OpenSSH got U2F support - an idea for GnuPG?

Tobias Wendorff tobias.wendorff at
Sat Jan 4 23:19:03 CET 2020

Hi there,

in November 2019, Yubikey released a patch for libfido2, which acts
as a middleware to talk between OpenSSH and U2F/FIDO2 tokens (so it
also works for the older FIDO(1) standard. Actually libfido2 now
"emulates" PKCS#11 (PIV card interface). Also OpenSSH got patched
to talk to U2F tokens now.

Duo wrote a nice article on it:

Would it be possible to use this technique on GnuPG? Sure, it doesn't
suite all security needs. But it could allow anyone with a U2F/FIDO2
token to use GnuPG f.e. for signing?

Would be happy to discuss to pros / cons with you.

Best regards,

More information about the Gnupg-devel mailing list