mkinitcpio-ykfde
libfido2
mkinitcpio-ykfde | libfido2 | |
---|---|---|
2 | 6 | |
105 | 548 | |
- | 2.0% | |
2.3 | 8.6 | |
4 months ago | 29 days ago | |
C | C | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
mkinitcpio-ykfde
-
sd-encrypt, LUKS partition unlock and YubiKey - Erratic behavior
I am interested in running a self-signed Secure Boot LUKS setup that I could unlock with my YubiKey. I've tried an initramfs hook in my other devices and it works. However, I read this section about unlocking the LUKS partition with systemd and its integrated enrollment tool (systemd-cryptenroll) and my interest was piqued since it meant an integrated solution that doesn't depend on a third-party one.
-
Second factor LUKS encryption via Yubikey on Fedora 33
Found a solution myself: https://github.com/eworm-de/mkinitcpio-ykfde/blob/master/README-dracut.md
libfido2
-
Yubikey for GPG on Void Linux
udev? yeah you should check that. https://github.com/Yubico/libfido2/blob/main/udev/70-u2f.rules Reload the udev rules after you change them if you do change them, and unplug the device, wait 15 seconds, plug it in again.
-
Measure to increase security of portfolio accounts
It's not extremely difficult at all to implement these! Heck, even at Google we use LibFido2 which is a free-to-use library (you can find it here if you want: https://github.com/Yubico/libfido2). Of course Google's version is a bit different and the creator of LibFido2 now works here, but all of these 2FA methods aren't particularly difficult to implement in the sense that most of the work (libraries, standards, exact specifications) is already done.
-
Good to see rubygems.org introduce hardware security token & Passkey support
It could be possible yes. Libraries like https://github.com/Yubico/libfido2 already abstract away external keys (via CTAP) and the Windows WebAuthn API, which allows you to use Windows Hello for signing in using eg a Logitech Brio webcam.
-
All You Need to Know FIDO2 & Passwordless Authentication
https://fidoalliance.org https://loginwithfido.com https://w3.org/TR/webauthn-2/ https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html https://github.com/yubico/Python-Fido2 https://github.com/yubico/libfido2
-
how are you dealing with "passkeys" rollout?
They suggest using this libfido2 library to connect with the hardware devices. I don't really know much about OSS licenses and which are the most "free" so you'll have to decide that for yourself.
- Bundled version of OpenSSH with macOS Monterey doesn't support FIDO2 yubikeys
What are some alternatives?
dracut-crypt-ssh - dracut initramfs module to start dropbear sshd during boot to unlock the root filesystem with the (cryptsetup) LUKS passphrase remotely
openssh-sk-winhello - A helper for OpenSSH to interact with FIDO2 and U2F security keys through native Windows Hello API
yubico-pam - Yubico Pluggable Authentication Module (PAM)
python-fido2 - Provides library functionality for FIDO 2.0, including communication with a device over USB.
OpenSSL - TLS/SSL and crypto library
fido2-net-lib - FIDO2 .NET library for FIDO2 / WebAuthn Attestation and Assertion using .NET
c-toxcore - The future of online communications.
OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
linux - Arch Linux kernel sources, with patches (Mirror)
glewlwyd - Experimental Single Sign On server, OAuth2, Openid Connect, multiple factor authentication with, HOTP/TOTP, FIDO2, TLS Certificates, etc. extensible via plugins
svntogit-packages - Automatic import of svn 'packages' repo (read-only mirror)