Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Yubikey support for decrypting messages #15

Open
haupas opened this issue Jul 5, 2020 · 47 comments
Open

Yubikey support for decrypting messages #15

haupas opened this issue Jul 5, 2020 · 47 comments
Assignees
Labels
enhancement New feature or request

Comments

@haupas
Copy link

haupas commented Jul 5, 2020

First of, thanks for this great app! Nice to see that PGP finally arrives on iOS. 😄

Yubico released an iOS SDK, which offers the possibility to interact with Yubikeys (NFC/Lightning) via a RAW API. This API would offer the ability to use Yubikeys to decrypt and/or sign messages (see https://developers.yubico.com/Mobile/iOS/).
This would be a great alternative for users which already use Yubikey's for handling decryption/enrcyption/signing.

Do you have any plans to integrate this in (near) future?

@lucanaef
Copy link
Owner

lucanaef commented Jul 8, 2020

Cool idea! Unfortunately I don't have a Yubikey to test the implementation with but since I quite like the idea maybe I'll get one. Thanks for the suggestion!

@lucanaef lucanaef added the enhancement New feature or request label Jul 8, 2020
@lucanaef
Copy link
Owner

lucanaef commented Jul 8, 2020

Related: Yubico/yubikit-ios#19

@spitfire
Copy link

spitfire commented Oct 9, 2020

Related: Yubico/yubikit-ios#19

Yubikey suggested this should be possible using RAW access from their SDK using specification listed at https://gnupg.org/ftp/specs/
I'd be happy to help with testing (either from TestFlight, or by compiling the project myself);)

@lucanaef
Copy link
Owner

lucanaef commented Nov 6, 2020

I've received a YubiKey 5C NFC today and will start implementing this feature soon! I'll keep you updated :-)

@spitfire
Copy link

spitfire commented Nov 6, 2020

I've received a YubiKey 5C NFC today and will start implementing this feature soon! I'll keep you updated :-)

Nice, I have the same one and 2 other Yubikeys. Are you planning on trying to get the lightning based one (5Ci) as well, or just the NFC-based ones?

@lucanaef
Copy link
Owner

lucanaef commented Nov 6, 2020

I'll try to support both. But I'm not sure yet, I first need to look into how the API works.

@spitfire
Copy link

spitfire commented Nov 6, 2020

I'll try to support both. But I'm not sure yet, I first need to look into how the API works.

Good luck! If you need testers I'm already set up with GPG on my 5C NFC, 5 NFC and 5Ci;)

@lucanaef lucanaef self-assigned this Nov 6, 2020
@gynet
Copy link

gynet commented Jan 16, 2021

Looking forward to seeing this feature on iPhone

@langovoi
Copy link

langovoi commented Jun 9, 2021

I'll try to support both. But I'm not sure yet, I first need to look into how the API works.

@lucanaef do you have any updates? Maybe you need help?

@lucanaef
Copy link
Owner

I started working on it before they released version 4 of the SDK but got stuck implementing the interaction with the RAW api (now called SmartCardInterface). I'll try to update my code for the new SDK version and sometime soon push what I have to a new branch for anyone who wants to take a look at it.

@lucanaef
Copy link
Owner

Update: I'm now able to connect to the management application of the Yubikey via NFC and fetch configuration info (version, serial number, etc.) and check if OpenPGP via NFC is supported and enabled on the key. I'll next try to connect to the smart card application, clean up the code a little and then finally publish the branch.

@spitfire
Copy link

Any chance you could put it on testflight too? I know I could compile it using Xcode, but resigning it every few days is not an ideal solution:)

@lucanaef
Copy link
Owner

Sure! I'll do that as soon as at least some features work :)

@Quisamor
Copy link

Quisamor commented Jul 9, 2021

This would be a great feature! Would be happy to support development with a donation, preferably via BTC (onchain or lightning).

