Yubico Forum
https://forum.yubico.com/

X.509-based Physical Access Control with a Yubikey NEO
https://forum.yubico.com/viewtopic.php?f=26&t=1964
Page 1 of 1

Author:  darco [ Tue Jul 14, 2015 8:51 pm ]
Post subject:  X.509-based Physical Access Control with a Yubikey NEO

Hello everyone,

I wanted to enter the Yubikey Neo contest, but my life has just been too crazy to put together a slick entry. But I did want to share what I have so far...

https://www.youtube.com/watch?v=dGSfpO6svW0

Above is a video demonstration of my PIV-based physical access control endpoint. It works great, but it's implementation is a bit crufty (basically a bunch of shell scripts, see here). I'm planning to do a big re-write in node.js over the next few months, which I'll be calling FlexPACS.

Thoughts and comments are welcome.

Author:  brendanhoar [ Tue Jul 14, 2015 11:37 pm ]
Post subject:  Re: X.509-based Physical Access Control with a Yubikey NEO

Aww, anderson power poles. Serious business! :)

Author:  Tom2 [ Wed Jul 15, 2015 2:11 pm ]
Post subject:  Re: X.509-based Physical Access Control with a Yubikey NEO

Well done =)

Author:  darco [ Mon Sep 14, 2015 7:27 pm ]
Post subject:  Re: X.509-based Physical Access Control with a Yubikey NEO

Just a quick update with a picture:

Attachment:
11988363_543105253463_2195101927042392637_n.jpg
11988363_543105253463_2195101927042392637_n.jpg [ 55.24 KiB | Viewed 3960 times ]


It's using a CAT-5 USB extender and ACR122U NFC reader. The setup is temporary until I can build a better enclosure... But it works great for prototyping.

Still need to get the software working better, but with this now installed I think I'll be more motivated to get that side of things working better. :)

Author:  Tom2 [ Tue Sep 15, 2015 10:26 am ]
Post subject:  Re: X.509-based Physical Access Control with a Yubikey NEO

can you tell us about the reader performances? Are you satisfied with it?

Does it require to hold the key for long?

Author:  darco [ Sun Oct 11, 2015 11:28 pm ]
Post subject:  Re: X.509-based Physical Access Control with a Yubikey NEO

So I've managed to get the thing working fully! Watch here:

https://www.youtube.com/watch?v=fl5KW1p3LQ8

Regarding the authentication speed, it is now much faster than it was(It's now a little more than a second), but it's still a tad slower than ideal... Caching the certificate helps a ton. Using ECDSA is also noticeably faster than RSA. But I think the problem at the moment is in the software I'm using (OpenSC's pkcs15-tool) to get the signed nonce from the token is doing a lot of extraneous transactions.

I'll eventually be writing my own software to do this, but I've got so many personal projects going on it may be a bit before I can get around to it. :/

In any case, I hope to write up a blog post about this setup soon. Will post a link when I do!

Author:  Tom2 [ Mon Oct 12, 2015 10:28 am ]
Post subject:  Re: X.509-based Physical Access Control with a Yubikey NEO

Nice, let's see if we can get this tweeted today =)

Author:  darco [ Tue Oct 13, 2015 7:12 pm ]
Post subject:  Re: X.509-based Physical Access Control with a Yubikey NEO

If you don't mind, I'd like to get a nicer writeup (i.e. blog post) about my setup before I start getting too much attention. With any luck I can have that finished over the next week (since I have some free time this week).

If it's already been tweeted, then no worries. If I was really concerned about it I shouldn't have posted about it yet. :P

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/