Yubikey support for decrypting messages

[haupas]

First of, thanks for this great app! Nice to see that PGP finally arrives on iOS. 😄

Yubico released an iOS SDK, which offers the possibility to interact with Yubikeys (NFC/Lightning) via a RAW API. This API would offer the ability to use Yubikeys to decrypt and/or sign messages (see https://developers.yubico.com/Mobile/iOS/). This would be a great alternative for users which already use Yubikey's for handling decryption/enrcyption/signing.

Do you have any plans to integrate this in (near) future?

[lucanaef]

Cool idea! Unfortunately I don't have a Yubikey to test the implementation with but since I quite like the idea maybe I'll get one. Thanks for the suggestion!

[lucanaef]

Related: https://github.com/Yubico/yubikit-ios/issues/19

[spitfire]

Related: Yubico/yubikit-ios#19

Yubikey suggested this should be possible using RAW access from their SDK using specification listed at https://gnupg.org/ftp/specs/ I'd be happy to help with testing (either from TestFlight, or by compiling the project myself);)

[lucanaef]

I've received a YubiKey 5C NFC today and will start implementing this feature soon! I'll keep you updated :-)

[spitfire]

I've received a YubiKey 5C NFC today and will start implementing this feature soon! I'll keep you updated :-)

Nice, I have the same one and 2 other Yubikeys. Are you planning on trying to get the lightning based one (5Ci) as well, or just the NFC-based ones?

[lucanaef]

I'll try to support both. But I'm not sure yet, I first need to look into how the API works.

[spitfire]

I'll try to support both. But I'm not sure yet, I first need to look into how the API works.

Good luck! If you need testers I'm already set up with GPG on my 5C NFC, 5 NFC and 5Ci;)

[gynet]

Looking forward to seeing this feature on iPhone

[langovoi]

I'll try to support both. But I'm not sure yet, I first need to look into how the API works.

@lucanaef do you have any updates? Maybe you need help?

[lucanaef]

I started working on it before they released version 4 of the SDK but got stuck implementing the interaction with the RAW api (now called SmartCardInterface). I'll try to update my code for the new SDK version and sometime soon push what I have to a new branch for anyone who wants to take a look at it.

[lucanaef]

Update: I'm now able to connect to the management application of the Yubikey via NFC and fetch configuration info (version, serial number, etc.) and check if OpenPGP via NFC is supported and enabled on the key. I'll next try to connect to the smart card application, clean up the code a little and then finally publish the branch.

[spitfire]

Any chance you could put it on testflight too? I know I could compile it using Xcode, but resigning it every few days is not an ideal solution:)

[lucanaef]

Sure! I'll do that as soon as at least some features work :)

[Quisamor]

This would be a great feature! Would be happy to support development with a donation, preferably via BTC (onchain or lightning).

[lucanaef]

I have just pushed the YubiKey branch. Here is an overview of the most relevant files:

• PGPro/Yubikey/Controller/YKConnectionSession.swift: Handles the connection to the YubiKey (mostly as described here).
• PGPro/Yubikey/Model/Yubikey.swift: An instance of this class models a physical YubiKey. Its fields include the device's serial number, form factor, etc. It should eventually contain methods to encrypt and decrypt messages using the YubiKey.
• PGPro/Yubikey/Model/SmartCard.swift: Models the OpenPGP SmartCard Application inside the YubiKey according to the official OpenPGP Smart Card specifications.
• PGPro/Yubikey/Model/APDU.swift: Helper class that makes handling the APDU interface of the smart card a bit easier.

What already works: I'm able to connect to my YubiKey via NFC, establish a management session, fetch its configuration and display it in a view controller. What doesn't work: I can't get any session with the smart card interface to work. I'm likely misunderstanding how the communication flow is supposed to happen (see "9.1 Application Selection reading main DOs" (page 94) of the specification).

While I tried to clean the code up as much as possible, it is still a bit messy. If you have any questions, feel free to ask them :) Please note that I'm currently studying for my exams and might take a bit more time to respond.

[spitfire]

If you can publish a new build with what you got working so far, I can test it with the (5-series) keys I have - 5Ci (did you have a chance to test a key using lightning as a connection interface?) 5NFC and 5C NFC.

[mattbeshara]

I’m not sure this will be helpful, particularly as my code is just a small demo and based on the previous version of the Yubikey SDK, but I managed to get decryption and signing working via NFC with the commits here: https://github.com/mattbeshara/yubikit-ios/tree/openpgp-nfc-demo

[lucanaef]

@spitfire I will publish a new build to TestFlight as soon as there is anything meaningful to test. I don't (yet) have a YubiKey with Lightning and therefore not tested that connection interface at all.

[lucanaef]

@mattbeshara Thanks, this might help a lot! I'll try to take a look at it later this week.

[lucanaef]

Quick progress update:

https://user-images.githubusercontent.com/9679062/126880480-cb39ef06-a5df-43e4-9f70-d9649393aab8.mov

I'll be working on decryption next :-)

[pasuder]

@spitfire I will publish a new build to TestFlight as soon as there is anything meaningful to test. I don't (yet) have a YubiKey with Lightning and therefore not tested that connection interface at all.

@lucanaef thank you for your work on that. I appreciate it.

May I ask you if there was any beta released on TestFlight recently? I have a look into beta linked in your app, but nothing found.

[lucanaef]

@lucanaef thank you for your work on that. I appreciate it.

May I ask you if there was any beta released on TestFlight recently? I have a look into beta linked in your app, but nothing found.

There has not been a new beta release yet. I've run into an issue (yubikit-ios/issues/75) and have paused working on it since I should study for my exams :-)

[pasuder]

There has not been a new beta release yet. I've run into an issue (yubikit-ios/issues/75) and have paused working on it since I should study for my exams :-)

Thanks for reply, I will try on my own to run it from branch yubikey, wish you best with exams!

EDIT: Unfortunately without being enrolled in Apple Developer Program, I cannot build app with NFC capability on iPhone to test Yubikey.

[p0rt9]

Hello,

Is their any update to this? This is the last part that I need in order to completely utilize my yubikey on my iPhone. Please let me know if there is some way I can help support/promote this feature!

[lucanaef]

There are still a few hard challenges left to do, but I'm working on it :-)

[singlerider]

@lucanaef If you need a smart card with Lightning or another NFC one, I'd be happy to donate one to your development efforts.

[lucanaef]

Thanks! I'll keep it in mind :-)

[digitalnotions]

This feature is amazing and just what would make this ideal for me! Excited to see it in the works.

[linvex]

Hello, sorry to trouble you, it's been almost a year since this issue was last updated and I was wondering if any update for this? I'm currently trying to encrypt&decrypt some data using my iPhone via yubikey NFC function, and this is the most valuable content I've been able to find so far, so if there is any update, let me know please, thank you very much! :)

[linvex]

@mattbeshara Hi, https://github.com/mattbeshara/yubikit-ios/tree/openpgp-nfc-demo this link is no longer working and seem be deleted, I think this content is helpful to me, could you please submit the demo again? I guess this content is valuable to me, thank you very much!

[sirasjad]

@lucanaef How is the development going? I'm really excited about this feature and I'm happy to donate to support your work.

[lucanaef]

Hi! Unfortunately, there is no progress on this feature to report.

[sirasjad]

Hi! Unfortunately, there is no progress on this feature to report.

@lucanaef I'm happy to contribute with this feature on a new branch, as I'm also looking into this YubiKey implementation. In order to catch up on your work - can you briefly describe your progress so far and which problems occurred when you last worked on this?

Please share any links you have used during the implementation of this feature. I'm reading through the YubiKey SDK docs and still trying to figure out how this works.

[olebedev]

Hi @lucanaef, thanks for the project!

Is there anything I can help with, regarding the feature? I have no idea how to code for iOS on Swift though, but more that happy to follow guidance and maybe start with something small if there is something.

[namelessmasses]

@lucanaef also here to offer help. It’ll take me a little to get setup but shouldn’t be an issue. I can work that and like @sirasjad, knowing what what still needs to be done any information on the issues/problems so far.

[lucanaef]

Hi @namelessmasses, sorry for the delay. The current state can be found here: https://github.com/lucanaef/PGPro/tree/feature/yubikey/PGPro/YubiKey. In short, I've got communication with the YubiKey working, but not the cryptography part via the smart card interface. Any help on this is appreciated. Please let me know if there is anything I can clarify.

[namelessmasses]

@lucanaef thank you.

I’m a recent user of Yubikeys and have mine setup for both PIV (on macOS for login) and PGP (multiple platforms).

I’m reading through Yubico iOS SDK docs. There seems to be some documentation on PIV smart-card application but nothing specific on the PGP smart-card application (they are separate applications where the PIV smart-card provides PKCS#11 whereas PGP smart-card application seems to be direct PGP keys and uses different slots than the 9A, 9C, 9D, 9E slots). Maybe we need to use the RAW interface in the iOS SDK to access the PGP smart-card application, but I haven’t got that deep yet.

I’ll keep reading the Yubico docs (https://github.com/Yubico/yubikit-ios) and reach out to Yubico if needed. If anyone does have previous experience with the Yubico iOS API for PGP smart-card application please reply and we can collaborate.

[aymanbagabas]

Hi,

I would love to see this issue gets resolved and bring PGP encryption/decryption to PGPro.

I don't do much iOS development. It looks like we can use the RAW API, specifically the APDU protocol, to communicate with the PGP interface.