@lucanaef lucanaef pinned this issue Jul 9, 2021
@lucanaef
Copy link
Owner

lucanaef commented Jul 9, 2021

I have just pushed the YubiKey branch. Here is an overview of the most relevant files:

  • PGPro/Yubikey/Controller/YKConnectionSession.swift: Handles the connection to the YubiKey (mostly as described here).
  • PGPro/Yubikey/Model/Yubikey.swift: An instance of this class models a physical YubiKey. Its fields include the device's serial number, form factor, etc. It should eventually contain methods to encrypt and decrypt messages using the YubiKey.
  • PGPro/Yubikey/Model/SmartCard.swift: Models the OpenPGP SmartCard Application inside the YubiKey according to the official OpenPGP Smart Card specifications.
  • PGPro/Yubikey/Model/APDU.swift: Helper class that makes handling the APDU interface of the smart card a bit easier.

What already works: I'm able to connect to my YubiKey via NFC, establish a management session, fetch its configuration and display it in a view controller.
What doesn't work: I can't get any session with the smart card interface to work. I'm likely misunderstanding how the communication flow is supposed to happen (see "9.1 Application Selection reading main DOs" (page 94) of the specification).

While I tried to clean the code up as much as possible, it is still a bit messy. If you have any questions, feel free to ask them :)
Please note that I'm currently studying for my exams and might take a bit more time to respond.

@spitfire
Copy link

spitfire commented Jul 9, 2021

If you can publish a new build with what you got working so far, I can test it with the (5-series) keys I have - 5Ci (did you have a chance to test a key using lightning as a connection interface?) 5NFC and 5C NFC.

@mattbeshara
Copy link

I’m not sure this will be helpful, particularly as my code is just a small demo and based on the previous version of the Yubikey SDK, but I managed to get decryption and signing working via NFC with the commits here: https://github.com/mattbeshara/yubikit-ios/tree/openpgp-nfc-demo

@lucanaef
Copy link
Owner

@spitfire I will publish a new build to TestFlight as soon as there is anything meaningful to test. I don't (yet) have a YubiKey with Lightning and therefore not tested that connection interface at all.

@lucanaef
Copy link
Owner

@mattbeshara Thanks, this might help a lot! I'll try to take a look at it later this week.

@lucanaef
Copy link
Owner

Quick progress update:

pgpro_yubikey_update.mov

I'll be working on decryption next :-)

@pasuder
Copy link

pasuder commented Aug 5, 2021

@spitfire I will publish a new build to TestFlight as soon as there is anything meaningful to test. I don't (yet) have a YubiKey with Lightning and therefore not tested that connection interface at all.

@lucanaef thank you for your work on that. I appreciate it.

May I ask you if there was any beta released on TestFlight recently? I have a look into beta linked in your app, but nothing found.

@lucanaef
Copy link
Owner

lucanaef commented Aug 6, 2021

@lucanaef thank you for your work on that. I appreciate it.

May I ask you if there was any beta released on TestFlight recently? I have a look into beta linked in your app, but nothing found.

There has not been a new beta release yet.
I've run into an issue (yubikit-ios/issues/75) and have paused working on it since I should study for my exams :-)

@pasuder
Copy link

pasuder commented Aug 6, 2021

There has not been a new beta release yet.
I've run into an issue (yubikit-ios/issues/75) and have paused working on it since I should study for my exams :-)

Thanks for reply, I will try on my own to run it from branch yubikey, wish you best with exams!

EDIT: Unfortunately without being enrolled in Apple Developer Program, I cannot build app with NFC capability on iPhone to test Yubikey.

@p0rt9
Copy link

p0rt9 commented Oct 9, 2021

Hello,

Is their any update to this? This is the last part that I need in order to completely utilize my yubikey on my iPhone. Please let me know if there is some way I can help support/promote this feature!

@lucanaef
Copy link
Owner

There are still a few hard challenges left to do, but I'm working on it :-)

@singlerider
Copy link

@lucanaef If you need a smart card with Lightning or another NFC one, I'd be happy to donate one to your development efforts.

@lucanaef
Copy link
Owner

Thanks! I'll keep it in mind :-)

@olekenneth olekenneth mentioned this issue Feb 25, 2022
@digitalnotions
Copy link

This feature is amazing and just what would make this ideal for me! Excited to see it in the works.

