DEV Community

Max Pixel
Max Pixel

Posted on • Edited on

Deconstructing OnlyKey Agent

Moved to https://m-pixel.com/deconstructing-onlykey-agent/

Top comments (3)

Collapse
 
mpixel profile image
Max Pixel

As a follow-up, I couldn't get onlykey-agent to work in Windows, so I ended up re-implementing it as an SSH.NET authentication method (which I intend to publish).

Collapse
 
cr7pt0 profile image
Tim Steiner

Hey Max,

I have to say this write-up is absolutely fascinating, and I am not just saying that because I wrote this code! You did a great job here of picking this apart and explaining, which I know was not easy. I wrote both the firmware and the parts you mentioned in the agent and have been meaning to document more here just trying to find the time. I would be very interested in helping you get the .net apps you are working on finished, I know there are lots of OnlyKey user's that wish this worked with Windows. So to answer some of the questions you had here:

  • We ignore the slot because when we first released the ssh agent we didn't derive the keys, the user had to load the ecc keys through the app and and specify in the cli which one to use. When we went to deriving keys I wanted to still have an option to specify a slot if you didn't want to use the KDF but have not implemented that in firmware yet.

  • secp256k1 is the same curve used for Bitcoin, its not really used much for SSH.

  • As OnlyKey is built on an embedded chip space really matters so things are written in a way to save space. For example as you found using 1/2 of a byte (nibble) for a setting when the setting is only needed to be a 1 - 16 value.

  • We do now support keylabels, each key can have a label its supported but just not used. It could be useful for several things if supported in an app.

If you have any other questions feel free to reach out.

Collapse
 
karlredman profile image
Karl N. Redman • Edited

Great write-up!
Thank you for taking the time and effort to investigate this stuff. I just bought my first onlykey today (awaiting delivery this week) and I expect I'll be referring to this article for my own explorations.

Thank you for sharing the knowledge!