Implement a mechanism for device authentication #553
Labels
Comments
|
I take it this would have to be designed in a way where the user would have to manually perform this verification i.e. via command line, or via the nk-app2? Is it even possible to do in an automated fashion? Maybe by the nk-app2 upon device insertion? But there are multiple PIN's available for different functions of the Nitrokey 3. Suppose a user plugs in NK3 on a device with only PGP support, and enters the PIN to perform some email cryptography. What then? |
|
Yes, the idea is that our tooling (pynitrokey, Nitrokey App 2) would check it when connecting to a device. If we have such a feature, we can see how it can be integrated with other applications – maybe wrapping the relevant tools or integrating it upstream. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Before sending PINs or other sensitive data to the device, users might want to ensure that the device has not been tampered with (e. g. exchanged or reset). This could be implemented by signing a nonce or a hash of the configuration or state with the Trussed device key.
Please upvote 👍 this issue if you would like to see this feature implemented.
The text was updated successfully, but these errors were encountered: