Yubico / ykneo-openpgp

OpenPGP applet for the YubiKey NEO
https://developers.yubico.com/ykneo-openpgp/
GNU General Public License v2.0
214 stars 67 forks source link

VeraCrypt keyfiles on Yubikey - is it possible? #48

Closed aak2014 closed 7 years ago

aak2014 commented 7 years ago

Hello!

I'd like to be able to write keyfiles onto my Yubikey. I use VeraCrypt and I use KeePassX. Both of them can take keyfiles to derive encryption key from. VeraCrypt can work with them over PKCS #11. I'm not sure if KeePassX can. But it would be great if I could upload keyfiles to my Yubikey (or better yet - generate one onboard) and store them there PIN-protected. Nitrokey says it has such functionality. Aladdin eToken pro has it too. Does Yubikey have one? If it’s not currently provided ‘out of box’, can a user (NOT a Yubico stuff) write custom applet and load it onto Yubikey? What’s the best place to start looking for instructions/guides on how to do this?

Thanks and cheers!

a-dma commented 7 years ago

Unfortunately this is not a supported functionality. As for writing custom applets, we used to allow that with the NEO, but that requires keys from NXP which we can't provide.

As an aside, you won't be able to store keyfiles, but if PKCS#11 is supported for your use case, try having a look at PIV (either NEO or Yk4).