yubikey-provisioning-scripts
FIDO2Applet
yubikey-provisioning-scripts | FIDO2Applet | |
---|---|---|
6 | 2 | |
57 | 56 | |
- | - | |
1.5 | 8.8 | |
about 1 year ago | 6 days ago | |
Shell | Java | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
yubikey-provisioning-scripts
- Passwordless sudo and verified GitHub commit signing with Yubikey - a pair coder's dream
- Scripts to automate Yubikey provisioning. They set up your yubikey for you so you don't have to!
-
How to Yubikey: A Configuration Cheatsheet
It really depends on what you want to do with the yubikeys. If you're just using the PGP functionality (like SSH-ing and signing git commits) all you have to do is upload the same private (sub)keys to the two yubikeys and they'll be functionally the same*. I wouldn't know about other (more advanced) features though.
If you follow DrDuh's guide, you should be able to set up the yubikeys in the way I described. I also created some provisioning scripts that automate the whole process which you should be able to use to provision the PGP applet:
https://github.com/santiago-mooser/yubikey-provisioning-scri...
Make sure to enable the export of the private key though!
- Scripts to Automate the Provisioning of a Yubikey
- I wrote some scripts to automate the provisioning of yubikey's openPGP applet
- I created some bash scripts to automate the provisioning of a yubikey's openPGP applet! I created them for work but feel free to use them yourself
FIDO2Applet
-
Mathematician warns US spies may be weakening next-gen encryption
I believe the Solokey meets your definition. The hardware schematics are open, as is the software running on it.
The Precursor is also open hardware and software.
If you trust any smartcard at all running a Javacard-compatible operating system, there's also https://github.com/BryanJacobs/FIDO2Applet .
And of course if you're truly paranoid you can get a FPGA and implement a hardware security key on that. The overall security posture would likely be weaker, but you could be confident, hopefully, that nobody has put some kind of backdoor into the hardware you designed yourself to run atop a generic array of logic gates.
-
How to Yubikey: A Configuration Cheatsheet
If you get a smartcard, you can install https://github.com/BryanJacobs/FIDO2Applet on it to make it into a FIDO2 authenticator. You can install a GPG and a PIV applet too.
A Yubikey is just a proprietary smartcard with a bunch of apps installed and some HID emulation (pretending to be a keyboard, which you likely do not want).
What are some alternatives?
tillitis-key1 - Board designs, FPGA verilog, firmware for TKey, the flexible and open USB security key 🔑
yubikey-otp - Fuzzy search for TOTP (oath) secrets on your YubiKey and copy them to your clipboard.
OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
u2f-javacard - A privacy-focused Java Card U2F Authenticator based on ledger-u2f-javacard
YubiKey-Guide - Guide to using YubiKey for GnuPG and SSH
yubikey-provisioning-scri
openpgp - OpenPGP functionality for Solo
dage - Age Encryption implementation in Dart