Skip to content

Instantly share code, notes, and snippets.

@rbo

rbo/README.md

Last active August 30, 2023 11:30
Show Gist options
  • Save rbo/9121b2f4adbd928db8a87d2aa14c756d to your computer and use it in GitHub Desktop.
Save rbo/9121b2f4adbd928db8a87d2aa14c756d to your computer and use it in GitHub Desktop.
Download ZIP
How to disable yubikey / certificate for firefox
Raw
README.md

Firefox Settings

-> Privacy & Security -> Security Devcices

image

Before

2021-08-24-16-43-29-1629816209

Disable opensc

$ sudo p11-kit list-modules
p11-kit-trust: p11-kit-trust.so
    library-description: PKCS#11 Kit Trust Module
    library-manufacturer: PKCS#11 Kit
    library-version: 0.23
    token: System Trust
        manufacturer: PKCS#11 Kit
        model: p11-kit-trust
        serial-number: 1
        hardware-version: 0.23
        flags:
               token-initialized
    token: Default Trust
        manufacturer: PKCS#11 Kit
        model: p11-kit-trust
        serial-number: 1
        hardware-version: 0.23
        flags:
               write-protected
               token-initialized
opensc: opensc-pkcs11.so
    library-description: OpenSC smartcard framework
    library-manufacturer: OpenSC Project
    library-version: 0.22
    token: PIV_II
        manufacturer: piv_II
        model: PKCS#15 emulated
        serial-number: 00000000
        flags:
               rng
               login-required
               user-pin-initialized
               token-initialized
               user-pin-locked

$ mkdir -p ~/.config/pkcs11/module
$ cp /usr/share/p11-kit/modules/opensc.module ~/.config/pkcs11/modules/
$ echo "disable-in: firefox vivaldi-bin" >> ~/.config/pkcs11/modules/opensc.module
$ cat ~/.config/pkcs11/modules/opensc.module
# This file describes how to load the opensc module
# See: https://p11-glue.github.io/p11-glue/p11-kit/manual/pkcs11-conf.html
# or man pkcs11.conf

# This is a relative path, which means it will be loaded from
# the p11-kit default path which is usually $(libdir)/pkcs11.
# Doing it this way allows for packagers to package opensc for
# 32-bit and 64-bit and make them parallel installable
module: opensc-pkcs11.so
disable-in: firefox vivaldi-bin

After

2021-08-24-16-57-40-1629817060

@bugficks
Copy link

another way would be to add YubiKeys to ignored readers list in OpenSC which leaves other readers working.

> opensc-tool -l
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    Yes             ACS CCID USB Reader 0
1    Yes             Yubico YubiKey OTP+FIDO+CCID 0
2    Yes             Yubico YubiKey OTP+FIDO+CCID 1

and in opensc.conf I haved added:

app onepin-opensc-pkcs11 {
	ignored_readers = "Yubico YubiKey OTP+FIDO+CCID 0", "Yubico YubiKey OTP+FIDO+CCID 1";
}

app opensc-pkcs11 {
	ignored_readers = "Yubico YubiKey OTP+FIDO+CCID 0", "Yubico YubiKey OTP+FIDO+CCID 1";
}

just the OpenSC reader(s) wanted:
ff

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment