[openpgp] macos IKEv2 auth with yubikey
Martin Brook <beijing.fengxu@gmail.com> Thu, 24 November 2022 07:39 UTC
Return-Path: <beijing.fengxu@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEB3AC14F74F for <openpgp@ietfa.amsl.com>; Wed, 23 Nov 2022 23:39:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6zKhrBkH4-po for <openpgp@ietfa.amsl.com>; Wed, 23 Nov 2022 23:39:10 -0800 (PST)
Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79C00C14F73D for <openpgp@ietf.org>; Wed, 23 Nov 2022 23:39:10 -0800 (PST)
Received: by mail-pj1-x1034.google.com with SMTP id e7-20020a17090a77c700b00216928a3917so4387104pjs.4 for <openpgp@ietf.org>; Wed, 23 Nov 2022 23:39:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=TV3sq8EEoI/U2mEecY06LrcrbaEPMQtoxmv4wYqSLsY=; b=EeHqYx6NwLiRTz7lIMsuJOv7nNrdqyuAjB70euLgosumRdby4uMXbE3M5h6d+9IxBw shL0uspe1+BGKPqUYvoSRvkkynVhdmw7oVE4JYJ28wJvuiYuOIVG9A79tLwPnNJ9TpBX ZESmifxtRbg1O9/AZKSuupgFK+0d7R+z9FLqAzmQfJ2oYaMeWNov5d+qADkGSQZgPXeq 8Vz2x8krxED054dP62iFuvR7B0+W33IGDyDV+Z0vn/pKGN8h8bdWIeJ92b0/JQ6IWvwE /bbgx3vjRgQO/jPHglXgdIjBIeYPnUEwJsUmiyf38EaL3gQpc+s+wjwZ6EE1SD3HG9bu BLQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=TV3sq8EEoI/U2mEecY06LrcrbaEPMQtoxmv4wYqSLsY=; b=lckvOvmrgoteexu0MSted4+y3sk2rzFshRBSbDyeEWYQjOoLLONvXUGSuwMvH9ggUW ACs2/GPZAQXPRvHR1O57BTzimnSaWtxkjdnTCbhSGk0bQo5Oa09V9h5ebCP5YvHI4RZv 3XQZlDUfsHzwJxpT0KyLDM0F6rCrG1GwaYJpdGry/KnRoYSzHTrBFOOjBt0rlEabAQwA khz0BaP9t5STq3pUy7MzJjz/g/qAL2HJww37plKp4I9ik6t1FWuVwDnNreeNzBmDO4jc /z7M23j2AMQpCqaCojm0RwGmphZmZAZbapevpaNZFflFMcsy5EVVpuNrmSP86gR+L0oS QPJw==
X-Gm-Message-State: ANoB5pkVisqIutqgtYHEXOBAeH91PY6zqa0w7by49ZTqvM4enEFqB/YT Nx6Ge0HIuzrrcTlA6g5PwCzXZyzbhXgrG2Lm1DUiTGjVYzU=
X-Google-Smtp-Source: AA0mqf7K883FflP7NDyiutHSviiqf8GIc7r4c0KHfterYgW50WH7PmuOf8PlHVxLgb+kP98nhDdOEvt8Egpow5BfiKM=
X-Received: by 2002:a17:90b:374e:b0:218:ede8:6949 with SMTP id ne14-20020a17090b374e00b00218ede86949mr5572499pjb.63.1669275549791; Wed, 23 Nov 2022 23:39:09 -0800 (PST)
MIME-Version: 1.0
From: Martin Brook <beijing.fengxu@gmail.com>
Date: Thu, 24 Nov 2022 15:38:58 +0800
Message-ID: <CAMV1YaGeLfE7MQ+0m143BQxUaY39P0Fwz_x2a=DXigezt332rQ@mail.gmail.com>
To: openpgp@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002d7a4d05ee32801f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/NzWjQrFsAmyV6kFMNw6I1Kpw_tE>
X-Mailman-Approved-At: Thu, 24 Nov 2022 05:00:08 -0800
Subject: [openpgp] macos IKEv2 auth with yubikey
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Nov 2022 08:21:15 -0000
Hi, All, My name is Martin, and I'm from south China. I've invested nearly a month in searching for IKEv2 vpn auth with yubikey on macos. I have installed pgp-agent already. I try to choose the cert in yubikey and hopefully the pgp-agent could interact with yubikey, but failed to prompt every time when i started IKEv2 vpn connection. I am wondering if there's any possibilities to do it ? Could anybody advise on this issue ? appreciated in advance. PS: 1. SSH auth works fine with yubikey on my macos. But there's no command like 'enable-ssh-support' for IKEv2 VPN. .gnupg/gpg-agent.conf on my mac shown below: pinentry-program /opt/homebrew/bin/pinentry-mac enable-ssh-support default-cache-ttl 600 mac-cache-ttl 7200 2. I've achieved IKEv2 vpn auth with yubikey on windows. It seems windows can interact with Yubikey perfectly but not on macos. Looking forward to hearing from you, Thank you. Martin
- [openpgp] macos IKEv2 auth with yubikey Martin Brook