@linvex
Copy link

linvex commented Dec 7, 2022

Hello, sorry to trouble you, it's been almost a year since this issue was last updated and I was wondering if any update for this?
I'm currently trying to encrypt&decrypt some data using my iPhone via yubikey NFC function, and this is the most valuable content I've been able to find so far, so if there is any update, let me know please, thank you very much! :)

@linvex
Copy link

linvex commented Dec 7, 2022

@mattbeshara Hi, https://github.com/mattbeshara/yubikit-ios/tree/openpgp-nfc-demo this link is no longer working and seem be deleted, I think this content is helpful to me, could you please submit the demo again? I guess this content is valuable to me, thank you very much!

@sirasjad
Copy link

@lucanaef How is the development going? I'm really excited about this feature and I'm happy to donate to support your work.

@lucanaef
Copy link
Owner

Hi! Unfortunately, there is no progress on this feature to report.

@sirasjad
Copy link

Hi! Unfortunately, there is no progress on this feature to report.

@lucanaef I'm happy to contribute with this feature on a new branch, as I'm also looking into this YubiKey implementation. In order to catch up on your work - can you briefly describe your progress so far and which problems occurred when you last worked on this?

Please share any links you have used during the implementation of this feature. I'm reading through the YubiKey SDK docs and still trying to figure out how this works.

@olebedev
Copy link

Hi @lucanaef, thanks for the project!

Is there anything I can help with, regarding the feature? I have no idea how to code for iOS on Swift though, but more that happy to follow guidance and maybe start with something small if there is something.

@namelessmasses
Copy link

@lucanaef also here to offer help. It’ll take me a little to get setup but shouldn’t be an issue. I can work that and like @sirasjad, knowing what what still needs to be done any information on the issues/problems so far.

@lucanaef
Copy link
Owner

lucanaef commented Feb 5, 2023

Hi @namelessmasses, sorry for the delay. The current state can be found here: https://github.com/lucanaef/PGPro/tree/feature/yubikey/PGPro/YubiKey. In short, I've got communication with the YubiKey working, but not the cryptography part via the smart card interface. Any help on this is appreciated. Please let me know if there is anything I can clarify.

@namelessmasses
Copy link

namelessmasses commented Feb 7, 2023

@lucanaef thank you.

I’m a recent user of Yubikeys and have mine setup for both PIV (on macOS for login) and PGP (multiple platforms).

I’m reading through Yubico iOS SDK docs. There seems to be some documentation on PIV smart-card application but nothing specific on the PGP smart-card application (they are separate applications where the PIV smart-card provides PKCS#11 whereas PGP smart-card application seems to be direct PGP keys and uses different slots than the 9A, 9C, 9D, 9E slots). Maybe we need to use the RAW interface in the iOS SDK to access the PGP smart-card application, but I haven’t got that deep yet.

I’ll keep reading the Yubico docs (https://github.com/Yubico/yubikit-ios) and reach out to Yubico if needed. If anyone does have previous experience with the Yubico iOS API for PGP smart-card application please reply and we can collaborate.

@aymanbagabas
Copy link

Hi,

I would love to see this issue gets resolved and bring PGP encryption/decryption to PGPro.

I don't do much iOS development. It looks like we can use the RAW API, specifically the APDU protocol, to communicate with the PGP interface.

Here are some references i found that explain APDU:

GnuPG and Scdaemon use APDU to communicate with the card:

I hope this helps getting us in the right direction :)

@namelessmasses
Copy link

Some assumptions:

  • Secret keys do not leave the hardware key
  • Sign and decipher are actually done on the hardware key

Some initial questions I set out to answer:

  1. How does a keychain correctly represent the proxy secret key that then “points” to the smart-card (i.e. the storage)?
  2. At what point does sign/decipher detect that the key is stored on a smart-card and refer the operation to that specific smart-card?

After reading through Yubico docs and source code (which included the links from @aymanbagabas), as well as the gnupg scd docs and source code (including links from @aymanbagabas), I’m thinking it might be more salient for the underlying PGP library to implement the smart-card support. While a front-end could perhaps directly address the smart-card, I have a feeling this might be an oversimplified view and there may be more logic that would need to be reimplemented in the front-end.