Here are some references i found that explain APDU:

• https://docs.yubico.com/yesdk/users-manual/yubikey-reference/apdu.html
• https://github.com/Yubico/yubikit-ios/blob/main/docs/raw.md

GnuPG and Scdaemon use APDU to communicate with the card:

• https://www.gnupg.org/documentation/manuals/gnupg/Scdaemon-APDU.html
• https://github.com/gpg/gnupg/blob/master/scd/apdu.c

I hope this helps getting us in the right direction :)

[namelessmasses]

Some assumptions:

• Secret keys do not leave the hardware key
• Sign and decipher are actually done on the hardware key

Some initial questions I set out to answer:

1. How does a keychain correctly represent the proxy secret key that then “points” to the smart-card (i.e. the storage)?
2. At what point does sign/decipher detect that the key is stored on a smart-card and refer the operation to that specific smart-card?

After reading through Yubico docs and source code (which included the links from @aymanbagabas), as well as the gnupg scd docs and source code (including links from @aymanbagabas), I’m thinking it might be more salient for the underlying PGP library to implement the smart-card support. While a front-end could perhaps directly address the smart-card, I have a feeling this might be an oversimplified view and there may be more logic that would need to be reimplemented in the front-end.

At this point I went looking deeper into ObjectivePGP. I read the blog post from @krzyzanowskim regarding development of ObjectivePGP, and noted how it was a highly underestimated task. I’m wondering if @krzyzanowskim might be able to provide some insight here. Perhaps, any caveats and possibly even an opinion on whether to try and implement smart-card support in ObjectivePGP versus PGPro.

[tigernero79]

@lucanaef news for implementation yubikey openpgp on ios?

[diegolinke]

@lucanaef do you have any update on it? This feature would be a game changer

[namelessmasses]

Further notes

• The PIV application will perform the sign and decrypt operations.
• requires a PIV session.
• See https://github.com/Yubico/yubikit-ios/blob/main/YubiKitTests/Tests/PIVTests.swift

[teon]

@lucanaef first of all thank you for a great project! 🙏🥳 I just wanted to drop my 5cents and underline how important YK integration is. Most of security professionals I know use hardware keys for managing private keys - YK mostly. I would even encourage if there are no priorities for this feature to even consider prioritising it by doing a paid version (which would contribute to your hard work) with this feature. I would be more then happy to pay for a stable and up to date version of pgp with mail and YK. 🫡

[namelessmasses]

@lucanaef I finally got some time to read through the OpenPGP Smart Card specification and the yubikit-ios source.

I think you were on the right track originally with using the YubiKitManager SmartCard Interface. Since yubikit-ios still doesn't have source level support for openpgp application, I might take a detour and add some basic APDUs for it to yubikit-ios.

I did see your (issue)[https://github.com/Yubico/yubikit-ios/issues/75] with yubikit-ios and note that the reply to that is also correct. It's just the encoding scheme to indicate that the encoding of the length is using the following 2 bytes.
0x00-0x7f = 1 byte; in-place value 0-127 0x81 = 2 bytes [0x81 0xnn] value 0-255 0x82 = 3 bytes [0x82 0xnn 0xnn] value 0-65535

I'll start work on this in earnest this week. If you have time to rebase the yubikey branch would be awesome. I tried a quick pass at it earlier today but must've messed up something with UIImage#resized(?).

During the rebase it looked like you were implementing the keychain index 0 as a hardcoded smartcard key. I might take another pass at how secret keys on smartcards are handled in the keychain instead of hard coding to index 0. When you look at the user-experience for GPG, it records a proxy key in the keychain that notes that the actual key is stored on a smartcard using the serial number of the smartcard. .

I have a feeling this makes things a lot easier to manage in the long run, especially with separate subkeys because specific subkeys may or may not be on the smartcard.

[namelessmasses]

PITA trying to find something to use as a reference for testing. python-yubico was a no go on Windows with USB issues. The yubio .NET SDK could create a connection to the card but again the APDUs for openpgp were totally lacking in the SDK.

I was able to make a lot of progress with testing and documenting using OpenSC on Windows.

The initial draft of the command request and response APDUs is at my fork of yubikit-ios.

Ran into an issue with understanding PSO:DECIPHER. Will take a look at the C source referenced above from GNUPGP.

[namelessmasses]

Reached out to Yubico to get some clarifications.

[namelessmasses]

Here's the first real thing I consider an issue...

Sending APDUs to the card requires knowledge of the specific OpenPGP packets. For instance, in order to sign anything, a signature packet must be constructed. The actual signing that takes place on the card is based on the digest information calculated from the signature packet. See RFC-9580

Yes, one could absolutely create low-level ADPUs of specifically created OpenPGP Signature packets, but this is basically implementing OpenPGP itself.

Early support might be ok using Cleartext Signature Framewrk, and something I'll look into. However, not only do I suspect this may simply lead to a cleartext interface to creating some type Signature packet anyway, the OpenPGP RFC itself also says of Cleartext Signature Framework,

Note that this framework is not intended to be reversible. [RFC3156] defines another way to sign cleartext messages for environments that support MIME.

which is PGP/MIME...

Given that PGPro is currently primarily an email-based PGP app, it's operating in a MIME environment.

Really makes me feel like my earlier comments around robust support should really be implemented through the OpenPGP implementation itself..