators Apr 19, 2021

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@bdd @tv42 @vext01 @joonas-fi @FiloSottile @str4d