0

In the same way that I can use a Yubikey or any other FIDO2 hardware key to store resident keys for use with OpenSSH (for example ssh-keygen -t ed25519-sk -O resident -O verify-required) I would like to use my iPhone. I have my iPhone most of the time with me. The Yubikey rather not.

As iOS devices come along with the passkey infrastructure, I was thinking that, in principle, this use-case should be possible. But the passkeys require the scanning of a QR code and Iā€™d like to just connect it via USB. In addition, it would be nice if the iPhone would have a PIN to protect the key.

cs224
  • 101
  • 1
  • This is the first hit when I google your question title: https://hmaslowski.com/ios-%26-ipados/f/use-your-mobile-phone-as-fido2-security-key-for-passwordless ā€“ schroeder May 18 '23 at 08:11
  • Thanks for the hint! I have seen that before. I am on Linux and the pairing tool seems to only exist for Mac and Windows. In principle, this should work natively supported by iOS. The infrastrucutre should be there. ā€“ cs224 May 18 '23 at 08:18
  • So, the answer to your question of "can you?" is "yes. What you appear to actually want to know is how to do it in Linux. And with that, we've gone past a security question and into an implementation question. The problem here is what happens when you plug a phone into a computer's USB. The phone's USB is going to present a ton of functionality to the computer, as is normal. So, a dongle would be needed to isolate the function just to the one function required for FIDO. So, yes, it's all down to the device, but you need a translation layer for the computer. ā€“ schroeder May 18 '23 at 09:44

0 Answers0