Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FR] age with YubiKeys #2260

Closed
dominikschulz opened this issue Jun 13, 2022 · 6 comments · Fixed by #2960
Closed

[FR] age with YubiKeys #2260

dominikschulz opened this issue Jun 13, 2022 · 6 comments · Fixed by #2960
Assignees
Labels
age age-encryption.org backend
Milestone

Comments

@dominikschulz
Copy link
Member

age plugin support is coming along nicely and I'd love to have gopass ready and tested with YKs once 1.1.0 final is released.

Will try to give it a try to iron out potential issues and write down any specifics in our docs.

@dominikschulz dominikschulz self-assigned this Jun 13, 2022
@dominikschulz dominikschulz added this to the 1.14.4 milestone Jun 13, 2022
@dominikschulz dominikschulz added the age age-encryption.org backend label Jun 13, 2022
@dominikschulz dominikschulz modified the milestones: 1.14.4, 1.x.x Dec 4, 2022
@dominikschulz
Copy link
Member Author

This will have to wait until age 1.1.0 is finally released.

@dominikschulz
Copy link
Member Author

@dominikschulz dominikschulz changed the title age with YubiKeys [FR] age with YubiKeys Dec 27, 2022
@AnomalRoil
Copy link
Member

age as a library doesn't work well with Yubikeys for now.

Related discussion:
FiloSottile/age#480

@MarkusZoppelt
Copy link

age as a library doesn't work well with Yubikeys for now.

This might change if the changes by @gdbinit make it upstream:
https://github.com/gdbinit/age / https://github.com/gdbinit/yage

@fredrikfoss
Copy link

Hey Dominik, I was wondering if there is any progress on this feature or plans for it? There is a yubikey plugin now for age/rage, https://github.com/str4d/age-plugin-yubikey, which is also possible to use with passage. From README:

Example: set up with age-plugin-yubikey
---------------------------------------

This setup requires age v1.1.0, or rage (https://github.com/str4d/rage), and
the PIV plugin age-plugin-yubikey (https://github.com/str4d/age-plugin-yubikey).

It's recommended to add more YubiKeys and/or age keys to the .age-recipients
file as recovery options, in case this YubiKey is lost.

    age-plugin-yubikey # run interactive setup
    age-plugin-yubikey --identity >> $HOME/.passage/identities
    age-plugin-yubikey --list >> $HOME/.passage/store/.age-recipients

I'm not sure because I can't find back to where I read it, but I think the age author said the yubikey stuff would stay a plugin, and not be integrated. Same with pinentry stuff, but rage comes with it though in some form. But worth to note the yubikey plugin is in Rust ¯\_(ツ)_/¯

@con-f-use
Copy link

The age plugin seems to require PIV-enabled yubikeys, which for instance, seems to rule out the yubikey bio series. It would be nice to find a way to use the bio series for pin-entry to gopass, too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
age age-encryption.org backend
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants