Your key is the address. Plug in, tap, connect.
Sigil is a Tauri v2 desktop app (Rust backend, vanilla JS frontend) that lets you remote into your machine using a FIDO2 security key as the sole authentication factor. The key produces a hmac-secret that becomes the 32-byte seed for an Iroh P2P endpoint. Both host and client derive the same identity from the same key. The key handles addressing.
Screen capture and encoding run through an ffmpeg subprocess with hardware acceleration (NVENC, VAAPI, QSV, AMF, VideoToolbox) up to 60fps. The client decodes via WebCodecs with hardware acceleration for H.264, H.265, and AV1. A software fallback (xcap + openh264) is available if ffmpeg isn't installed.
- Shared identity. The FIDO2 key derives the Iroh peer identity. Both sides get the same node ID from the same key.
- End-to-end encrypted. Iroh handles the transport with built-in E2EE. The key never leaves the hardware token.
- Hardware-accelerated video. ffmpeg handles capture and encode with your GPU. WebCodecs handles decode on the client. Up to 60fps.
- Cross-platform. Linux, macOS, Windows. Auto-detects the best encoder for your hardware.
- Peer-to-peer. Via Iroh relay. No third-party services or accounts.
- Single binary. Tauri bundles everything except ffmpeg (system dependency).
- Rust 1.85+ (install)
- ffmpeg for screen capture and hardware encoding
- FIDO2 security key with hmac-secret support (YubiKey, Google Titan, etc.)
sudo apt install -y ffmpeg libwebkit2gtk-4.1-dev build-essential curl wget file \
libxdo-dev libssl-dev libayatana-appindicator3-dev librsvg2-dev \
libudev-dev libusb-1.0-0-dev pkg-config libwayland-dev libpipewire-0.3-dev libgbm-devOn NVIDIA, set WEBKIT_DISABLE_DMABUF_RENDERER=1 before running.
brew install ffmpegGrant Accessibility and Screen Recording permissions in System Settings > Privacy & Security.
choco install ffmpegcargo install --git https://args.io/cat/sigil- Register (one-time per machine): click register, tap your key. Creates a resident credential.
- Host: click host. The app starts listening on an Iroh endpoint derived from your key.
- Connect: on another machine, click connect, tap the same key. The screen appears, input is forwarded.
Keyboard shortcuts: type your PIN, then press c (connect), r (register), or h (host).
Full setup details: docs/SETUP.md
| Document | Description |
|---|---|
| Setup Guide | Platform-specific install, dependencies, usage, architecture, protocol |
| Architecture | Transport, encoder backends, wire protocol, connection tracking |
| Spikes | Seven viability spikes with pass/fail evidence |
| Agent Guide | Development context for AI agents working on the codebase |
| FIDO2 HID Evidence | ctap-hid-fido2 communication with FIDO2 keys |
| HMAC → Iroh Derivation | hmac-secret → Iroh SecretKey proof |
| Iroh Native Ping | Iroh connectivity between native endpoints |
| YubiKey HMAC Detection | YubiKey HMAC-secret detection |
| FIDO2 HID vs hidraw | HID vs hidraw approach comparison |
| Layer | Technology |
|---|---|
| App shell | Tauri v2 |
| Backend | Rust (edition 2024) |
| P2P transport | Iroh 1.0 (relay-assisted, E2EE) |
| Hardware auth | FIDO2 CTAP via ctap-hid-fido2 |
| Capture + encode | ffmpeg subprocess (NVENC/VAAPI/QSV/AMF/VideoToolbox) |
| Fallback capture | xcap + openh264 (software) |
| Codecs | H.264, H.265, AV1 (configurable) |
| Client decode | WebCodecs (hardware-accelerated, all three codecs) |
| Input injection | enigo |
| Identity storage | OS keyring |
| Frontend | Vanilla JS (no npm, no build step) |
MIT