Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Yubikey / Hardware Key #311

Open
MarcSchuh opened this issue Jun 18, 2022 · 9 comments
Open

Support for Yubikey / Hardware Key #311

MarcSchuh opened this issue Jun 18, 2022 · 9 comments

Comments

@MarcSchuh
Copy link

Are there any thoughts on supporting Yubikey for challenge response as second factor?
@zbyso23
Copy link

zbyso23 commented Feb 6, 2023

I don't think so, this is library for manipulate with KeePass database, not whole App.

@MarcSchuhTNG
Copy link

Sure, but the app uses the yubikey to hash the password to increase entropy. So to say: "Make a short easy to remember password strong" and hence it would be nice, if the same hashing function could be used by the lib.

@zbyso23
Copy link

zbyso23 commented Feb 7, 2023
edited
Loading

I still don't understanding why you need to add this functionality to library created for manipulating with keepass database? ...and how? Yubikey is hardware device what is dependent on some USB or another hardware port. I'm not Python expert - maybe it's simple, but in my eyes is low-level operation with differences for every OS, then be a much mess (dependencies) in this simple library because Youbikey? I still think this operation is better implement to App which using this library but not in library itself.

@MarcSchuhTNG
Copy link

I understand your argument but it still leads to the problem, that I cannot access the database with this lib, if it is encrypted with the Yubikey being a second factor.

@zbyso23
Copy link

zbyso23 commented Feb 9, 2023

what about using this library together with Yubikey library?
https://yubico-client.readthedocs.io/en/latest/

@janbrummer
Copy link
Contributor

I've managed to add Yubikey support into a hacked version of Secrets. In order to implement it in a sane way that is compatible with the KeepassXC implementation i need access to the master seed of the database prior to unlocking it. This seed is used in Yubikeys challenged-response mechanism. Could you please provide it?

@Evidlo
Copy link
Member

Evidlo commented Sep 20, 2023

I'm open to adding some amount of support for this if we check for optional dependencies such as yubico-client at runtime.

@janbrummer
Copy link
Contributor

I'm open to adding some amount of support for this if we check for optional dependencies such as yubico-client at runtime.

Although it is always nice having the necessary support in one lib, you are opening the gate for other crypto devices as well. I would request pkcs11 support afterwards and going further tpm support for it. IMHO this library should only support the core functions and leave the rest for the apps. Just my 2 cents.

@janbrummer
Copy link
Contributor

Maybe adding an example how to add Yubkikey support as an example would be enough? Based on the current changes in my PR?

This was referenced Feb 29, 2024
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@zbyso23 @Evidlo @janbrummer @MarcSchuhTNG @MarcSchuh