Xpra: Ticket #1789: U2F authentication support

See also smartcard API #1255.

Fri, 23 Mar 2018 12:27:12 GMT - Antoine Martin: status changed

Initial support added in r18801.

To use it:

It will print the public key and the key handle, both need to be preserved. The public key is stored on the server, the key handle is used on the client to tell libu2f which key to use for authentication.

And activate the U2F key when requested (ie: when it blinks).

Still TODO:

There are other libraries we can use to interface with u2f, but they're not as nice, ie: python-u2flib-host.

Fri, 23 Mar 2018 12:27:48 GMT - Antoine Martin: attachment set

example of all in one registration + authentication using pyu2f

Fri, 23 Mar 2018 12:29:55 GMT - Antoine Martin: attachment set

alternative example using u2flib_host

Sat, 24 Mar 2018 09:51:48 GMT - Antoine Martin: owner, status changed


Although we still support environment variables for specifying the key-handle and the public key, the preferred way is to store them as hexadecimal files in the application's user configuration directory (ie: .xpra on posix). Running the new browser/xpra/trunk/src/xpra/client/gtk_base/u2f_tool.py will create two files there:

Testing locally with an $18 FIDO U2F Security Key:

To test using a remote client machine (ie: already tested with a linux, win32 and macos as both clients and servers):

Future enhancements:

Fri, 01 Jun 2018 11:47:01 GMT - Antoine Martin: status changed; resolution set

Sat, 23 Jan 2021 05:33:50 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1789