https://github.com/xyhhx/qubes-split-onlykey
(mirror) a tool to proxy ssh, gpg, and fido2/ctap operations on qubes os for your onlykey, using systemd to provide per-client isolation for connections' sockets and configuration
https://github.com/xyhhx/qubes-split-onlykey
ctap fido2 gnupg gpg gpg-agent onlykey pgp qubes qubes-os qubes-rpc rust security ssh ssh-agent systemd webauthn
Last synced: 7 days ago
JSON representation
(mirror) a tool to proxy ssh, gpg, and fido2/ctap operations on qubes os for your onlykey, using systemd to provide per-client isolation for connections' sockets and configuration
- Host: GitHub
- URL: https://github.com/xyhhx/qubes-split-onlykey
- Owner: xyhhx
- License: other
- Created: 2025-03-01T15:37:35.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-03-04T04:05:04.000Z (about 1 year ago)
- Last Synced: 2025-03-04T05:19:16.184Z (about 1 year ago)
- Topics: ctap, fido2, gnupg, gpg, gpg-agent, onlykey, pgp, qubes, qubes-os, qubes-rpc, rust, security, ssh, ssh-agent, systemd, webauthn
- Language: Shell
- Homepage: https://forge.0x.ab.hor.rent/xyhhx/qubes-onlykey-proxy
- Size: 79.1 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Qubes Split Onlykey
[](https://firstdonoharm.dev/version/3/0/full.html)
> [!Note]
> Still in early development
> [!Warning]
> Even `main` might be cooked
---
### Design goals
- Provision separate sockets and configurations for each client domain
- Isolate sockets and configurations using systemd sandboxing
---
#### Acknowledgements
Design inspiration mostly coming from:
- https://piware.de/post/2019-10-15-cockpit-systemd-activation-cubed/
- https://github.com/cockpit-project/cockpit/blob/main/src/tls/README.md
- https://gist.github.com/bcduggan/bb60d79d2d1a2c2045d3a5dd4d35ca4d