From: Rubén Llorente <porting@use.startmail.com>
Subject: Re: YubiKey replacment
To: ports@openbsd.org
Date: Thu, 5 Sep 2024 11:44:00 +0000

For what it's worth, I sent a nitrocli port to ports@ and it ended up 
lost in commit limbo. I have not tested it with Nitrokey 3A

https://www.mail-archive.com/ports%40openbsd.org/msg121357.html

Lucas Gabriel Vuotto wrote:
> On Tue, Sep 03, 2024 at 09:21:00PM GMT, Kirill A. Korinsky wrote:
>> misc@,
>>
>> due to the discovered vulnerability in YubiKey [1] which leads to buying a
>> new device, I'm thinking of changing the used vendor because OTP HID doesn't
>> work on OpenBSD.
>>
>> So here is the question, can you suggest a device that has:
>>   - FIDO2
>>   - OATH
>>   - OpenPGP
>>   - USB-C
>>   - and small, ideally in the size of YubiKey nano.
>>
>> Thanks!
> 
> I use a Nitrokey 3A. There is an USB-C version, but is waaaaay bulkier
> than the YubiKey 5 Nano.
> 
> The upside of Nitrokey is that the firmware is Open Source and the
> devices are updatable. The downsides include the tooling not being great
> for most of end-users (I guess you shouldn't have issues with it tho)
> and pynitrokey [0] isn't ported (I tried to port it at some point but it
> hardcodes way too many dependencies, and the dependencies do the same.
> It was a patching hell and I didn't manage to finish it before
> considering it pointless. Also, I'm quite sure I tried to run it in a
> virtualenv without success, neither.)
> 
> [0]: https://github.com/Nitrokey/pynitrokey
> 
> 	Lucas
>