Re: State of Yubikey/U2F support on OpenBSD

2018-07-01 Thread Eric Augé 
sion 2.0
> Location: /home/rickard/.local/lib/python3.6/site-packages
> Requires: six, cryptography
> ---
> Name: fido2
> Version: 0.3.0
> Summary: Python based FIDO 2.0 library
> Home-page: https://github.com/Yubico/python-fido2
> Author: Dain Nilsson
> Author-email: d...@yubico.com
> License: UNKNOWN
> Location: /home/rickard/.local/lib/python3.6/site-packages
> Requires: six, cryptography
>
> // Rickard
> On Sat, 30 Jun 2018 at 12:32, Eric Augé  wrote:
>>
>> Hello Rickard,
>>
>> A) CCID worked out of the box with a yubikey 4, with pcscd and gpg
>> works fine with it for me, IIRC you can even make it work with GPG
>> without pcscd, but I'd need to verify again.
>> B) same, chromium crashes, I started investigating but lack the
>> knowledge in chromium and I am a bit lost, there are several tickets
>> open on chromium side as you mentioned.
>> C) I have not tried.
>>
>> HTH,
>> Eric.
>>
>> On Fri, Jun 29, 2018 at 11:41 AM, Rickard von Essen
>>  wrote:
>> >
>> > I've been experimenting with switching over one of my laptops to OpenBSD, 
>> > but
>> > there is one main problem stopping me from switching. The support for 
>> > Yubikeys
>> > and U2F.
>> >
>> > I'm try to gather a list of things that currently doesn't work. And maybe 
>> > find
>> > some collaborators to investigate and maybe fix the issues. So if you are
>> > interested to work on any of these or have further information please post 
>> > on
>> > this thread.
>> >
>> > A) Yubikey-manager (ykman) is the new Yubikey CLI. I got it to install but 
>> > only
>> > one out of three transport (protocols) works. OTP works. CCID fails 
>> > connecting
>> > to the Yubikey via pcscd, further investigation needed (this is hopefully 
>> > not to
>> > hard to fix). FIDO doesn't work since the pyu2f library doesn't support 
>> > OpenBSD,
>> > this is probably not to hard to fix. I'm tracking these in [1].
>> >
>> > B) Chromium (v 65.0.3325.181) crashes when U2F auth is requested and a key 
>> > is
>> > inserted, see [2]. I haven't yet debugged this, but fixing this probably
>> > requires a fair amount of knowledge about Chromiums internals.
>> >
>> > C) Firefox (v 59.0.2) doesn't officially support U2F but have a config 
>> > option to
>> > enable this [3][4]. Unfortunately this doesn't work on OpenBSD (but macOS 
>> > for
>> > example).  (Firefox 60 is supposed to support the new FIDO2 standard this 
>> > might
>> > improve on U2F support too.)
>> >
>> > [1] https://github.com/Yubico/yubikey-manager/issues/124
>> > [2] https://bugs.chromium.org/p/chromium/issues/detail?id=451248
>> > [3] https://discourse.mozilla.org/t/u2f-standard-to-firefox/23301/2
>> > [4] 
>> > https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/
>> >

Re: State of Yubikey/U2F support on OpenBSD

2018-06-30 Thread Eric Augé 
Hello Rickard,

A) CCID worked out of the box with a yubikey 4, with pcscd and gpg
works fine with it for me, IIRC you can even make it work with GPG
without pcscd, but I'd need to verify again.
B) same, chromium crashes, I started investigating but lack the
knowledge in chromium and I am a bit lost, there are several tickets
open on chromium side as you mentioned.
C) I have not tried.

HTH,
Eric.

On Fri, Jun 29, 2018 at 11:41 AM, Rickard von Essen
 wrote:
>
> I've been experimenting with switching over one of my laptops to OpenBSD, but
> there is one main problem stopping me from switching. The support for Yubikeys
> and U2F.
>
> I'm try to gather a list of things that currently doesn't work. And maybe find
> some collaborators to investigate and maybe fix the issues. So if you are
> interested to work on any of these or have further information please post on
> this thread.
>
> A) Yubikey-manager (ykman) is the new Yubikey CLI. I got it to install but 
> only
> one out of three transport (protocols) works. OTP works. CCID fails connecting
> to the Yubikey via pcscd, further investigation needed (this is hopefully not 
> to
> hard to fix). FIDO doesn't work since the pyu2f library doesn't support 
> OpenBSD,
> this is probably not to hard to fix. I'm tracking these in [1].
>
> B) Chromium (v 65.0.3325.181) crashes when U2F auth is requested and a key is
> inserted, see [2]. I haven't yet debugged this, but fixing this probably
> requires a fair amount of knowledge about Chromiums internals.
>
> C) Firefox (v 59.0.2) doesn't officially support U2F but have a config option 
> to
> enable this [3][4]. Unfortunately this doesn't work on OpenBSD (but macOS for
> example).  (Firefox 60 is supposed to support the new FIDO2 standard this 
> might
> improve on U2F support too.)
>
> [1] https://github.com/Yubico/yubikey-manager/issues/124
> [2] https://bugs.chromium.org/p/chromium/issues/detail?id=451248
> [3] https://discourse.mozilla.org/t/u2f-standard-to-firefox/23301/2
> [4] 
> https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/
>