brush701 / keechallenge

A plugin for KeePass2 to add Yubikey challenge-response capability.
GNU General Public License v3.0
212 stars 26 forks source link

Add support for OnlyKey #41

Open onlykey opened 5 years ago

onlykey commented 5 years ago

Hi,

We recently implemented HMAC SHA1 in OnlyKey, it is fully compatible with Yubikey's HMAC SHA1 challenge and response. We have integrated support with KeePassXC https://github.com/keepassxreboot/keepassxc/pull/3352 and are looking to integrate with other projects as well. The only change required is to allow OnlyKey's USB VID/PID to be used in addition to the already allowed Yubikey USB VID/PIDs. Would you be willing to add support for OnlyKey?

Thanks!

whinis commented 4 years ago

I might be willing to attempt but to but do not own a OnlyKey. Do I just need to call the new functions in the yubikey library?

onlykey commented 4 years ago

@whinis Yes, we can also send you an OnlyKey to test if you email support at crp.to

OnlyKey supports the same HMAC Sha1 used by the yubikey library. The only change is to call yk_open_key_vid_pid. The way you can do it is first check if a Yubikey is connected yk_open_first_key() then if not check for OnlyKey like this:

m_yk_void = static_cast<void*>(yk_open_first_key());

// New fuction available in yubikey-personalization version >= 1.20.0 that allows
// selecting device VID/PID (yk_open_key_vid_pid) if Yubikey was not found
if (m_yk == nullptr) {
    static const int device_pids[] = {0x60fc}; // OnlyKey PID
    m_yk_void = static_cast<void*>(yk_open_key_vid_pid(0x1d50, device_pids, 1, 0));
    m_onlyKey = true;
}
whinis commented 4 years ago

Ill make an issue on my fork and will likely take you up on that. https://github.com/whinis/keechallenge/issues/2