Comments (13)
Good news on that front. NFC support will be added within the next months for the Nordic chip.
Caveats: although the Nordic chip internally supports NFC, it has the following 2 limitations:
- it requires an additional antenna, which AFAICT is not provided by any of the commercially available USB dongle. But it's provided with the development kit.
- the Nordic chip can't be powered through the NFC field and will require an additional battery. Again, not a problem for the development kit which comes with a coin cell battery but there's as of today no commercially available USB dongle form factored device which supports this.
from opensk.
The LPC55S69 is still a Cortex-M chip so it's definitely possible to run Tock on it and then OpenSK. But because the chip is currently not supported out of the box, it's a substantial amount of work to add it: one has to write all the drivers in Tock in order to have buttons, LEDs, GPIOs, a console, a way to flash the board, and in the case of OpenSK, adding USB.
NFC will require extra work both in the Tock OS kernel but also in the OpenSK application too in order to process the packets.
from opensk.
NFC support cannot happen on the Nordic dongle for 2 main reasons:
- there is no antenna and therefore this would require additional electronics to be soldered on it (antenna and 2 tuning capacitors)
- the Nordic nRF52840 chip requires more power than what the NFC field will provide. This means that we would need a battery to power the chip and the NFC field would wake-up the CPU in order to not drain the battery too quickly. This is technically possible but again requires extra circuitry.
This is technically possible to do it and design it, for example, on the nRF52840-DK development kit which has all the requirements (antenna and battery). But I'm not aware about an off-the-shelf board that would provide this in a portable form factor.
from opensk.
I have the same question. These dongles need just usb and NFC for FIDO authentication. Other wireless authentication is a failure, considering years of evidence both are exploitable .. I have no idea why it would be using wireless to connect to a desktop ? It just needs NFC tap for phones.
Those boards are not so useful, and confused of it's purpose. Is there another one comparable to my current Yubikey to try ?
from opensk.
So support for NFC is not planned then? Or should this ticket be open as a reminder that some want NFC support? How has Yubico solved it in such a portable way?
from opensk.
Isn't a similar usb token (and most secure keys/2fa features) with cert (Brazilian* or Estonia gov use that individual certs) when insert the SK, a password (or PIN) then login occur.
For the NFC I think as Google Authenticatior feature sounds good but not for a Secure Key
*PS - Its need use that security keys with a pin governmental use
from opensk.
I'm a Yubikey user. Have been for years. I use it for my windows login also. I have not tried the NFC tap on the phone but probably should try whatever supports it.
Phone apps don't even support it. Facebook certainly doesn't ask for it when I need it on the desktop, neither does Gmail. So the phone is the backdoor into my stuff because of no Yubikey.
Google Authenticator is a failure, there is rootkits to get access to that stuff now and resets with the phone.
What I don't get about that dongle is why it has wireless capabilities known to have security issues. It shouldn't have wireless on here at all. It should have NFC. Is there a better dongle board to try ?
from opensk.
It's not because the Nordic chip supports wireless protocols that they are enabled. At the moment they're not. Should we want to support them in the future, it's convenient to be able to do it with just a firmware update rather than having to completely change the hardware. And that was part of the choice for the Nordic chip. And NFC is a wireless protocol by the way :)
from opensk.
SoloKeys' hardware would work for this. They are also working on a new board based on the LPC55S69.
from opensk.
@BigPictures solokeys looks amazing and the ticket. Both Bluetooth and Wifi have constant hardware security issues and a contradiction for a security key. So Solokeys has it's own firmware then and not suitable with OpenSK ? A hardware key should be usb and nfc only if anything.
from opensk.
I noticed after I wrote that that Tock OS has experimental support for an STM32 board -- SoloKeys currently uses an STM32L432. Anyway, it'd still likely be quite a bit of work.
from opensk.
I recently found a NXP QN9080 USB dongle that has a built-in NFC antenna and has an Arm Cortex-M4F MCU. Theoretically, you can install OpenSK, add a small battery and get a compact NFC security key, but I have a feeling that I missed something.)
from opensk.
By the shape and the look of it, the antenna is for Bluetooth, not for NFC.
NFC antennas must look like a coil (i.e. in the shape of a loop)
from opensk.
Related Issues (20)
- Setup instructions should specify nrfutil version HOT 8
- versions in develop should include FIDO_2_1 HOT 1
- "configuring device" step needs a confirmation prompt to replug device on nrf52840_dongle_dfu HOT 5
- AuthenticatorConfigParameters swaps pinUvAuthProtocol and pinUvAuthParam field IDs HOT 1
- error: failed to get `arrayref` as a dependency of package `ctap2 v1.0.0 (/home/USER/OpenSK)` HOT 6
- WebUSB compatible? HOT 4
- How to change pin in Makerdiary nRF52840-MDK USB dongle HOT 2
- Improve Tock patches
- Move storage syscalls
- Edit the readme to link to the Quantum paper and point to the implementation file.
- Setup script can't install pip packages to the user's environment on Arch Linux HOT 2
- nordic dfu in develop fails to configure HOT 4
- Key not supported on ios for Apple Id 2fa HOT 36
- wrong board type in flashing command in install.md HOT 1
- Suggested environment to be able to build/compile HOT 10
- nrf52840_dongle: deploy.py succeeds programming but testing board not recognised by testing webpages. HOT 12
- How to delete an account you no longer use? HOT 2
- Can't enable JTAG lockdown HOT 4
- `async` API for `Env`? HOT 3
- develop
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opensk.