FIDO2Applet
yubikey-provisioning-scri
FIDO2Applet | yubikey-provisioning-scri | |
---|---|---|
2 | 1 | |
56 | - | |
- | - | |
8.8 | - | |
15 days ago | - | |
Java | ||
MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
FIDO2Applet
-
Mathematician warns US spies may be weakening next-gen encryption
I believe the Solokey meets your definition. The hardware schematics are open, as is the software running on it.
The Precursor is also open hardware and software.
If you trust any smartcard at all running a Javacard-compatible operating system, there's also https://github.com/BryanJacobs/FIDO2Applet .
And of course if you're truly paranoid you can get a FPGA and implement a hardware security key on that. The overall security posture would likely be weaker, but you could be confident, hopefully, that nobody has put some kind of backdoor into the hardware you designed yourself to run atop a generic array of logic gates.
-
How to Yubikey: A Configuration Cheatsheet
If you get a smartcard, you can install https://github.com/BryanJacobs/FIDO2Applet on it to make it into a FIDO2 authenticator. You can install a GPG and a PIV applet too.
A Yubikey is just a proprietary smartcard with a bunch of apps installed and some HID emulation (pretending to be a keyboard, which you likely do not want).
yubikey-provisioning-scri
-
How to Yubikey: A Configuration Cheatsheet
It really depends on what you want to do with the yubikeys. If you're just using the PGP functionality (like SSH-ing and signing git commits) all you have to do is upload the same private (sub)keys to the two yubikeys and they'll be functionally the same*. I wouldn't know about other (more advanced) features though.
If you follow DrDuh's guide, you should be able to set up the yubikeys in the way I described. I also created some provisioning scripts that automate the whole process which you should be able to use to provision the PGP applet:
https://github.com/santiago-mooser/yubikey-provisioning-scri...
Make sure to enable the export of the private key though!
What are some alternatives?
yubikey-provisioning-scripts - A set of scripts to automate the provisioning of yubikey's openPGP applet.They set up your yubikey for git commit signing and SSH so you don't have to!
tillitis-key1 - Board designs, FPGA verilog, firmware for TKey, the flexible and open USB security key 🔑
yubikey-otp - Fuzzy search for TOTP (oath) secrets on your YubiKey and copy them to your clipboard.
u2f-javacard - A privacy-focused Java Card U2F Authenticator based on ledger-u2f-javacard
age-yubikey-pgp - Dage Yubikey plugin
openpgp - OpenPGP functionality for Solo
solo1 - Solo 1 firmware in C
OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.