Akamai MFA alternative?

[anned20]

Given the recent announcement that Krypton will be superseded by Akamai MFA, what is the suitable replacement for the kr program?

We use this as a way to secure our SSH and GPG keys on our mobile devices, I can't seem to find an alternative to that.

[xarbit]

There is no alternative.. I looked everywhere and haven’t found anything. We cannot even fork kr and continue development because of the licence.

We would need to start from scratch unless Akamai changes the license for kr so we can keep it alive.

[billstanden]

I've been digging for this as well and come up empty handed.

I think something halfway simple might be buildable to cover Macs paired with iOS devices and I'm going to take a look at exploring that in some more depth over the next couple of months but that's not going to cover the field.

Anything else, even cobbled together, at this point seems to at best replicate the on device approval but without the offloading.

[xarbit]

@billstanden @anned20

I think we could use this as a kickstart and transform it to what we need? https://github.com/sekey/sekey

[anned20]

Good find, but it looks like that is specifically made for Macs that use a (separate) secure enclave processor. Those are also in iPhones and iPads, but that would work differently. What the current kr utility does is ask the app on your phone for encryption, not ask the device itself.

[xarbit]

that's right, I know .. I am looking in to it .. just to get a feeling of the steps that need to be done. I mean creating an App for iOS that stores keys in the phones secure enclave and communicates over a socket (or whatever apple has to offer) to Mac/Linux host + ssh's IdentityAgent & ProxyCommand should be doable.

[xarbit]

here is more

https://github.com/maxgoedjen/secretive

[feld]

The SSH key on my iPhone Secure Enclave was the only reason I used Krypton. The loss of this amazing feature is heartbreaking. I would have paid for this feature.

[agrinman]

Hi -- Akamai MFA will very likely integrate the SSH functionality over the coming year, but we cannot commit to it just yet. In the mean time we're working on the right community licensing of kr/krypton so that folks involved in the community can still contribute to it, run it + modifications on their own devices, and contribute changes upstream. Only non-commercial use cases will be supported, which would not allow other apps distributed on the stores to run utilize krypton.

[agrinman]

Hi all, I want to share an early preview version of akr, the successor to kr, that works with Akamai MFA! Please find the repo here: https://github.com/akamai/akr