Saturday, June 30, 2018

Re: State of Yubikey/U2F support on OpenBSD

Hello Rickard,

A) CCID worked out of the box with a yubikey 4, with pcscd and gpg
works fine with it for me, IIRC you can even make it work with GPG
without pcscd, but I'd need to verify again.
B) same, chromium crashes, I started investigating but lack the
knowledge in chromium and I am a bit lost, there are several tickets
open on chromium side as you mentioned.
C) I have not tried.

HTH,
Eric.

On Fri, Jun 29, 2018 at 11:41 AM, Rickard von Essen
<rickard.von.essen@gmail.com> wrote:
>
> I've been experimenting with switching over one of my laptops to OpenBSD, but
> there is one main problem stopping me from switching. The support for Yubikeys
> and U2F.
>
> I'm try to gather a list of things that currently doesn't work. And maybe find
> some collaborators to investigate and maybe fix the issues. So if you are
> interested to work on any of these or have further information please post on
> this thread.
>
> A) Yubikey-manager (ykman) is the new Yubikey CLI. I got it to install but only
> one out of three transport (protocols) works. OTP works. CCID fails connecting
> to the Yubikey via pcscd, further investigation needed (this is hopefully not to
> hard to fix). FIDO doesn't work since the pyu2f library doesn't support OpenBSD,
> this is probably not to hard to fix. I'm tracking these in [1].
>
> B) Chromium (v 65.0.3325.181) crashes when U2F auth is requested and a key is
> inserted, see [2]. I haven't yet debugged this, but fixing this probably
> requires a fair amount of knowledge about Chromiums internals.
>
> C) Firefox (v 59.0.2) doesn't officially support U2F but have a config option to
> enable this [3][4]. Unfortunately this doesn't work on OpenBSD (but macOS for
> example). (Firefox 60 is supposed to support the new FIDO2 standard this might
> improve on U2F support too.)
>
> [1] https://github.com/Yubico/yubikey-manager/issues/124
> [2] https://bugs.chromium.org/p/chromium/issues/detail?id=451248
> [3] https://discourse.mozilla.org/t/u2f-standard-to-firefox/23301/2
> [4] https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/
>

No comments:

Post a Comment