Open JGCarroll opened 2 weeks ago
We have raw USB already, we don't interface to yubikey over the u2f interface
I'll try raise this in the snapcraft community, my expectation is that raw-usb alone might not be enough for some hardware, but it does depend on libraries used & etc. It'd also be significantly easier to get u2f-devices
connected than raw-usb
, because raw-usb
really could be anything (microphones, hard drives, whatever).
Feel free to sit on this for now and I'll get some concrete answers on whether this actually aids compatibility in our case!
We don't do U2F.
The KeepassXC snap currently can't access Yubikeys and other hardware authenticators. This plug grants access to common authenticators. This doesn't grant access to all authenticators, the device must be known to snapd and present itself in a way that guarantees it's secure to access (e.g., it must have a unique device ID that doesn't overlap with other generic components).
Effectively the list of devices can be seen here: https://github.com/snapcore/snapd/blob/master/interfaces/builtin/u2f_devices.go
It would be preferable, although not mandatory, if this could be made to autoconnect via the Snap Forums review process. I'd believe KeepassXC would be likely granted this access automatically, and doing so ultimately helps further reduce bug reports/issues with that build for minimum burden after the one time setup. Otherwise, manual connection is simply just
sudo snap connect keepassxc:u2f-devices
.If a specific device doesn't work, users should log a bug with snapd, not KeepassXC.