Break out the trumpets. Lower the drawbridge. The YubiKings are here to claim their thrones!
Today, Yubico is announcing the three winners of the months-long YubiKing contest, designed to discover who had mad enough skills to build the most innovative, creative and compelling solution around the YubiKey.
We received and evaluated a pile of fantastic entries. It was hard to cut them to a reasonable number before deciding on the three winning teams, each of which had incorporated a number of Yubico and open source elements into their YubiKing projects.
Congratulations to the leaders and team members of the victorious projects:
- Stuart Buckell; MFAStack Project site
- Ian Qvist; CSIS Enrollment Station Project site, PDF Manual, Video
- Dominik Schürmann; OpenKeychain for Android Project site, Video
Each team will receive a $3,000 prize and special-edition etched “YubiKing” keys.
And we need to have a well-deserved virtual cheer for all those who took their best ideas and spent time working them into tangible solutions over the past months.
YubiKing Buckell and his team of four added support for YubiKey protocols — OTP, OATH and FIDO’s U2F — to the two versions of their MFAStack platform, that include two-factor authentication (2FA) support, IdP capabilities, and standards-based single sign-on. The YubiKey supports two-factor authentication to access the admin console, and a Yubico OTP is also used to approve changes to user settings, such as revoking keys.
But it’s the integration with U2F that gives users private key cryptography capabilities. In essence, it is strong authentication to protect an end-user’s single sign-on account. Buckell’s development team also included Nikola Bursac, Dominik Trupčević, Marko Bencek and Domagoj Paljug.
YubiKing Qvist and his teammate, Michael Bisbjerg, built CSIS Enrollment Station, an application that lets IT departments easily deploy and manage certificates and YubiKeys (PIV support, enrollment, pin reset, revocation) on behalf of Microsoft Windows users. This was not possible previously because the YubiKey does not have native write support with Microsoft’s Base Smart Card Crypto Provider. So the team used Yubico’s PIV tool and a YubiKey PIV library .dll to generate a private key directly on the YubiKey and then generate a Certificate Signing Request. The request is read by their program as PKCS#7 and then packaged in a Certificate Management Message over CMS (CMC). The package is then sent to the Windows Certificate Authority. For good measure, Qvist and his team added the ability to generate a Pin Unlock Code and management keys by interfacing with Yubico HSM’s random number generator.
Not to be outdone, YubiKing Schürmann and his teammate, Vincent Breitmoser, went mobile with OpenKeychain for Android, which provides OpenPGP encryption, decryption and digital signatures to protect messages on an Android smartphone. Schürmann’s team added support for the OpenPGP feature of YubiKey NEO and its Near Field Communication (NFC) option. By separating the key mechanism from the device, OpenKeychain dramatically increases the security of the device. The application integrates with K-9 Mail and Conversations.
Thank you, everyone, for the wonderful submissions and for contributing to a successful contest. Don’t forget to look up Yubico at the Black Hat conference next month in Las Vegas at Booth #964. We can talk a little YubiKing.
See you next year!