Support for Yubikey #10112

issue slsdhl openend this issue on March 28, 2017
  1. slsdhl commented at 8:16 pm on March 28, 2017: none

    Feature suggestion: Integrate support for Yubikey in the wallet.

    Implement the possibility to use a Yubikey to either authenticate transactions or decrypt the wallet.

    I think that one of the hindrances of people using the Core wallet, and thereby running a full node, is the lack of security features. If I could, I would implement it myself, but I don’t have skills to do so.

  2. TheBlueMatt commented at 9:22 pm on March 28, 2017: member
    I dont believe yubikeys have support for extracting a symmetric key from them (and likely wouldnt be very useful if they did), nor the ability to act as a Bitcoin hardware wallet. Adding support for a more standard Bitcoin hardware wallet may, however, eventually be doable.
  3. slsdhl commented at 10:46 pm on March 28, 2017: none
    I can’t comment on the feasibility of using the Yubikey in this regards. However, my main motivation for opening this issue, is just to express my desire for the Core wallet having hardware token security - whether it’s with Yubikey, Trezor, Ledger or whatever is less relevant.
  4. fanquake added the label Feature on Mar 29, 2017
  5. laanwj added the label Wallet on Mar 29, 2017
  6. laanwj commented at 7:47 am on March 29, 2017: member

    There’s a similar issue for Trezor: #8218 (though somehow it got closed by the opener) If only there was a standard protocol for communicating with hardware wallets, this would be much better. I don’t think core should become a repository of vendor-specific methods.

    Though I’d welcome cooperation with even one external hardware wallet vendor, if they keep in mind the code should be abstract enough to support others later. Trezor didn’t seem to be interested at the time.

  7. jonasschnelli commented at 2:15 pm on March 29, 2017: contributor

    Yubikey has no bitcoin signing capabilities (no secp256k1 only nist-P but hidden behind U2F). IMO using U2F over Yubikey (or Trezor, Ledger, DigitalBitbox) makes littles sense for a desktop application.

    But I agree that we should work towards hardware wallet integration. A first step could be to create something similar to the ssh-/gpg-agent. At the beginning, the keys could be hold locally in the agent-process, later, they could be managed by the hardware device.

    Also, for direct hardware wallet integration a standard is required. Something like U2F but with more flexibility to verify the hashed that are going to be signed. I once started a BIP: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-August/013008.html which is very draft (incomplete).

  8. btchip commented at 8:42 am on March 31, 2017: none

    I hope we’ll be able to move forward with those specifications (at least agree on a communication method, transport scenarios and get the ball rolling) at the s3nd meeting this week-end.

    Regarding Yubikeys, you can technically run Java Card applications on a few, depending where you get them from or when you bought it (https://www.yubico.com/2014/07/yubikey-neo-updates/) - this can be a valid option to use them as hardware wallets. If you want to dig more into this, I can point you to Fidesmo offering open Yubikeys (http://shop.fidesmo.com/) and our Java Card implementation (https://github.com/LedgerHQ/ledger-javacard) of HW.1 protocol (https://ledgerhq.github.io/btchip-doc/bitcoin-technical-beta.html)

  9. Sjors commented at 2:56 pm on March 16, 2018: member
    Interesting… Tagging @instagibbs
  10. instagibbs commented at 3:06 pm on March 16, 2018: member

    (since I’m being tagged)

    Here’s a proposed standard which may be applicable: https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki

    Same repo with some implementations using various libraries: https://github.com/achow101/HWI

    In the end the wallet should just get pushed the standardized binary format, sign what it can, then return it.

  11. dolebas commented at 1:54 pm on January 9, 2020: none

    YubiKey firmware now supports Secp256k1 out of the box

    https://www.yubico.com/2019/08/whats-new-in-yubikey-firmware-5-2-3/

  12. sipa commented at 2:11 pm on January 9, 2020: member
    This is perhaps something to accomplish through the HWI project (see https://github.com/bitcoin-core/HWI) if yubikey supports secp256k1 signing.
  13. MarcoFalke commented at 0:42 am on April 26, 2020: member
    Let’s continue discussion in https://github.com/bitcoin-core/HWI/issues/299
  14. MarcoFalke closed this on Apr 26, 2020
  15. DrahtBot locked this on Feb 15, 2022


slsdhl TheBlueMatt laanwj jonasschnelli btchip Sjors instagibbs dolebas sipa MarcoFalke

Labels
Feature Wallet

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-10-06 16:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me