At this point I went looking deeper into ObjectivePGP. I read the blog post from @krzyzanowskim regarding development of ObjectivePGP, and noted how it was a highly underestimated task. I’m wondering if @krzyzanowskim might be able to provide some insight here. Perhaps, any caveats and possibly even an opinion on whether to try and implement smart-card support in ObjectivePGP versus PGPro.

@lucanaef lucanaef unpinned this issue May 2, 2023
@tigernero79
Copy link

@lucanaef news for implementation yubikey openpgp on ios?

@diegolinke
Copy link

@lucanaef do you have any update on it? This feature would be a game changer

@namelessmasses
Copy link

Further notes

@teon
Copy link

teon commented Apr 20, 2024

@lucanaef first of all thank you for a great project! 🙏🥳
I just wanted to drop my 5cents and underline how important YK integration is. Most of security professionals I know use hardware keys for managing private keys - YK mostly.
I would even encourage if there are no priorities for this feature to even consider prioritising it by doing a paid version (which would contribute to your hard work) with this feature. I would be more then happy to pay for a stable and up to date version of pgp with mail and YK. 🫡

@namelessmasses
Copy link

@lucanaef I finally got some time to read through the OpenPGP Smart Card specification and the yubikit-ios source.

I think you were on the right track originally with using the YubiKitManager SmartCard Interface. Since yubikit-ios still doesn't have source level support for openpgp application, I might take a detour and add some basic APDUs for it to yubikit-ios.

I did see your (issue)[https://github.com/Yubico/yubikit-ios/issues/75] with yubikit-ios and note that the reply to that is also correct. It's just the encoding scheme to indicate that the encoding of the length is using the following 2 bytes.
0x00-0x7f = 1 byte; in-place value 0-127
0x81 = 2 bytes [0x81 0xnn] value 0-255
0x82 = 3 bytes [0x82 0xnn 0xnn] value 0-65535

I'll start work on this in earnest this week. If you have time to rebase the yubikey branch would be awesome. I tried a quick pass at it earlier today but must've messed up something with UIImage#resized(?).

During the rebase it looked like you were implementing the keychain index 0 as a hardcoded smartcard key. I might take another pass at how secret keys on smartcards are handled in the keychain instead of hard coding to index 0. When you look at the user-experience for GPG, it records a proxy key in the keychain that notes that the actual key is stored on a smartcard using the serial number of the smartcard.
image.

I have a feeling this makes things a lot easier to manage in the long run, especially with separate subkeys because specific subkeys may or may not be on the smartcard.

@namelessmasses
Copy link

PITA trying to find something to use as a reference for testing. python-yubico was a no go on Windows with USB issues. The yubio .NET SDK could create a connection to the card but again the APDUs for openpgp were totally lacking in the SDK.

I was able to make a lot of progress with testing and documenting using OpenSC on Windows.

The initial draft of the command request and response APDUs is at my fork of yubikit-ios.

Ran into an issue with understanding PSO:DECIPHER. Will take a look at the C source referenced above from GNUPGP.

@namelessmasses
Copy link

Reached out to Yubico to get some clarifications.

@namelessmasses
Copy link

namelessmasses commented Nov 27, 2024

Here's the first real thing I consider an issue...

Sending APDUs to the card requires knowledge of the specific OpenPGP packets. For instance, in order to sign anything, a signature packet must be constructed. The actual signing that takes place on the card is based on the digest information calculated from the signature packet. See RFC-9580

Yes, one could absolutely create low-level ADPUs of specifically created OpenPGP Signature packets, but this is basically implementing OpenPGP itself.

Early support might be ok using Cleartext Signature Framewrk, and something I'll look into. However, not only do I suspect this may simply lead to a cleartext interface to creating some type Signature packet anyway, the OpenPGP RFC itself also says of Cleartext Signature Framework,

Note that this framework is not intended to be reversible. [RFC3156] defines another way to sign cleartext messages for environments that support MIME.

which is PGP/MIME...

Given that PGPro is currently primarily an email-based PGP app, it's operating in a MIME environment.

Really makes me feel like my earlier comments around robust support should really be implemented through the OpenPGP implementation itself..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests