Kryptonite is more like a GPG smartcard (or YubiKey) of sorts (with some security trade-offs for the arguably better UX). The key never leaves your mobile device. Backdoors and bugs are still a possibility of course (when aren't they?), and you probably wouldn't wan to run this on an outdated mobile device.
Of course, all you're doing with any of this is preventing your key from leaking. A sufficiently motivated attacker could just backdoor your ssh/git binary and access things through that instead, but it's still a good defense-in-depth mechanism, IMO.
> Can it do full disk encryption? Works with GPG agent? PIV? PKCS11? OTP? U2F?
My understanding is that the only use-case is SSH right now, but that could change, I guess.
> Requires battery. Not waterproof. Not crushproof.
Those are all valid. OTOH, it doesn't require yet another device that can be forgotten or lost, it's far easier to set up (compared to YubiKeys or other smartcards), and it's free.
> Can't backup the key? I need to buy two iPhones to have a backup in case one is lost?
That's correct. They plan to add paper backups and syncing via QR, IIRC. A second (regular) key that's kept offline would do as well.
(FWIW, I use YubiKeys for GPG/SSH/OTP/U2F as well, but I'd definitely recommend this to anyone looking for a cheaper or more usable alternative.)
>it doesn't require yet another device that can be forgotten or lost
iPhones can be lost too.
>it's far easier to set up
Yubikey can do U2F and OTP out of the package with no setup required.
While it can be easier (I wrote a nice shell script for myself), I don't consider setting up a Yubikey for SSH hard for the type of person who uses SSH,
emphasis on yet another. One more thing to keep track of. Not everyone likes to have their (door) keys hanging off their notebooks all day.
> Yubikey can do U2F and OTP out of the package with no setup required.
Yes, but we're talking about git/ssh here.
> While it can be easier (I wrote a nice shell script for myself), I don't consider setting up a Yubikey for SSH hard for the type of person who uses SSH,
That's not my experience, but it suppose it might depend on who you know/work with, or in what area you work.
> So is the Yubikey software.
I was talking about the free beer kind of free, but it's not accurate to say YubiKey is all free (libre) either, it depends on the product. There was quite a controversy a while back[1]. Personally, I'm fine with closed-source security products. Ideological reasons aside, I don't think making decisions based on whether the code is open source makes sense.
> I would consider that a fatal flaw. Once the private key is on the device, it should not be easy to recover it from the device.
I wouldn't say it's a fatal flaw. You rely on your phone's security to manage access to signing operations anyway, so if an attacker has access to the app, you're pretty much screwed either way. Again, there are trade-offs, but it's a step-up from keeping keys on-device.
>Not everyone likes to have their (door) keys hanging off their notebooks all day.
As if a whole phone is better... That's not a requirement with a yubikey anyway. Mine hangs on a lanyard on a dust plug. Many people have yubikey nanos and basically leave them plugged in their laptop all the time.
>I was talking about the free beer kind of free, but it's not accurate to say YubiKey is all free (libre)
Kryptonite is not libre. It's not even free. It's all rights reserved.
Yubico piv tool is 2 clause BSD, which is GPL compatible.
>Personally, I'm fine with closed-source security products.
So is RMS, assuming device software is fixed. See his comments on microwave ovens. Yubikey fits this description. Firmware is not updatable, for better security. Anyone who is trying to make a controversy out of what yubico is doing is either more extreme than RMS, dumb, or a competitor.
The parent comment literally said arguably, as in, can be argued and is based on personal choice.
And, although I'm not the commenter, it doesn't read anywhere near it trying to imply Kryptonite is a replacement for Yubikey. They were replying to someone comparing it to the 2FA PAM module, and explaining it's more like a smartcard or Yubikey in that it stores the key, rather than add a second verification outside the key.
I asked the questions because I'd like to know the answer. I'm not arguing passive aggressively.
I looked at the source repo, and at a glance, it looks like the app stores the key pair on the iOS keychain. My guess is that means the key can be removed from the device if the user chooses to do so, or if the user give access to the keychain to another application. Perhaps I'm wrong about that. I keep hearing "The key never leaves the device" repeated, and I'd mainly like to know how that guarantee is made.
The app uses kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly[1]. Quoting the relevant iOS documentation[2]:
> After the first unlock, the data remains accessible until the next restart. This is recommended for items that need to be accessed by background applications. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Of course, all you're doing with any of this is preventing your key from leaking. A sufficiently motivated attacker could just backdoor your ssh/git binary and access things through that instead, but it's still a good defense-in-depth mechanism, IMO.