Hey all, have you noticed, that LibremKey, which is based on NitroKey Pro2 supports TOTP and HOTP 2FA, but right now only HOTP is being used? I’m not aware of any app for TOTP side of things on LibremKey. I’m using LibremKey’s HOTP with PureBoot on my Librem 13. But I’ve also been using a TOTP 2FA using YubiKey thru their Authenticator app: Yubico Authenticator. It’s been working very well for me, but it’s a proprietary application for a closed-sourced firmware piece of closed-hardware USB key.
So my wife and I started writing an open-source equivalent for an open-source firmware, open-hardware USB key: LibremKey, LibremKey Authenticator. It’s pretty early into development, but the app is already functional and you can give it a go, if you’re interested. It’s a drop-in replacement for Google Authenticator, so you can scan the same QR-Codes with LibremKey Authenticator and Google Authenticator (or any other compatible authenticator app) for your initial testing. I’ve been using only LibremKey Authenticator on my personal desktop for for couple of days now. Still using Youbico Authenticator on my work computer (Mac) and my Android cellphone, though.
If you wanna try it out, you’ll have to compile it from source. Just follow the README, it’s really straightforward.
In the app we’re using libnitrokey to talk to LibremKey. For now it has to be compiled together with LibremKey Authenticator (described how in the README linked above), even though its newest release is already in Debian. At the moment that newest release (3.5) does not yet natively support LibremKey. But shortly after releasing 3.5, support for LibremKey got merged into master branch. So, when you do
git submodule init,
git submodule update, you’ll download the version of libnitrokey, that supports LibremKey and it’ll get linked against LibremKey Authenticator.
In addition to libnitrokey, we’re also using libzbar to process QR-Codes – when you click
+ button in LibremKey Authenticator, the app will take a screenshot (in memory only, not saving to disk) and will call libzbar to find and process QR-Code on that screenshot.
Also a word of warning – the app looks ugly at the moment – that’s just my artistic touch. Or should I say the lack thereof. It’ll get improved, though – my wife’s actually working on that.
After the app matures a bit, and native support in libnitrokey lands in Debian, I’ll also package LibremKey Authenticator for Debian (I’m a Debian Developer), so it’ll be easily installable on Debian and derivatives (including PureOS).
If you do, or do not like it, want to try it out, lemme know. Just message me here, or shoot my wife, or me an email at firstname.lastname@example.org, or email@example.com.