Yubico Forum ...visit our web-store at 2015-10-13T19:12:49+01:00 https://forum.yubico.com/feed.php?f=26&t=1964 2015-10-13T19:12:49+01:00 2015-10-13T19:12:49+01:00 https://forum.yubico.com/viewtopic.php?t=1964&p=7888#p7888 <![CDATA[Re: X.509-based Physical Access Control with a Yubikey NEO]]>
If it's already been tweeted, then no worries. If I was really concerned about it I shouldn't have posted about it yet. :P

Statistics: Posted by darco — Tue Oct 13, 2015 7:12 pm

]]> 2015-10-12T10:28:04+01:00 2015-10-12T10:28:04+01:00 https://forum.yubico.com/viewtopic.php?t=1964&p=7883#p7883 <![CDATA[Re: X.509-based Physical Access Control with a Yubikey NEO]]> Statistics: Posted by Tom2 — Mon Oct 12, 2015 10:28 am

]]> 2015-10-11T23:28:04+01:00 2015-10-11T23:28:04+01:00 https://forum.yubico.com/viewtopic.php?t=1964&p=7882#p7882 <![CDATA[Re: X.509-based Physical Access Control with a Yubikey NEO]]>
https://www.youtube.com/watch?v=fl5KW1p3LQ8

Regarding the authentication speed, it is now much faster than it was(It's now a little more than a second), but it's still a tad slower than ideal... Caching the certificate helps a ton. Using ECDSA is also noticeably faster than RSA. But I think the problem at the moment is in the software I'm using (OpenSC's pkcs15-tool) to get the signed nonce from the token is doing a lot of extraneous transactions.

I'll eventually be writing my own software to do this, but I've got so many personal projects going on it may be a bit before I can get around to it. :/

In any case, I hope to write up a blog post about this setup soon. Will post a link when I do!

Statistics: Posted by darco — Sun Oct 11, 2015 11:28 pm

]]> 2015-09-15T10:26:28+01:00 2015-09-15T10:26:28+01:00 https://forum.yubico.com/viewtopic.php?t=1964&p=7804#p7804 <![CDATA[Re: X.509-based Physical Access Control with a Yubikey NEO]]>
Does it require to hold the key for long?

Statistics: Posted by Tom2 — Tue Sep 15, 2015 10:26 am

]]> 2015-09-14T19:27:48+01:00 2015-09-14T19:27:48+01:00 https://forum.yubico.com/viewtopic.php?t=1964&p=7799#p7799 <![CDATA[Re: X.509-based Physical Access Control with a Yubikey NEO]]>
11988363_543105253463_2195101927042392637_n.jpg

It's using a CAT-5 USB extender and ACR122U NFC reader. The setup is temporary until I can build a better enclosure... But it works great for prototyping.

Still need to get the software working better, but with this now installed I think I'll be more motivated to get that side of things working better. :)

Statistics: Posted by darco — Mon Sep 14, 2015 7:27 pm

]]> 2015-07-15T14:11:25+01:00 2015-07-15T14:11:25+01:00 https://forum.yubico.com/viewtopic.php?t=1964&p=7587#p7587 <![CDATA[Re: X.509-based Physical Access Control with a Yubikey NEO]]> Statistics: Posted by Tom2 — Wed Jul 15, 2015 2:11 pm

]]> 2015-07-14T23:37:29+01:00 2015-07-14T23:37:29+01:00 https://forum.yubico.com/viewtopic.php?t=1964&p=7584#p7584 <![CDATA[Re: X.509-based Physical Access Control with a Yubikey NEO]]>

Statistics: Posted by brendanhoar — Tue Jul 14, 2015 11:37 pm

]]> 2015-07-14T20:51:12+01:00 2015-07-14T20:51:12+01:00 https://forum.yubico.com/viewtopic.php?t=1964&p=7577#p7577 <![CDATA[X.509-based Physical Access Control with a Yubikey NEO]]>
I wanted to enter the Yubikey Neo contest, but my life has just been too crazy to put together a slick entry. But I did want to share what I have so far...

https://www.youtube.com/watch?v=dGSfpO6svW0

Above is a video demonstration of my PIV-based physical access control endpoint. It works great, but it's implementation is a bit crufty (basically a bunch of shell scripts, see here). I'm planning to do a big re-write in node.js over the next few months, which I'll be calling FlexPACS.

Thoughts and comments are welcome.

Statistics: Posted by darco — Tue Jul 14, 2015 8:51 pm

]]>