#1074069 RFP: canokey-qemu -- virtual canokey to the guest OS

Package:
wnpp
Source:
wnpp
Submitter:
procmem@riseup.net
Date:
2025-11-29 16:55:14 UTC
Severity:
normal
#1074069#5
Date:
2024-06-22 19:51:00 UTC
From:
To:
* Package name    : canokey-qemu
   Upstream Author : ZenithalHourlyRate Hongren Zheng
* URL             : https://github.com/canokeys/canokey-qemu
* License         : Apache-2.0 license
   Programming Lang: C
   Description     : virtual canokey to the guest OS

CanoKey [1] is an open-source secure key with supports of:

- U2F / FIDO2 with Ed25519 and HMAC-secret
- OpenPGP Card V3.4 with RSA4096, Ed25519 and more 2
- PIV (NIST SP 800-73-4)
- HOTP / TOTP
- NDEF

There is an emulated QEMU device in the form of libcanokey-qemu which is
the focus of this wishlist request. This feature will allow safe usage
of ones keys in a virtual environment with the trust issues that
accompany physical smartcard device implementations. Canokey also
provides a more straightforward and generic approach to interacting with
secure key material compared to swtpm-tools which support a subset of
these ciphers and algos in a TPM only context.

Once packaged, this feature will bring what was exclusively a feature
(Split GPG [3]) limited to users of security hypervisor distros like
QubesOS to the masses.


[1] https://canokeys.org/
[2] https://www.qemu.org/docs/master/system/devices/canokey.html#id9
[3] https://www.qubes-os.org/doc/split-gpg/