Support for HMAC-SHA1 with OnlyKey
Popular easy-to-use and secure password manager
Brought to you by:
ronys
Menu
▾
▴
#894 Support for HMAC-SHA1 with OnlyKey
OnlyKey features Yubikey-compatible HMAC-SHA1 challenge-response support.
However, it seems like OnlyKeys are not working with Password Safe.
I think that this can be due to missing OnlyKey's VID/PID (0x1d50/0x60fc) in Password Safe.
Can you add that VID/PID to the supported devices list?
I'm linking a similar issue solved in KeepassXC by whitelisting that VID/PID:
https://github.com/keepassxreboot/keepassxc/pull/3352
Cheers and thank you for your nice password manager!
Marco
Sure. I can set up a version for you to test, if you wish. Windows or Linux?
Great!
I'd go with Windows for the test.
Cool.
Please check out https://pwsafe.org/tmp/3.56.0pre/pwsafe64-3.56.0pre.exe
Thank you!
I've tested it and results are pretty good.
WHAT IS WORKING:
- generating and writing a key to the hw token
- opening pwsafe db with 2FA (passphrase + hw token)
WHAT IS WORKING DIFFERENTLY W.R.T. YUBIKEYS:
- before using the OnlyKey (both for the setup phase and normal usage), you have to unlock it with your PIN
- if you set "hmackeymode" to 1 through OnlyKey app (default is 0), there's no need to touch the key when opening password db (still, you've to unlock it with your PIN before using it)
WHAT IS NOT WORKING:
- pwsafe cannot read hw token Serial Number (it displays "Error reading YubiKey")
- if you forget to unlock the OnlyKey with the PIN before using it, sometimes pwsafe displays a "Wrong password" alertbox, other times pwsafe crashes and dumps debugging info to a file
Apart from these minor issues, the overall functionality is good.
Hi Marco,
Could you please try to add support for the GoTrust Idem key in the same way as support for OnlyKey was added?
# OnlyKey (FIDO2 / U2F)
ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="60fc"
# GoTrust Idem Key
ATTRS{idVendor}=="1fc9", ATTRS{idProduct}=="f143"
Thanks for your great work.
Paul
Hi Paul,
Marco's the one who asked for OnlyKey support, I'm the one who implemented it.
Can you give me a reference to GoTrust Idem key?
Hi Rony,
I am sorry for the confusion , my bad.
The specification from the official page is here:
Secure Element Specifications
P-521 bits
FIPS 140-2 Level 3 certified security element
Official page: https://www.gotrustid.com/idem-key
The PID/VID I have found here (also for other keys):
https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules
I am the owner of one Idem key, so if you need some output e.g from OpenSC
project:( https://github.com/OpenSC/OpenSC/wiki ) using the real key, just
let me know.
Thanks.
Paul
st 13. 10. 2021 v 20:45 odesílatel Rony Shapiro ronys@users.sourceforge.net
napsal:
Related
Feature Requests:
#894Hi Paul,
Can you check the version I've just uploaded against you Idem key?
- https://pwsafe.org/tmp/FR894b/pwsafe64-3.57.1FR894b-bin.zip (64 bit binaries)
- https://pwsafe.org/tmp/FR894b/pwsafe-3.57.1FR894b-bin.zip (32 bit binaries)
Thanks,
Rony
Hi Rony,
I have just tried both 64 and 32 bit binaries on my Windows 10 Pro OS.
Unfortunatelly, there is no activity detected after I follow
Manage/YubiKey...
[image: image.png]
I have tried several times with or without touch of the Idem key after it
was inserted, also at different USB ports.
Please let me know if you need some more information or if any special
procedure is needed for the Idem key.
Thanks and regards,
Paul
čt 28. 10. 2021 v 21:14 odesílatel Rony Shapiro ronys@users.sourceforge.net
napsal:
Related
Feature Requests:
#894I've added the vendor id you've specified along with Yubikey's and OnlyKey's. Either the vendor ID is incorrect, or the device's API is significantly different from the other two.
Without a device for me to work with, I'm afraid there's not much more I can do.
Hi Rony,
I have searched for some tool , how to verify PID/VID of my Idem key. I
have found USBDeview (freeware) from Nirsoft.
Using this tool I got this output:
USB Devices ListCreated by using USBDeview http://www.nirsoft.net/
Device NameDescriptionDevice TypeConnectedSafe To UnplugDisabledUSB HubDrive
LetterSerial NumberRegistry Time 1Registry Time 2VendorIDProductIDFirmware
RevisionUSB ClassUSB SubClassUSB ProtocolHub / PortComputer NameVendor
NameProduct
NameParentId PrefixService NameService DescriptionDriver FilenameDevice
ClassDevice MfgFriendly NamePowerUSB VersionDriver DescriptionDriver
VersionDriver
InfSectionDriver InfPathInstance IDCapabilitiesInstall TimeFirst Install
TimeConnect TimeDisconnect Time
Idem Key USB Composite Device Unknown Yes Yes No No 212001003937 08.11.2021
22:43:53 05.10.2021 17:01:41 32a3 3201 1.13 00 00 00 R90SP21S
6&775a615&0 usbccgp @usb.inf,%GenericParent.SvcDesc%;Microsoft USB Generic
Parent Driver usbccgp.sys (Standard USB Host Controller) 100 mA 2.00 USB
Composite Device 10.0.19041.488 Composite.Dev.NT usb.inf
USB\VID_32A3&PID_3201\212001003937 Removable, UniqueID, SurpriseRemovalOK
Output contains perhaps some valuable information for you, however VID/PID
seems to be different: VID_32A3&PID_3201 than I have stated before
(perhaps generic ones * "1fc9"/"f143"*) . Could you please try this
combination one more time?
Thanks for your time and have a nice day.
Paul
st 3. 11. 2021 v 20:18 odesílatel Rony Shapiro ronys@users.sourceforge.net
napsal:
Related
Feature Requests:
#894