top | item 40177539

(no title)

Number 2 is not true. I have a Yubikey and it can't be used on Android without a Google made app or account. It's always the same story, give a plausible option to seem open or neutral, but make sure there are "details" that establishes chain of consequences preventing it that is weird enough to allow denying intention. Even though I'm not that young I thought I just need to wait for Firefox to implement it, but as time went by I got curious and found out why it actually can't be done.

discuss

sholladay|1 year ago

I was able to log in to GitHub using a Yubikey on my Pixel without a special app.

Check whether your Yubikey supports resident keys (aka discoverable credentials) and whether the FIDO key for your account was created with residentKey: true, otherwise it’s a completely different (older) flow under the hood, where the private key actually gets sent to the server, and it wouldn’t surprise me if that’s the underlying cause of what’s happening to you.

calaverainfo|1 year ago

Thanks for trying to help but I really meant it can't be done, not that it doesn't work for me. This is the starting point for understanding why https://bugzilla.mozilla.org/show_bug.cgi?id=1678045 but that rabbit hole is pretty deep if you want to understand the whole web of consequences.

matheusmoreira|1 year ago

Wow. I just bought a couple of new YubiKeys for the OpenPGP Curve25519 support. I was looking forward to using the NFC feature with my Android phone. Is it just a Chrome problem? I downloaded some OpenPGP app from fdroid and it says it supports NFC keys.

calaverainfo|1 year ago

I'm not sure about your exact situation, lot of the scenarios are OK, just the one without Google services which are dependent on Google account doesn't work. That is actually irrelevant for "normal" phone users that are logged to Google all the time anyway.