FiloSottile
commented
2 years ago A (r)age plugin that uses yubikey-agent is on the roadmap :)
Open fmeum opened 3 years ago
FiloSottile
commented
2 years ago A (r)age plugin that uses yubikey-agent is on the roadmap :)
yvesf
commented
2 years ago original message replaced
Edit: Here was a draft how yubikey-agent could be extended to be used with age. Following https://github.com/FiloSottile/yubikey-agent/issues/63#issuecomment-1015835240 I had an e-mail exchange with @tv42. As he points out below I used some routines from his project and by mistake didn't put the correct attribution to him. I understood him in our conversation that correcting this alone is not in his interest. Since even with correct attribution my draft contain some lines of code with him (the actual enc/decryption part of file-keys), I'll not advertise it here any further.
tv42
commented
2 years ago The changes are more than "inspired" by my code.
See https://github.com/yvesf/yubikey-agent/blob/47e52502ea3e8f2b096cb888cd7149b0ac308b27/plugin.go#L198-L220
versus https://github.com/tv42/yubage/blob/49146f64d316f1c15baf247f3f4cba28a3e13b9b/internal/pivplug/recipient.go#L132-L163
and please follow https://github.com/tv42/yubage/blob/master/LICENSE
yvesf
commented
2 years ago I updated the relevant places with a copyright notice pointing to the source, the links in my first comments are updated accordingly. I'm sorry that I forgot the attribution to tv42 in these places. To my knowledge these three are all places where your work is used. @tv42 please let me know if you see more problems.
This licensing jumble is not really nice in the code (there is also some code copied from age itself but that could potentially be resolved easily by the author of age). I want state it very clear here too that this is not like a MR but just in a "works for me" state.
I'm not too eager to deal with license compatibility, copyright and such stuff. I'd rather retract the whole thing.
IxDay
commented
1 year ago Is there a repo we can checkout to assist or just keep track of the progress?
I'm currently using the OpenPGP applet on my Yubikey for two things: SSH authentication and password decryption with pass. Given all the well-known UX issues with gpg and smart cards/hardware tokens, I would like to switch to yubikey-agent, (r)age & PIV. Most of the ecosystem is there or not hard to build (such as a pass clone that relies on age), but currently the two use cases authentication and decryption don't work well simultaneously due to the need for exclusive reader access.
A convenient feature of gpg that works around the "reader lock" issue is that it can work as an agent for both SSH auth and decryption. What are thoughts about adding decryption agent functionality to yubikey-agent, which could then be used by (r)age?