| Yubico Forum https://forum.yubico.com/ |
|
| libyubikey functionality over NFC? https://forum.yubico.com/viewtopic.php?f=26&t=1131 |
Page 1 of 1 |
| Author: | crosser [ Wed Aug 14, 2013 11:37 am ] |
| Post subject: | libyubikey functionality over NFC? |
Hello, I use yubico-pam in challenge-response mode for local logins on Linux. Yubico-pam uses libyubikey (yubico-c) to access the key. Now I've got an ACR122 USB NFC reader. Having installed pcscd, I got the openpgp functionality of the Neo working over NFC right out of the box. However, apparently libyubikey does not know that the key can be reached via pcsc as an alternative to USB, so the PAM module cannot access the key over NFC (and probably ykpersonalize and friends won't work either). Am I missing something? Or this functionality indeed isn't implemented? If the latter, what is the "official position" (plans, recommendations) on this matter? I might be able to make it work and submit patches to yubico-c (or yubico-pam?) but I'd rather first listen what the staff/others have to say. Thank you, Eugene |
|
| Author: | Klas [ Wed Aug 14, 2013 12:11 pm ] |
| Post subject: | Re: libyubikey functionality over NFC? |
Hello! From Yubico's side we have no plans to implement something like this, but I'll describe a way this could be implemented (in a way that we'd be happy to merge back).. First a bit of background, the two library components that we're talking about here is: * libyubikey: software to do modhex encode/decode and decrypt OTP * libykpers: software for actually talking with/programing a YubiKey It should be possible to add a pcsc backend to libykpers (along the lines of https://github.com/Yubico/yubikey-perso ... ore_stub.c). In the current implementation backends are only selected at compile-time (as they're right now mutually-exclusive), to actually be usable this would have to be extended to a runtime selectable interface where the pam module could request which backend to use. /klas |
|
| Author: | crosser [ Wed Aug 14, 2013 1:32 pm ] |
| Post subject: | Re: libyubikey functionality over NFC? |
Thanks for the explanation Klas. I'll see what I can do here. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|