Skip to content

bitlogik/PIVageant

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

73 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PIVageant

Pageant compatible SSH agent for Windows

using a PIV dongle.

PIVageant logo

Compatible with :

  • all Yubico 5 series : YubiKey 5 NFC, YubiKey 5C NFC, YubiKey 5Ci, YubiKey 5 Nano, YubiKey 5C, YubiKey 5C Nano, YubiKey 5 NFC FIPS, YubiKey 5C NFC FIPS, YubiKey 5Ci FIPS, YubiKey 5 Nano FIPS, YubiKey 5C FIPS and YubiKey 5C Nano FIPS
  • Yubico Yubikey Neo
  • Yubico Yubikey 4 series
  • Feitian ePass Plus PIV
  • Feitian BioPass FIDO2 Plus

Potentially with any PIV card or USB dongle.
What is needed is to list the dongle/card ATR in COMPATIBLE_CARDS_ATR in /lib/piv/compat_devices.py.

Use

Download

Get the Windows binary exe distributed in Github releases.

To increase the security, the Windows exe released is signed with our Extended Validation certificate, bringing even greater confidence in the integrity of the software.

Use the agent

Start the agent :

Run PIVageant.exe

After detecting your PIV dongle, it hides automatically to tray if it can read a public key. Then it monitors the Pageant queries (from Putty or compatible SSH Windows Pageant clients) and redirects the signature to the PIV key.

When minimized, it goes to the tray icons bar. Any click on the icon restore the window.

You can change the current PIV device, after the new PIV key device was plugged in place of the other one :
Maximize PIVageant (click on the tray icon), then click on the "Refresh" button.

Generate a key in a YubiKey

Click on the "+ new key" button in PIVageant, then confirm. It will generate an ECDSA key (256 or 384 bits if possible) using some standards administrator default keys.

The key certificate written in the PIV dongle is not even self-signed, but with a fake invalid signature. It only holds the public key, to read the EC public key.

Development

To run from source :

python3 setup.py install

or install :

  • Python3 >= 3.6.1
  • wxPython 4.2.0
  • pyscard 2
  • cryptography 36.0.1

To build the binaries, you need Python 3.9 and Pyinstaller. Start the Build-Windows.bat script in the package directory. Output result in the dist directory.

PIVageant can be run with the "-v" options to display various debug informations.

python3 PIVageant.pyw -v