From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtpout2.vodafonemail.de (smtpout2.vodafonemail.de [145.253.239.133]) by sourceware.org (Postfix) with ESMTPS id BBF5E3858D39 for ; Sun, 14 Nov 2021 15:53:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org BBF5E3858D39 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=nexgo.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=nexgo.de Received: from smtp.vodafone.de (unknown [10.2.0.37]) by smtpout2.vodafonemail.de (Postfix) with ESMTP id 2A3DA60F0E for ; Sun, 14 Nov 2021 16:53:19 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nexgo.de; s=vfde-smtpout-mb-15sep; t=1636905199; bh=mRn700q4TZJHq/FtMknROHhYACfIDTWhYWSbsxntWoc=; h=From:To:Subject:Date; b=SY+H2bAnEbsXA5fSGcV3uVV+MsDk02dzJn3WvuKvD32NKrVXUwJD9MdT0Oz8gND+d qDznOcgW0KbpKkxTK5HRy5Aio3Cu1sMRnzM8QiyM3pfRd5O87V+1teOKwYIX1kdCUQ LiAYgqQlmIgrQhGDQRBL8VPmHlVJ4agD6v65OVKQ= Received: from Gertrud (p54a0cb96.dip0.t-ipconnect.de [84.160.203.150]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp.vodafone.de (Postfix) with ESMTPSA id 4HscL63mkkzJmhw for ; Sun, 14 Nov 2021 15:53:18 +0000 (UTC) From: Achim Gratz To: cygwin-apps@cygwin.com Subject: FIDO/U2F middleware libraries Date: Sun, 14 Nov 2021 16:53:14 +0100 Message-ID: <87k0ha91jp.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-purgate-type: clean X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de X-purgate: This mail is considered clean (visit http://www.eleven.de for further information) X-purgate: clean X-purgate-size: 1541 X-purgate-ID: 149169::1636905198-00001452-8999F45F/0/0 X-Spam-Status: No, score=-3030.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin-apps@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Cygwin package maintainer discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2021 15:53:23 -0000 So I've got myself some FIDO2 tokens to eventually use with OpenSSH and that works. However, you need to be administrator to access the HID interface on Win10 past 1909 or so or else go through their "WindowsHello" API. I've found two middleware libraries that almost build out of the box on Cygwin: https://github.com/tavrez/openssh-sk-winhello https://github.com/mgbowen/windows-fido-bridge They both work on 64bit only (the first one builds on 32bit, but crashes, the second one doesn'tr even build). If anybody wants to have a look, here are the package sources on playground: https://cygwin.com/git-cygwin-packages?p=git/cygwin-packages/playground.git;a=shortlog;h=refs/heads/libwinhello https://cygwin.com/git-cygwin-packages?p=git/cygwin-packages/playground.git;a=shortlog;h=refs/heads/libwindowsfidobridge The build artefacts are on AppVeyor. There is a newer version of libfido (which OpenSSH uses) that should be able to use the WindowsHello. Corinna has patched it up to the point were it actually builds and OpenSSH tries to use it, but fails. I have no idea yet if the fail is triggered by something OpenSSH does or seomthing in libfido not lining up with WindowsHello. I have to get up to speed on how to use the fido-tools provided with libfido in order to see where things go sideways. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptation for Waldorf Blofeld V1.15B11: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada