OpenSSH got U2F support - an idea for GnuPG?
Tobias Wendorff
tobias.wendorff at tu-dortmund.de
Sat Jan 4 23:19:03 CET 2020
Hi there,
in November 2019, Yubikey released a patch for libfido2, which acts
as a middleware to talk between OpenSSH and U2F/FIDO2 tokens (so it
also works for the older FIDO(1) standard. Actually libfido2 now
"emulates" PKCS#11 (PIV card interface). Also OpenSSH got patched
to talk to U2F tokens now.
Duo wrote a nice article on it:
https://duo.com/labs/tech-notes/u2f-key-support-in-openssh
Would it be possible to use this technique on GnuPG? Sure, it doesn't
suite all security needs. But it could allow anyone with a U2F/FIDO2
token to use GnuPG f.e. for signing?
Would be happy to discuss to pros / cons with you.
Best regards,
Tobias
More information about the Gnupg-devel
mailing list