GlenCThomas
commented
5 years ago I support this request. I commonly use Android/Termux with Github, and so I cannot currently use 2FA to secure my account.
Open codebam opened 5 years ago
GlenCThomas
commented
5 years ago I support this request. I commonly use Android/Termux with Github, and so I cannot currently use 2FA to secure my account.
codebam
commented
5 years ago @PHPoenX you cannot use gnupg to access yubikeys from within termux. that's what this issue explains
Fresheyeball
commented
3 years ago Please?
sn0n
commented
2 years ago Following for updates
Grimler91
commented
2 years ago For the record things like gpg signing and decrypting with a yubikey works fine when running as root. I haven't gotten signing of git commits working though, might need some patch to modify how git invokes gpg.
Adding full support for all yubikey features, for all software, might be hard, but we should be able to make softwares that make use of libusb able to (partially) access yubikeys, without root
calaveraInfo
commented
2 years ago As a new Termux user I'm also looking into this topic and I've found this project: https://github.com/DDoSolitary/OkcAgent. I've not tried it yet, but conceptually it can be considered at least a workaround for this issue, right? Of course native driver for yubikey would be better, but until it is done (and the amount of activity on this indicates it won't be done for a long time), okc-agent project should be noted here.
inducer
commented
2 years ago @calaveraInfo Thank you so much for that tip! I have my SSH keys on Yubikeys following https://github.com/drduh/YubiKey-Guide/blob/master/README.md, and OpenKeychain plus okc-agent worked for me on an AOSP-only phone (LineageOS, but no GMS).
sevmonster
commented
11 months ago OpenKeychain is no longer supported and OkcAgent no longer maybe works.
Root might be an option but not everyone wants to root their phones [just for this].
Terminus supports YubiKeys but only for 2FA, not for key auth; and TermBot hasn't been updated in years and has always been limited in functionality.
A native solution to this would be much appreciated.
juliuskreutz
commented
5 months ago Following for updates
gordonswing
commented
3 months ago Desperately waiting for the native solution as well
ludwig234
commented
3 months ago I would love if termux supported FIDO2 "*-sk" SSH keys. If that was the case I could replace all other sash keys with the FIDO one.
Feature description Support for YubiKey USB devices in OpenPGP.
Reference implementation https://github.com/open-keychain/open-keychain
Does another app/terminal emulator have this feature? OpenKeyChain has this feature on Android
Provide links to more background information
Although OpenKeyChain supports this feature, the PGP implementation in OpenKeyChain doesn't support YubiKeys in such a way that it can decrypt files with a hidden receipt. This creates a problem with password-store (and the password store app) because password store encrypts keys such that the recipient is hidden. See here.
OpenPGP doesn't have this issue, and supporting it would open up possibilities to do signing and key verification on git and any other applications that support PGP.