Commit 39138acb authored by Ryan W Walter's avatar Ryan W Walter

added yubikey

parent de7c590c
......@@ -3,3 +3,81 @@
Only hardware that I have used personnaly are located here.
There is probably tons of other things that can do the job better.
# What is a Yubikey?
A Yubikey is a hardware crypographic engine and secret key storage device that is designed at the hardware level to prevent (if not just uncapable) to export the secrets it contains. It is most commonly used as a second factor in MFA authentification schemes.
> TL:DR - The Yubikey is a write only device with built in crypographic silicon.
# What are the use cases for the Yubikey?
## High Level
> What is this used for?
Typically used for second factor auth, can be used to sign content with PGP
## Slotted Functionality
> *These functions are required to be assisnged to a "slot" in order to function.*
### Yubico OTP
Yubico OTP is a OTP designed and configured from the factory from Yubico. Yubico's public auth servers are already configured with the key from the box.
> Tip.
>
> If you remove the config for Yubico OTP, You will not be able to restore this config, **EVER...** You will instead get a "less trusted" keypair.
Used in... SSH Auth, PAM, Web services
### OATH-HTOP
Almost identical to Yubico OTP.. But not using the Yubico syntax form.
Used in... SSH Auth, PAM, Web services
### Static Password
Press button, spits out the same thing every time. mainly used with legecy systems.
Used in... wherever you deem fit. acts identical to a normal password
### Challange Response
The program and the yubikey talk to each other to perform a cryptographic challange to authneticate.
Used in... KeepassXC, Local programs, some web services, PAM
## Non-Slotted Functionality
The below functions do not require a slot to work and will work out of the box... *Most of the time, some config may be required*
### U2F
A web-to-hardware API for using hardware tokens as a means of auth. Extreamly easy to use.
Used in... Web services, PAM
### Fido2
Like U2F, But upgraded and becomming the new standard in web auth. Can be used as single factor auth as well.
Used in... Web services, PAM
### OpenPGP Card
Used to store private and public openPGP keys for PGP things.
Used in.. Signing, encryption and decryption.
### PIV Functionality
The hardest to grasp, Uses a PKI infra to identify a user. But can easily be set up to use with SSH Auth.
> This is the best use case for ssh keypairs, as it requires no extrea configuration on the remote server. All required informaiton is stored in the public key.
Used in... Corporations, SSH, PAM, AD, FreeIPA,
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment