Hacker News new | past | comments | ask | show | jobs | submit login

Shameless self-plug, I've written such an equivalent for Linux distros: https://github.com/danstiner/rust-u2f#rust-u2f

Though it suffers from the caveat that secrets are just stored as a file in $HOME. I'd love to support more secure methods but haven't seen enough interest in the project to justify the dev time that would be required.




Have you considered punting the storage decision to the Linux desktop's Secret Service (the equivalent of the macOS keychain)?

https://specifications.freedesktop.org/secret-service/


Thanks for the suggestion. It hasn't been a focus yet because it doesn't bring much security for me personally, but it is something I would like to do eventually.

Issue: https://github.com/danstiner/rust-u2f/issues/19


Neat! Is there a reason why it says at the top it only supports Google Chrome? I haven't looked into it too deeply, but a cursory glance seems to suggest there's no Chrome-specific extension, so I assume you're just hooking into the normal pkcs-related frameworks on Linux?


It definitely also supports Firefox, updated the README.

I'm just emulating a USB device and using OpenSSL to do the signing, is there a better approach I should be looking at? (perhaps PKCS #11)


I would love to have a hardware-backed soft U2F daemon for Linux. It would be great if this could use a TPM to encrypt the data. What would it take to add such capability to your software? I would be happy to lend my (limited) Rust experience to help make it happen.


I would too. Go ahead and open an issue and we can chat more, but in short I think the biggest hurdle is understanding TPM2 and what API to use to interact with the device. (TPM2 is necessary so the key material never leaves the TPM, signing happens in the device itself)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: