Support Canokey under Qemu+tpm - fastpath? #1207
Comments
|
Idea here would be to have a fully hardware independent testing platform, where no hotp implementation (no hardware keys) would be needed, while permitting to extend Heads features for testers and contributers, and test variations between yubikey/Nitrokey/Librem Key and Canokey implementation, since we already had issues in the past with default being different and having different behaviors (yubikey != Nitrokey reference implementation) Related to: #1076 and merged #1188 (without additional hardware requirements) |
|
Looks like a very promising idea, although I have no experience with it and cannot tell if it comes with or without further challenges... The nitrokey 3 firmware also runs on top of |
|
Small update from https://docs.canokeys.org/userguide/openpgp/#supported-algorithm Can be imported (copy to card) though. |
The doc is only for the actual hardware. The virtual card actually supports RSA3072 now and generating private keys on card is possible (with small code modification) against the MbedTLS crypto backend. The hardware does not have the new firmware installed and its crypto backend is not capable of generating RSA private key of such length so in the doc we do not say it supports that. |
Thank you. Once we move to nix layer, we will add a qemu-coreboot-tpm1/2 testing board supporting canokey virtual card. Maybe sooner then that. |
https://qemu.readthedocs.io/en/latest/system/devices/canokey.html#canokey
The text was updated successfully, but these errors were encountered: