termux-api icon indicating copy to clipboard operation
termux-api copied to clipboard

Published 20 hours ago verified publisher icon termux

YubiKey support

Open codebam opened this issue 5 years ago • 11 comments

Feature description Support for YubiKey USB devices in OpenPGP.

Reference implementation https://github.com/open-keychain/open-keychain

Does another app/terminal emulator have this feature? OpenKeyChain has this feature on Android

Provide links to more background information

Although OpenKeyChain supports this feature, the PGP implementation in OpenKeyChain doesn't support YubiKeys in such a way that it can decrypt files with a hidden receipt. This creates a problem with password-store (and the password store app) because password store encrypts keys such that the recipient is hidden. See here.

OpenPGP doesn't have this issue, and supporting it would open up possibilities to do signing and key verification on git and any other applications that support PGP.

codebam avatar Aug 16 '19 17:08 codebam

I support this request. I commonly use Android/Termux with Github, and so I cannot currently use 2FA to secure my account.

GlenCThomas avatar Oct 31 '19 18:10 GlenCThomas

@PHPoenX you cannot use gnupg to access yubikeys from within termux. that's what this issue explains

codebam avatar Nov 02 '19 22:11 codebam

Please?

Fresheyeball avatar Sep 13 '21 19:09 Fresheyeball

Following for updates

sn0n avatar Jul 14 '22 09:07 sn0n

For the record things like gpg signing and decrypting with a yubikey works fine when running as root. I haven't gotten signing of git commits working though, might need some patch to modify how git invokes gpg.

Adding full support for all yubikey features, for all software, might be hard, but we should be able to make softwares that make use of libusb able to (partially) access yubikeys, without root

Grimler91 avatar Jul 14 '22 15:07 Grimler91

As a new Termux user I'm also looking into this topic and I've found this project: https://github.com/DDoSolitary/OkcAgent. I've not tried it yet, but conceptually it can be considered at least a workaround for this issue, right? Of course native driver for yubikey would be better, but until it is done (and the amount of activity on this indicates it won't be done for a long time), okc-agent project should be noted here.

calaveraInfo avatar Aug 19 '22 14:08 calaveraInfo

@calaveraInfo Thank you so much for that tip! I have my SSH keys on Yubikeys following https://github.com/drduh/YubiKey-Guide/blob/master/README.md, and OpenKeychain plus okc-agent worked for me on an AOSP-only phone (LineageOS, but no GMS).

inducer avatar Aug 19 '22 21:08 inducer

OpenKeychain is no longer supported and OkcAgent no longer works.

Root might be an option but not everyone wants to root their phones [just for this].

Terminus supports YubiKeys but only for 2FA, not for key auth; and TermBot hasn't been updated in years and has always been limited in functionality.

A native solution to this would be much appreciated.

sevmonster avatar Dec 14 '23 13:12 sevmonster