Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:37 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Sun Sep 20, 2015 8:54 pm 
Offline

Joined: Sun Sep 20, 2015 1:13 pm
Posts: 2
Hello all,
I'm a server admin and would like to secure some IT infrastructure using the Yubikey NEO as a second factor and also to store PGP key information using the OpenPGP SmartCard functionality.
I am fully blind and therefore use a screen reader, a piece of software that announces on-screen text using synthetic speech and allows the user to navigate the system with keyboard commands only. Since I'm using Mac OS on the client side, I'm also using VoiceOver, which is a screen-reader built into the operating system. Most applications are accessible and usable out of the box using screen reading software such as VoiceOver, however there are also some applications which have accessibility problems or are totally inaccessible. This is unfortunately the case with the Yubikey NEO Manager, which I currently have no access to because VoiceOver cannot detect the user interface elements. Most likely this is because NEO Manager might use an older version of the QT framework, since only some newer versions have some accessibility support. On the other hand, the Yubikey Personalization Tools, which I have downloaded from the App Store, are mostly accessible. Thus, I was able to setup my NEO for 2-factor auth, but this doesn't give me access to the SmartCard functionalities or the U2F functionality which I'd also like to use. So I was wondering, is there any other way in which I could do this? For example, is there a command line interface which I could use, or any testing build of NEO Manager that uses a current version of QT?
Thanks a lot in advance for any ideas / suggestions!
Regards,
Robin


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Sep 22, 2015 1:45 pm 
Offline
Site Admin
Site Admin

Joined: Mon Mar 02, 2009 9:51 pm
Posts: 83
YubiKey NEO Manager (and some of our other GUI tools) are written in Python, using the PySide bindings for Qt. At the moment PySide only supports Qt4, but there is work on PySide2, which will support Qt5. Once that is released and stable, I think we would want to move to it and Qt5, which hopefully will make these tools accessible. In the meantime, there should be command line tools that do everything that the NEO Manager does. Probably not a single tool that covers everything, but a combination of tools that together provide all the functionality. For what you're talking about specifically, U2F and smart card functionality: U2F should be supported out of the box, assuming you have a YubiKey NEO 3.3.0 or newer. CCID mode (which is required for smart card access) is disabled by default, but can be enabled by using the ykpersonalize command line tool. If you're going to be using all three modes (OTP, CCID and U2F) then you will want to run the command:

ykpersonalize -m 86

to put the YubiKey in a composite mode where all three transports are open. Once that is done you should be able to use gpg to setup the OpenPGP keys, and so on.


Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 23, 2015 5:17 pm 
Offline

Joined: Sun Sep 20, 2015 1:13 pm
Posts: 2
Hey Dain,
thanks a lot for your response and the help, greatly appreciated!
I had previously downloaded the ykpersonalize tool, but wasn't sure about what exactly I needed to do to get SmartCard functionality up and running. Running it with the -m 86 option did the trick though and GPG has successfully detected the card, so now I'm definitely good to go! Also, I wasn't aware of the situation with Python and the QT framework, thanks for sharing this info with me as it is very interesting. I hope QT 5 support will become available soon, though I understand that as of now it is beyond your control when exactly this will be the case.
All the best,
Robin


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group