IOS Yubikey support on App77 Pwsafe

On: Thu 29 November 2018

I really like app77 Pwsafe, and was excited when i heard that Iphones would have NFC and Yubikey support.

I had hoped this would permit me to use my yubikeys with my iphone.

Their website said it was still not possible, but i was hoping that was just out of date. So, i emailed them.

They returned a very nice response, and thought folks would appreciate seeing it.

Hi Marty

The NFC support of the iPhone is read only, meaning it can read a one-type password from the key. In this mode, the password/key pair can only be used as an authentication mechanism. If pwSafe would only authenticate you, we would have access to your data and would be gating access to it using your password and key to confirm your identify.

Instead, on pwSafe, the password is used to encrypt your data. This means the password cannot vary, otherwise the data would not decrypt correctly. To use the YubiKey, pwSafe on the Mac and Password Safe on Windows send the password gathered from the user to the key and then the YubiKey cryptographically combines it securely with another password stored inside the key itself that cannot be extracted. This is much more secure, because it means we can't see your data or even comply to a court order telling us to disclose it. Your data remains encrypted and only you can read it, because decryption is only done in-device.

Long story short, pwSafe needs read/write support via NFC to be able to use the YubiKey. I hope this eventually comes to iOS. iOS 12, so far, doesn't have it.

Best regards,
Solon B.

Drop me a line using one of the contact methods