Page MenuHomePhabricator

Investigate / test hardware tokens for WMF identity key
Closed, DeclinedPublic

Description

One suggestion was the FST-01, https://shop.fsf.org/product/usb/ or: http://www.seeedstudio.com/depot/fst01-with-white-enclosure-p-1279.html with the firmware replaced with Gnuk 1.1.4 (git clone https://gitorious.org/gnuk/gnuk.git).

Yubikeys are also common, and can (probably?) be setup to import the private key, but never export it once it's on the device.

Event Timeline

csteipp created this task.Aug 14 2015, 5:07 PM
csteipp raised the priority of this task from to Low.
csteipp updated the task description. (Show Details)
csteipp added a project: Security-Team.
csteipp added a subscriber: csteipp.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 14 2015, 5:07 PM

The yubikey 4's can load and use 4096 bit keys. I'm working on getting the air gapped machine to support yubikeys so we load the identity key onto a few, which we can distribute to people around the WMF.

For reference, https://developers.yubico.com/PGP/Importing_keys.html

JBennett closed this task as Declined.Sep 4 2018, 2:33 PM
sbassett moved this task from Backlog to Done on the Security-Team board.Jun 11 2019, 7:15 PM