Feature request – integrate U2F / FIDO2 into gpg-agent for use as ssh-agent
There is some discussion of using yubikey for FIDO with ssh, but not using the crypto card function
Which, if you read the comments, I consider to be retrograde. Apart from Google Chrome, there's not a lot of support for FIDO2 out there. Is it possible to get this on a roadmap somewhere? My argument is that the use of the yubikey with gpg-agent as the ssh-agent already has 3 factors – a PIN (actually a passphrase) to unlock the card – the private key is kept in the device itself – you can program the yubikey to require a touch for signing and decryption.
Is this remotely feasible?
Comments are currently closed for this discussion. You can start a new one.
|?||Show this help|
|ESC||Blurs the current field|
|r||Focus the comment reply box|
|^ + ↩||Submit the comment|
You can use
Command ⌘ instead of
Control ^ on Mac
Support Staff 1 Posted by Luke Le on 10 Jul, 2020 07:58 AM
I do believe that this might in fact be already possible.
Did you come across this article in your research?
Hope that helps.
2 Posted by George Wayne on 10 Jul, 2020 09:52 AM
You would be better off to switch from gpg-agent to FIDO2 U2F authentication. The author in this blog post clearly points out the benefits.
Support Staff 3 Posted by Luke Le on 20 Jul, 2020 04:05 PM
in addition it appears that this is now supported out-of-the-box by SSH itself using YubiKey: https://buttondown.email/cryptography-dispatches/archive/cryptograp...
Steve closed this discussion on 30 Jul, 2020 01:03 PM.