Support for yubikeys

I was hoping that Duplicacy would offer support for encrypting+decrypting backups with hardware keys (such as yubikeys), but I can’t find anything in the documentation/forum mentioning the word ‘yubikey’ so I guess it’s currently not supported.

In any case I think it would be an awesome feature to have: your backup is locked with a hardware key, and when migrating from one machine to another (or from one OS release to another) you’ll just need to install Duplicacy on the new machine, connect to the storage location, and plug your yubikey. (i.e. no need to remember which password you used for the backup)


My two cents: I think it is on the spectrum of not being worth the effort implementing to being counterproductive. Reasoning:

  • this is a backup tool. It’s job is to do backup, not manage security. Passwords should be stored in the password manager or keychain, which duplicacy already supports. Some password managers support yubikey.
  • in disaster recovery scenario (house burnt down), including ubikey — what’s the plan? The keychain is often replicated in a geographically diversified and is unlikely to get lost. If keys are generated and stored by the hardware device — that is a single point of failure. That device will fail, so you need an alternative way to login without the key. In this case see next bullet:
  • backup tool is set it once and forget it type of deal. Ideally you never need to login there after initial setup. Hardware keys are useful for authentication to avoid typing system passwords ten times a day when keychain is not available, and where there is the way to reset credentials to a new key if the existing one is lost or destroyed. Backup workflow simply does not have those properties: Making login more convenient is not a problem that needs solving; users can login manually once in a decade when restore might need to be donestrong text.