Project Description
FIDO2 is set of specifications for multi-factor authentication. It is based on asymmetric cryptography with secrets stored in a HW token. The token must support the protocol to be usable. I own Nitrokey Start which is fundamentally similar but it speaks a different protocol (of GPG smart cards). I'm curious whether the device can serve as FIDO2 token too.
Goal for this Hackweek
There will be likely lots of impedance to match. Ideally, the secrets should never live out of the GPG smart card, however, I'm not sure if the signing protocols are compatible. (To study this is also a goal.) An alternative would be to use an established password manager (e.g. pass) and emulate the FIDO2 token in software with access to secrets in the password manager. The intention is to be able to authenticate via browser against a WebAuthn (web) service.
The goal is not to provide a more secure solution than real HW FIDO2 token.
Resources
Looking for hackers with the skills:
This project is part of:
Hack Week 21
Activity
Comments
-
about 2 years ago by jzerebecki | Reply
There are fido2 implementations for various stm32 boards, like the nitrokey start is one. But sadly I know of none that combine a fido2 and gpg implementation, though it is theoretically possible. E.g. https://github.com/solokeys/solo1 and there is also one in rust https://github.com/google/OpenSK
If you can't get your hardware key to cooperate with the fido2 protocol, then there are fido2 implementations using the tpm2 most laptops have available. E.g. https://github.com/psanford/tpm-fido
-
about 2 years ago by mkoutny | Reply
Report after Hackweek
- I started decomposition by studying FF
- the most important part is implemented in authenticator-rs
- later I found related projects
- https://github.com/ellerh/softfido
- https://blog.hansenpartnership.com/webauthn-in-linux-with-a-tpm-via-the-hid-gadget/ (Git repo)
- I've used the latter as a base for my experiment
- I decided to use GPGME library to interact with GPG (it's as convenient to use as gpg itself :-/)
- https://github.com/seiyak/GPGME-sample-code proved more useful that docs
- I manually generated nistp256 GPG subkey with Authenticate capability to honor U2F specification (that's predecessor of FIDO2 that allows only this particular signing algo)
- I suspect upstream kernel has inconsistent config definitions to build USB gadget for Tumbleweed, I applied following patch locally:
``` --- a/drivers/usb/gadget/udc/Kconfig +++ b/drivers/usb/gadget/udc/Kconfig @@ -471,7 +471,7 @@ source "drivers/usb/gadget/udc/aspeed-vhub/Kconfig"
config USBDUMMYHCD tristate "Dummy HCD (DEVELOPMENT)" - depends on USB=y || (USB=m && USBGADGET=m) + depends on USB=y || (USB=m && USBGADGET=y) help This host controller driver emulates USB, looping all data transfer requests back to a USB "gadget driver" in the same host. The host ``` - my quickly hacked program was able to register (aka provide public key) against https://webauthn.io/ but it's not able to authenticate (aka sign challenges) - my joy was stopped by RFC4880 that defines GPG signatures as follows (highlight mine):
The concatenation of the data being signed and the signature data from the version number through the hashed subpacket data (inclusive) is hashed. The resulting hash value is what is signed.
- that's where I stopped but I realize
ssh-keygen -Y sign ...is the way forward (preferred to low-level communications with ssh-agent)- the point is that gpg-agent can act as ssh-agent too
- the goal of this project should be achieved with the ssh-agent detour
- I started decomposition by studying FF
Similar Projects
This project is one of its kind!