Authenticate with Nitrokey

[4jNsY6fCVqZv]

What it says on the tin! This issue is thematically well suited to the following discussions: https://github.com/elementary/pantheon-agent-polkit/issues/33 https://github.com/elementary/greeter/issues/230 https://github.com/elementary/mail/issues/345 https://github.com/elementary/switchboard-plug-onlineaccounts/issues/89 https://github.com/elementary/files/issues/862 https://github.com/elementary/installer/issues/368 https://github.com/elementary/appcenter/issues/936

Unlike a Yubikey, it is Free Hardware and Free Software, which is mostly manufactured locally (in Berlin, Germany).

Here you can find more general information: https://www.nitrokey.com/ & https://github.com/nitrokey

This integration can also be used to decrypt your hard disks - see LUKS/LUKS2 - or as a solution for Two-factor authentication in the Installer or Switchboard Online Accounts Plug. Integration with Files (to sign, encrypt and decrypt files) or Mail (to sign, encrypt and decrypt emails) and for installing Software with AppCenter it's also very useful.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/68938868-authenticate-with-nitrokey?utm_campaign=plugin&utm_content=tracker%2F57017105&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F57017105&utm_medium=issues&utm_source=github).

[4jNsY6fCVqZv]

I want to create an issue for the decryption of the hard disk at system boot as well, but I wonder which repository is suitable for this. Can you help me here?

[cassidyjames]

I've gotten my hands on a FIDO U2F key, and it looks like there is a Nitrokey U2F model so there's a little bit of overlap with #54. But I'm not exactly sure how other Nitrokey models work or would authenticate, so I'll leave this open for the non-U2F models.

[jans23]

The non-FIDO Nitrokey models would ideally authenticate based on their integrated smart card (usually PKCS#11 interface such as OpenSC) . Another option is OTP but it's less secure and I wouldn't recommend it unless it's integration would be much more easy than smart card.