So now that I have a Spark 2 and with the ever closer Apex release it got me wondering… there is an Android app and an upcoming iOS app but is there any considerations for a client for computers or at least a library so that people like myself can make a client for there preferred platform?
I just shouted to him…hopefully he heard so he can answer your question
I guess you have had a look
Ohh no, I had no clue the repo collection was so extensive… I will have a look through those.
EDIT: Had a look, nothing that seems to involve handling these parts of the flow:
I think that functionality is only in the VivoKey app which is not open source from what I can see (or I am blind) also i would have to involve server side updates to allow another way of notifying the device that a scan is required or some similar mechanism (such as by scanning your implant it checks to see if there is a pending auth request).
It’s… under consideration… let me talk to my core dev
If you do make an API or library, I can guarantee at least a basic Linux client probably windows/linux with MacOS just needing testing / minor tweaks.
I’ll soon be doing some coding for the Spark2 under Linux. Raw crypto stuff though, not linked to Vivokey.
Speaking of Vivokey Amal, hypothetically-speaking, would there be a problem if it worked with user-generated keys as well as its own s00per-s3kr1t key (or keys) that it sets on all the crypto chips it sells, aside from the fact that it can’t really trust the user to keep their key safe? I mean if the user compromises their own key, at the end of the day, the only loser is them. Vivokey itself wouldn’t run any risk.
I haven’t looked into what sort of command’s the chip takes but now I’m curious without the keys to validate it’s response what do think you will be able to do with it?
I’ll stick my own key(s) in it, and use it to encrypt stuff, sign files, and challenge-response authenticate into my own servers. If I don’t find existing code to modify, I’ll code my own. But most likely I’ll extend another library.
A spark2 or an unprovisioned ntag413? I thought the ntag413s Iin the spark where configured to be fully read only?
Yeah okay. Let’s say a Spark2 is a Vivokey-locked NTAG413 then - in which case, I meant an unprovisioned NTAG413
Cool, only reason I was clarifying was if I could do anything additional with my spark 2 in the future. Still will be interested in what you do with it I’m looking into similar stuff for the DF2 eventually
Well that’s the thing: if you don’t know the master key (and you don’t) and you can’t set any other key (and you won’t be able to), you won’t do any non-Vivokey crypto with it. You can use it to store a short NDEF, or use it with my brilliant login software [gratuitous plug right there… ] with its UID, and of course use it to authenticate with VK’s servers. But that’s about it.
Yeah that was my impression (unless @amal releases key 2 to us)
Hence the confusion of you doing your own crypto with it.
I for one just am glad people are working on things with it. I misunderstood it when I bought it. I am struggling to figure out how to actually implement it.
What do you want to implement?
Well you can set the URL and authenticate with software and websites that use the VivoKey OIC system and Enrol it with things. That’s about it AFAIK.
Ah yes okay, application-level. Not interested
Very nice keyboard
Exciting progress, @Pilgrimsmaster will be pleased!
Next week comes the linux desktop app right