jans23
jans23
I would very much like to see this change merged. What does holding it? Is there anything I could help with?
From the security perspective the fallback to RAND_pseudo_bytes is a no-go. With this implementation users can never be sure to have a secure encryption key. This could happen if for...
For integrating OpenSC, you find an example application [here](https://github.com/Nitrokey/nitrokey-encryption-tool/).
> @jans23 I see in https://github.com/Nitrokey/nitrokey-encryption-tool there is also no support to sign. Is this not possible via the `opensc-pkcs11.so` for OpenPGP? It is possible but not in scope of...
It sounds like you didn't install OpenSC's Minidriver.
For testing purposes and to nail down issues I recommend to use RSA2048 and not EC. If everything works, change the algorithm back to EC in a last step.
@suedadam By specification, each FIDO U2F devices contains an attestation key which proves its vendor. I believe that this correlates to vendors' promise that device private key can't be stolen....
Thank you for this long awaited feature. If anybody is interested to test it with a free Nitrokey, send us an email and we ship it to you.