3

I'm trying to wrap my head around how to accomplish the following use case:

  • An application provides an arbitrary payload
  • We forward said payload to the yubikey
  • The yubikey requires touch to sign/encrypt it

The application in question ideally would be a Chrome extension. From all my reading, this is how far I got in terms of understanding:

  • I can use the command line to generate OpenPGP keys.
  • I can interact with the yubikey via the PIV protocol

Here are some of the questions:

  1. Is it possible to interact with the yubikey from a Chrome extension? This may require the Smart Card Connector for example
  2. I'm not sure if the PIV protocol is the only way. I'm pretty new to it and I read you interact with the device via APDU instructions. The official documentation mentions these but provides no further details or examples. This also seems to be extremely low level. Is there a library that wraps these?
  3. I also read that the PIV protocol requires a PIN but not necessarily a touch (configurable). Is it possible to make PIN optional?
  4. Is my use case even possible?

I'm looking for resources to read up on, or examples that touch portions of my questions and generally speaking, guidance on how to go about it.

Hartimer
  • 525
  • 6
  • 20
  • See [nativeMessaging](https://developer.chrome.com/extensions/nativeMessaging). – wOxxOm Nov 11 '19 at 20:00
  • PGP And PIV are independent from one another. You'll have to pick one. [The PGP Applet can be configured with gpg](https://support.yubico.com/support/solutions/articles/15000006420-using-your-yubikey-with-openpgp), including whether the PIN is required to sign things. A quick search for JavaScript libraries for PGP finds several that claim support for hardware key storage. – Peter Nov 12 '19 at 07:53

0 Answers0