Integrate Nitrokey support to enable hardware-based two-factor authentication for users online accounts

[4jNsY6fCVqZv]

What it says on the tin! This issue is thematically well suited to the following discussions: https://github.com/elementary/pantheon-agent-polkit/issues/33 https://github.com/elementary/pantheon-agent-polkit/issues/40 elementary/greeter#230 https://github.com/elementary/mail/issues/345 https://github.com/elementary/files/issues/862 https://github.com/elementary/installer/issues/368 https://github.com/elementary/appcenter/issues/936

Unlike a Yubikey, it is Free Hardware and Free Software, which is mostly manufactured locally (in Berlin, Germany).

Here you can find more general information: https://www.nitrokey.com/ & https://github.com/nitrokey

This integration can also be used to decrypt your hard disks - see LUKS/LUKS2 - or as a solution for Two-factor authentication in the Installer. Integration with Files (to sign, encrypt and decrypt files) or Mail (to sign, encrypt and decrypt emails) and for installing Software with AppCenter it's also very useful.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/68939396-integrate-nitrokey-support-to-enable-hardware-based-two-factor-authentication-for-users-online-accounts?utm_campaign=plugin&utm_content=tracker%2F59954081&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F59954081&utm_medium=issues&utm_source=github).

[cassidyjames]

Could you clarify the scope of this issue and how it relates to online accounts?

[4jNsY6fCVqZv]

I like to think about it again! Currently the use of Nitrokeys in connection with Mail and Nextcloud seems to be the most relevant to me.

Example scenario for Mail:

If I set up a new mail account using the Online Accounts plugin, it would be wonderful if I

a) have the possibility to link Nitrokeys already configured in the system with my new account - e.g. configured before in the Initial Setup process. b) elementary informs me that I can set up a new Nitrokey for use with Mail at this point and/or helps me set up this device to use two-factor authentication with this service. c) find out where and how I can manage or change the settings of this (freshly) configured Nitrokey, if this is important and necessary for the use with online accounts. For example, I'm also thinking about settings for OTP. Or just an administration of devices that are currently initialized in the system. But maybe that would be something for the Encryption Pane, right? https://github.com/elementary/switchboard-plug-security-privacy/issues/32

I can imagine a similar scenario for use with various Nextcloud instances. By the way, it's great that you also have Nextcloud integration on your agenda!

What use cases do you have in mind when you read about my idea?

[4jNsY6fCVqZv]

@cassidyjames Do you need more information from me here?