PGPro
PGPro copied to clipboard
lucanaef
Yubikey support for decrypting messages
First of, thanks for this great app! Nice to see that PGP finally arrives on iOS. 😄
Yubico released an iOS SDK, which offers the possibility to interact with Yubikeys (NFC/Lightning) via a RAW API. This API would offer the ability to use Yubikeys to decrypt and/or sign messages (see https://developers.yubico.com/Mobile/iOS/). This would be a great alternative for users which already use Yubikey's for handling decryption/enrcyption/signing.
Do you have any plans to integrate this in (near) future?
Cool idea! Unfortunately I don't have a Yubikey to test the implementation with but since I quite like the idea maybe I'll get one. Thanks for the suggestion!
Related: Yubico/yubikit-ios#19
Yubikey suggested this should be possible using RAW access from their SDK using specification listed at https://gnupg.org/ftp/specs/ I'd be happy to help with testing (either from TestFlight, or by compiling the project myself);)
I've received a YubiKey 5C NFC today and will start implementing this feature soon! I'll keep you updated :-)
I've received a YubiKey 5C NFC today and will start implementing this feature soon! I'll keep you updated :-)
Nice, I have the same one and 2 other Yubikeys. Are you planning on trying to get the lightning based one (5Ci) as well, or just the NFC-based ones?
I'll try to support both. But I'm not sure yet, I first need to look into how the API works.
I'll try to support both. But I'm not sure yet, I first need to look into how the API works.
Good luck! If you need testers I'm already set up with GPG on my 5C NFC, 5 NFC and 5Ci;)
I'll try to support both. But I'm not sure yet, I first need to look into how the API works.
@lucanaef do you have any updates? Maybe you need help?
I started working on it before they released version 4 of the SDK but got stuck implementing the interaction with the RAW api (now called SmartCardInterface). I'll try to update my code for the new SDK version and sometime soon push what I have to a new branch for anyone who wants to take a look at it.
Update: I'm now able to connect to the management application of the Yubikey via NFC and fetch configuration info (version, serial number, etc.) and check if OpenPGP via NFC is supported and enabled on the key. I'll next try to connect to the smart card application, clean up the code a little and then finally publish the branch.
Any chance you could put it on testflight too? I know I could compile it using Xcode, but resigning it every few days is not an ideal solution:)
This would be a great feature! Would be happy to support development with a donation, preferably via BTC (onchain or lightning).
I have just pushed the YubiKey branch. Here is an overview of the most relevant files:
-
PGPro/Yubikey/Controller/YKConnectionSession.swift: Handles the connection to the YubiKey (mostly as described here). -
PGPro/Yubikey/Model/Yubikey.swift: An instance of this class models a physical YubiKey. Its fields include the device's serial number, form factor, etc. It should eventually contain methods to encrypt and decrypt messages using the YubiKey. -
PGPro/Yubikey/Model/SmartCard.swift: Models the OpenPGP SmartCard Application inside the YubiKey according to the official OpenPGP Smart Card specifications. -
PGPro/Yubikey/Model/APDU.swift: Helper class that makes handling the APDU interface of the smart card a bit easier.
What already works: I'm able to connect to my YubiKey via NFC, establish a management session, fetch its configuration and display it in a view controller. What doesn't work: I can't get any session with the smart card interface to work. I'm likely misunderstanding how the communication flow is supposed to happen (see "9.1 Application Selection reading main DOs" (page 94) of the specification).
While I tried to clean the code up as much as possible, it is still a bit messy. If you have any questions, feel free to ask them :) Please note that I'm currently studying for my exams and might take a bit more time to respond.
If you can publish a new build with what you got working so far, I can test it with the (5-series) keys I have - 5Ci (did you have a chance to test a key using lightning as a connection interface?) 5NFC and 5C NFC.
I’m not sure this will be helpful, particularly as my code is just a small demo and based on the previous version of the Yubikey SDK, but I managed to get decryption and signing working via NFC with the commits here: https://github.com/mattbeshara/yubikit-ios/tree/openpgp-nfc-demo
@spitfire I will publish a new build to TestFlight as soon as there is anything meaningful to test. I don't (yet) have a YubiKey with Lightning and therefore not tested that connection interface at all.
@mattbeshara Thanks, this might help a lot! I'll try to take a look at it later this week.
Quick progress update:
https://user-images.githubusercontent.com/9679062/126880480-cb39ef06-a5df-43e4-9f70-d9649393aab8.mov
I'll be working on decryption next :-)
@spitfire I will publish a new build to TestFlight as soon as there is anything meaningful to test. I don't (yet) have a YubiKey with Lightning and therefore not tested that connection interface at all.
@lucanaef thank you for your work on that. I appreciate it.
May I ask you if there was any beta released on TestFlight recently? I have a look into beta linked in your app, but nothing found.
@lucanaef thank you for your work on that. I appreciate it.
May I ask you if there was any beta released on TestFlight recently? I have a look into beta linked in your app, but nothing found.
There has not been a new beta release yet. I've run into an issue (yubikit-ios/issues/75) and have paused working on it since I should study for my exams :-)
There has not been a new beta release yet. I've run into an issue (yubikit-ios/issues/75) and have paused working on it since I should study for my exams :-)
Thanks for reply, I will try on my own to run it from branch yubikey, wish you best with exams!
EDIT: Unfortunately without being enrolled in Apple Developer Program, I cannot build app with NFC capability on iPhone to test Yubikey.
Hello,
Is their any update to this? This is the last part that I need in order to completely utilize my yubikey on my iPhone. Please let me know if there is some way I can help support/promote this feature!
There are still a few hard challenges left to do, but I'm working on it :-)
@lucanaef If you need a smart card with Lightning or another NFC one, I'd be happy to donate one to your development efforts.
This feature is amazing and just what would make this ideal for me! Excited to see it in the works.
Hello, sorry to trouble you, it's been almost a year since this issue was last updated and I was wondering if any update for this? I'm currently trying to encrypt&decrypt some data using my iPhone via yubikey NFC function, and this is the most valuable content I've been able to find so far, so if there is any update, let me know please, thank you very much! :)
@mattbeshara Hi, https://github.com/mattbeshara/yubikit-ios/tree/openpgp-nfc-demo this link is no longer working and seem be deleted, I think this content is helpful to me, could you please submit the demo again? I guess this content is valuable to me, thank you very much!