Pageant compatible SSH agent for Windows
using a PIV dongle.
Compatible with :
- all Yubico 5 series : YubiKey 5 NFC, YubiKey 5C NFC, YubiKey 5Ci, YubiKey 5 Nano, YubiKey 5C, YubiKey 5C Nano, YubiKey 5 NFC FIPS, YubiKey 5C NFC FIPS, YubiKey 5Ci FIPS, YubiKey 5 Nano FIPS, YubiKey 5C FIPS and YubiKey 5C Nano FIPS
- Yubico Yubikey Neo
- Yubico Yubikey 4 series
- Feitian ePass Plus PIV
- Feitian BioPass FIDO2 Plus
Potentially with any PIV card or USB dongle.
What is needed is to list the dongle/card ATR in COMPATIBLE_CARDS_ATR in /lib/piv/compat_devices.py.
Get the Windows binary exe distributed in Github releases.
To increase the security, the Windows exe released is signed with our Extended Validation certificate, bringing even greater confidence in the integrity of the software.
Start the agent :
Run PIVageant.exe
After detecting your PIV dongle, it hides automatically to tray if it can read a public key. Then it monitors the Pageant queries (from Putty or compatible SSH Windows Pageant clients) and redirects the signature to the PIV key.
When minimized, it goes to the tray icons bar. Any click on the icon restore the window.
You can change the current PIV device, after the new PIV key device was plugged in place of the other one :
Maximize PIVageant (click on the tray icon), then click on the "Refresh" button.
Click on the "+ new key" button in PIVageant, then confirm. It will generate an ECDSA key (256 or 384 bits if possible) using some standards administrator default keys.
The key certificate written in the PIV dongle is not even self-signed, but with a fake invalid signature. It only holds the public key, to read the EC public key.
To run from source :
python3 setup.py install
or install :
- Python3 >= 3.6.1
- wxPython 4.2.0
- pyscard 2
- cryptography 36.0.1
To build the binaries, you need Python 3.9 and Pyinstaller. Start the Build-Windows.bat script in the package directory. Output result in the dist directory.
PIVageant can be run with the "-v" options to display various debug informations.
python3 PIVageant.pyw -v