-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for OnlyKey HMAC SHA1 #56
Comments
I don't have a problem with that. The only issue is that someone will need to maintain that support. TIL about OnlyKey so I don't have any hardware. |
@agherzan We can support any issues that come up they can be posted here - https://github.com/trustcrypto/OnlyKey-Firmware I don't expect there would be too many issues though as HMAC SHA1 feature should work the same whether an OnlyKey or Yubikey is used. We can also send you hardware to test, send email to t@crp.to with mailing address. |
@onlykey
Will it work out-of-the-box with onlykey? If it's not possible to work with onlykey from those commands then there is nothing we can do about it. |
I actually bought my OnlyKey to do this but i didn't research and was under the impression i simply needed a u2f key. |
I think you need modified |
Closing this as it's not actionable here. This needs feature request in https://github.com/Yubico/yubikey-personalization first. If things change feel free to re-open. |
@Vincent43 We did add the feature request in yubikey-personalization. ykpers 1.20 adds the feature where you can open any vendor/product key by calling yk_open_key_vid_pid instead of yk_open_first_key(). Is it possible for you to use that? EDIT: Just reread this issue, since this is just a script that calls ykchalresp binaries it would be the binaries that would have to change to support OnlyKey. This is not difficult to do if anyone is interested, its just adding OnlyKey USB VID/PID here: |
If/When ykinfo/ykchalresp gets support for OnlyKey we can look at supporting it here (this may need help testing from someone who actually has this key). I don't know if there are still people who are interested in OnlyKey support in this project so this is your call if pushing another feature request to yubikey-personalization is worth your time. |
I totally agree with @Vincent43 . We need someone to maintain this support. Someone who uses onlykey as a daily driver. |
Actually adding support for OnlyKey (when possible) may be one time change. I just meant we need someone to confirm it works at time we add it so we won't fool ourself. Ideally it would be implemented in yubikey-personalization in a way to be fully transparent for apps like ours so when we call |
@Vincent43 Yubico is very likely not going to implement support for other security keys in their own binaries. This would be the kind of thing where a custome ykchalresp binary would have to be compiled for OnlyKey support (simple change) and that custom binary be used. |
I thought they are open for leveraging their tools for other keys if they accepted supporting them in library. If it's not the case then indeed users are required to get custom patched binary that will work out of the box with this project so for us the case is closed. |
honestly kinda sad to be entirely honest. I mean Yubico kinda added support for third party tokens by supplying extra IDs in their lib |
Adding support in libs doesn't help for projects that can't use them. Having third party keys support in libs but not in cli tools within the same project is certainly inconsistent. |
wait seriously? kinda crazy, lol |
so sad, |
Hi,
We recently implemented HMAC SHA1 in OnlyKey, it is fully compatible with Yubikey's HMAC SHA1 challenge and response. We have integrated support with KeePassXC keepassxreboot/keepassxc#3352 and are looking to integrate with other projects as well. The only change required is to allow OnlyKey's USB VID/PID to be used in addition to the already allowed Yubikey USB VID/PIDs. Would you be willing to add support for OnlyKey?
Thanks!
The text was updated successfully, but these errors were encountered: