Open farblos opened 6 months ago
robin-nitrokey
commented
6 months ago I see that this is a useful feature, but from my perspective, this should be implemented by client applications like gnupg/scdaemon. The applications have all required information to show such a prompt while tools like yubikey-touch-detector can only try to observe side effects.
farblos
commented
6 months ago Thanks, I thought that was something like an extra feature of the Yubikey.
Uh, the detection of OpenPGP UIF requests done by yubikey-touch-detector is really - side-effect-ish? Will try my luck at the GnuPG mailing list to see whether there are any plans for implementing a cleaner solution.
On the other hand, a clean and general facility to "forward" all NK user presence requests to the desktop, regardless of what (FIDO2, OpenPGP UIF) has caused them, would be probably only feasible for the NK itself to implement, no?
robin-nitrokey
commented
6 months ago On the other hand, a clean and general facility to "forward" all NK user presence requests to the desktop, regardless of what (FIDO2, OpenPGP UIF) has caused them, would be probably only feasible for the NK itself to implement, no?
Yes, but this is not trivial. For applications using the CTAPHID protocol, e. g. FIDO2, we already send out this information as part of the keepalive message. But this is only possible because it is part of the protocol and can be done with a preliminary response to the command that is being processed. A more generic approach would be possible, but would require a major change to request handling in the firmware.
We will keep this issue as a feature request, but honestly I don’t think we will implement it in the foreseeable future.
farblos
commented
6 months ago A more generic approach would be possible, but would require a major change to request handling in the firmware.
I have been half afraid of that.
We will keep this issue as a feature request, but honestly I don’t think we will implement it in the foreseeable future.
Fair enough, thanks.
Another other-smartcard-features, described, for example here and having a project here.
I slowly get used to checking the UIF request indicator light, but getting it right onto the desktop would be better. (Actually, I do not use a full DE, so a more generic norification mechanism I could hook into would be even more appreciated.)