Support creating mnemonic from YubiKey, SoloKey, etc. #120
Labels
enhancement
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
Comments
ghost
changed the title
|
Another USB key generator + typer: https://github.com/wuabit/wuabit-dust |
ghost
mentioned this issue
ghost
added
enhancement
ghost
mentioned this issue
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If you were to use a microSD card exclusively for storing a mnemonic, in theory there's no obvious difference between storing a plaintext file of your mnemonic on an SD card vs. as a QR code on paper, assuming:
However, in Krux we use a microSD card for storing firmware updates, saving settings, and (if enabled) writing log files that we expect could be opened up on a computer. Therefore, given that we already set the precedent that microSD cards are for "safe" data, I think this rules out also using a microSD card to store a mnemonic.
But not the overall concept.
We still have a USB-C port on the device that we could take advantage of, and the YubiKey in particular is appealing for this because it's built to store keys.
Specifically, the YubiKey has a "Static Password" feature where you can securely generate a password up to 64 characters in length. You can then plug the YubiKey into something and have it simulate keyboard input. For our purposes, this 64 character password could be deterministically converted into a 24-word BIP39 mnemonic in the same way that the SHA256 of dice rolls currently are.
In effect, I think it should be possible to use a YubiKey to generate and store a mnemonic.
EDIT: It looks like there are two open-source alternatives, Nitrokey and SoloKeys Solo 1 + 2, that may offer similar functionality.
EDIT 2: https://github.com/solokeys/solo1-cli#challenge-response This may be a more general solution allowing any FIDO2 security key to be used for this purpose, with the (big) gotcha that Krux would need to "speak" FIDO... If that proves too difficult, it looks like you can make a Solo Key (Hacker version) "type" a password the same way YubiKey does by loading custom firmware onto it: solokeys/solo1#446
EDIT 3: If the challenge-response method is used, an additional benefit would be that the challenge (which is signed with the private key on the device, and this signature for Krux's purposes would be the entropy source to generate the mnemonic) could be user-generated. This challenge could function as a password for the key device.
The text was updated successfully, but these errors were encountered: