On Tuesday, 14 August 2018 07:04:09 UTC-4, Brendan Hoar wrote: > On Monday, August 13, 2018 at 5:47:06 PM UTC-4, joev...@gmail.com wrote: > > Are you sure they are using Yubikey's "Static Password" slot? That is the > > only component that enumerates as a USB keyboard. The normal yubikey setup > > enumerates as a Smartcard, which is how the challenge/response works. With > > this, there is no keyboard to attach as an input device and no keystrokes > > to manage. You attach the USB to the AppVM, and that's it. > > Yubikeys are USB "composite" devices that can have one or more interfaces > enabled. > > [Note that while a USB *compound* device is a USB device with a built in USB > hub that has multiple USB devices attached, a USB *composite* device does not > incorporate a USB hub but instead presents as a single device with multiple > interface endpoints.] > > A stock contemporary Yubikey NEO or Yubikey 4 may be shipped with the > following interfaces enabled all on the same single USB device: HID (with > superset of keyboard functionality to support a variety of OTP functions), > CCID (smartcard running multiple javacard applets), and U2F. > > Yubikeys are also configurable such that each interface can been disabled as > necessary (for corporate roll out, compatibility with older software* that > doesn't handle multiple interfaces well, prevention of inadvertent OTP > generation, etc.). One cannot assume that a Yubikey that presents a CCID > interface will also provide a HID interface > > Therefore "Normal Yubikey setup" is a moving target. :) > > Brendan > > * if you guessed OpenPGP, you get a star...though my experience with multiple > smartcards in use with Microsoft AD products tells me OpenPGP isn't the only > badly behaved smartcard client out there...
Thanks for the clarification Brendan. I actually meant that a normal setup for yubikey,... on Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d0217304-aafe-4b3b-a7a1-df09882194a5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
