I am trying to develop a document signing tool for our engineering process. The core of this application is an RSA signed string with identification and data to coordinate the validation of documents (mostly by checking that everyone is looking at the same version of the document). The system needs to be multi-platform (Windows, Linux, Mac).
I want to use hardware-based authentication for the private-key management, and the most secure way to do this would be to pass the message to the onlykey and have it return an RSA signature. Ideally I’d like to do this in python directly. Is this a capability of OnlyKey?
Currently OnlyKey supports RSA signatures for OpenPGP. This uses the onlykey-agent here OnlyKey SSH/GPG agent | Docs
This does require GnuPG to function. We also could use onlykey-cli directly this is something we have considered supporting but have not implemented yet.
So yes its a capability but would require an update to onlykey-cli to support this directly in the CLI.
Thank you. This is the conclusion I reached reading the docs. Although it is my understanding that onlykey won’t work with GPG4win, which is a problem for our windows users (i.e. most of them).
Yes, currently onlykey-agent only works with mac/linux we do have several ongoing efforts that may relate to what you are trying to do.
We are planning on adding support for GPG4win to onlykey-agent this is probably 6 months away though.
We are planning on releasing a nodejs module for OnlyKey (node-onlykey) that allows integration with 3rd party web apps and local apps for encryption/signing. This would not use RSA as ECC protocols are faster. This might work for your app if you can support ECC keys.