anelok: main case, top: corners [1/4]

Werner Almesberger werner at almesberger.net
Mon Dec 2 00:18:34 EST 2013


Dave Ball wrote:
> This is super awesome Werner.

Hi Dave, good to see you again ! And thanks for the praise :)

> I'm not sure if you're already planning this, but one thought I've
> had since you announced this project is whether it would be worth
> integrating Anelock with some keychain software on the host

Yes, of course :) For example, it would be very nice if, say,
a Web browser that encounters a password prompt could tell
Anelok the site and maybe the account, and ask for the password
(and maybe an account). Anelok could then pre-select the
information and the user would only have to approve the
transaction.

By using a "proper" protocol, one could make sure passwords
don't get typed into the wrong field or even window by accident.
(E.g., some day, the #qi-hardware logs may become quite
interesting in that regard ;-)

Anelok could also be used to store other things. I haven't
looked at the technology, but maybe it could hold a Bitcoin
wallet.

Or, as you suggested, act as a general customizable access
token.

> I don' know if it's possible, but I'm thinking that Anelock becomes
> the keystore for e.g. gnome-keyring, so when I try to access a
> resource, gnome-keyring pokes Anelok to wake up, I dial-in my pin,
> and gnome-keyring does the host-side magic?.

Sure, any program that does this kind of things could be
extended to talk to Anelok. Or, if that make sense, something
that talks to Anelok could speak the protocol of such a program.

> I guess the big complexity is the USB stack, and whether it can
> support both a custom protocol for a keystore implementation and
> pretend to be a HID at the same time?

Oh, USB gives you lots and lots of options to do things :-)
I think you could just do it by having multiple "interfaces"
in the same "configuration". The host (PC, etc.) should bind its
drivers to the ones it recognizes and let you have fun with the
rest of them.

But if we want to be able to also reach people afflicted with
Windows and such, making it a straight USB protocol level choice
may not be the best idea. Instead, one can abuse the HID reports
for sending and receiving "special" messages. This avoids having
to write a special USB device driver.

There's even a nice multi-platform library for it:
http://www.signal11.us/oss/hidapi/

- Werner



More information about the discussion mailing list


interactive