-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Under Crostini in ChromeOS with the YubiKey USB device passed into the container, ykman can't find the key, but gpg --card-status can.... #464
Comments
|
FWIW,
I haven't got FIDO/U2F working however, I assume because of the lack of hidraw support in the crostini vm.
I noted this on a related chromium issue, hoping to get a response there. |
yubikey-manager/ykman/device.py
Line 57 in 0f29036
You would be surprised at how many developers serious about security throw a fit when their Yubikey isn't working in Crostini, luckily this just appears to be an issue with detection by the Yubikey Manager app/CLI and doesn't affect the GPG functionality they tend to be clamoring for.
I'm curious whether this detection is relying solely on the HID while also discovering the CCID/GPG capabilities, or if it can detect a card that has OTP+FIDO+CCID enabled but only part of those are visible due to the Crostini/ChromeOS security layer.
The
gpg --card-status
output looks normal (taken from a 5C not the 5NFC used later, but same things visible):This is what I see of the device in Crostini:
Running
pcsc_scan
:Versus what I see in the Crosh shell (ChromeOS command line):
The text was updated successfully, but these errors were encountered: