opgp: add support for KDF PINs #325
Conversation
|
Thanks for the contribution! Some initial testing with a 5.2.4 and a YubiKey 4 (not with KDF but just using the other commands as usual) seems to work well. Needs a bit more reviewing and testing before merging though. |
Resolves Yubico#279. Signed-off-by: Dag Heyman <dag@yubico.com>
dagheyman
force-pushed
the
add-openpgp-kdf-support
branch
from
305faac
to
4bea80d
Compare
|
Merging, thanks! |
|
I have a yubikey nano 5 with firmware 5.2.6. using gpg 2.2.23 I used The assertion @ https://github.com/Yubico/yubikey-manager/pull/325/files#diff-da03da1a4f8bebc76d8400055f515dc06c481974caf7f96966fd0ee30810af43R259 fails, or at least it would have failed if it were not unceremoniously removed in c13a4c0#diff-da03da1a4f8bebc76d8400055f515dc06c481974caf7f96966fd0ee30810af43L259 |
|
FWIW, I suspect that when |
|
The above issue seems specific to my nano. My YubiKey 5 NFC with 5.2.7 firmware doesn't seem to have this issue. |
|
Yeah that assertion should definitely stay or at least be turned into an explicit UI error or something… The latest OpenPGP Smart Card specification’s diagram on page 19 suggests to me that the KDF DOs have to contain all three salts. I’m a bit wary of silently reusing salts for different inputs in a cryptographic application in response to behaviour that seems to contradict the specification. Hopefully someone from Yubico can ask a hardware engineer about this to figure out what’s up and how it should be handled. |
|
(As a general comment, I think this functionality is honestly of somewhat limited utility in general; a lot of applications seem to not have great support for it, as I’ve found, and the primary attack it defends against seems to be USB sniffing. As long as you’re using a unique passphrase for your PIN I don’t think there’s much reason to use |
|
I don't know how to turn |
|
Sadly, you have to |
|
To be honest I don't know what the "proper" behavior is when the salts for pw2 and pw3 are absent. Really it's more of "whatever gpg does". I've pushed some changes to the |
|
I did some further investigation and I see that gpg has 2 modes for KDFs, gpg tests this You can enable I believe it is the case that I can no longer change the KDF mode after setting keys? I get Anyhow this should be sufficient information that I think you should be able to reproduce my configuration yourself. If you are unable, I can do further testing. Turns out this isn't a firmware issue with my nanos like I thought at first. This is entirely a gnupg thing. |
|
For completeness here is gnupg's tortured logic for finding the KDF salt @ https://github.com/gpg/gnupg/blob/7f3ce66ec56a5aea6170b7eb1bda5626eb208c83/scd/app-openpgp.c#L2402-L2405 |
|
Perfect, that gives me everything I need. I'll make sure ykman 4.0 works properly for all modes. Thank you for your investigation into this, it's very helpful! |
|
Thanks for the quick response. I've also filed another (much easier) openpgp issue @ #390 for another issue I encountered while investigating this. |
It would be closer to sensible if instead a secure communication channel was opened instead. |
Resolves #279.
I've tested this on a YubiKey 5 Nano and NFC running firmware version 5.2.4, but more testing from others would be appreciated; in particular, I haven't actually verified that it still works when KDF is disabled, or on older firmware versions that don't support KDF at all...