libfido2 | Provides library functionality for FIDO2 | Authentication library

 by   Yubico C Version: 1.13.0 License: Non-SPDX

kandi X-RAY | libfido2 Summary

kandi X-RAY | libfido2 Summary

libfido2 is a C library typically used in Security, Authentication applications. libfido2 has no bugs, it has no vulnerabilities and it has low support. However libfido2 has a Non-SPDX License. You can download it from GitHub.

libfido2 provides library functionality and command-line tools to communicate with a FIDO device over USB, and to verify attestation and assertion signatures. libfido2 supports the FIDO U2F (CTAP 1) and FIDO2 (CTAP 2) protocols. For usage, see the examples/ directory.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              libfido2 has a low active ecosystem.
              It has 460 star(s) with 129 fork(s). There are 58 watchers for this library.
              OutlinedDot
              It had no major release in the last 6 months.
              There are 5 open issues and 220 have been closed. On average issues are closed in 18 days. There are 2 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of libfido2 is 1.13.0

            kandi-Quality Quality

              libfido2 has 0 bugs and 0 code smells.

            kandi-Security Security

              libfido2 has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              libfido2 code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              libfido2 has a Non-SPDX License.
              Non-SPDX licenses can be open source with a non SPDX compliant license, or non open source licenses, and you need to review them closely before use.

            kandi-Reuse Reuse

              libfido2 releases are not available. You will need to build from source code and install.
              Installation instructions, examples and code snippets are available.
              It has 35 lines of code, 0 functions and 2 files.
              It has low code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of libfido2
            Get all kandi verified functions for this library.

            libfido2 Key Features

            No Key Features are available at this moment for libfido2.

            libfido2 Examples and Code Snippets

            No Code Snippets are available at this moment for libfido2.

            Community Discussions

            QUESTION

            Wrapped private key with libfido2?
            Asked 2022-Jan-23 at 18:00

            I am currently working my way into libfido2 and trying to figure out how to use wrapped private keys with it.

            Yubico says in the FAQs that with YubiKey 5 unlimited key pairs can be used for FIDO U2F; however, for FIDO2 only space for 25 resident keys is promised.

            1. Does "FIDO2" mean that resident keys are used and that FIDO2 cannot be used with (external) wrapped private keys?

            2. If this is the case, does libfido2 offer any possibility to work with FIDO U2F and wrapped keys instead?

            3. If so, how does libfido2 need to be configured to do this? How can I provide the library with the appropriate protected private key. At least in "fido2-assert" I don't see a way to do this when I want to create an assertion on the client.

            (The function accepts four specific parameters description here, and the only one that I understand could bring the private key is the "credential id". But the name makes me doubt if my request is possible with this parameter).

            I am grateful for any answer!

            EDIT: In the meantime I found this link to some Solo Keys developer pages describing how it works on Solo Keys. It seems the private key is calculated on the fly - in this case credential id would work as seed for the calculation)

            ...

            ANSWER

            Answered 2022-Jan-23 at 18:00

            FIDO2 encompasses both WebAuthn (browser API) and CTAP2 (USB/Bluetooth/NFC APIs for externally connected authenticators). CTAP2 supports both client-side and server-side credentials, and specifies how backwards compatibility with U2F/CTAP1 authenticators works. Since you're working with libfido2, the CTAP documentation might be useful to understand what it does under the hood.

            Client-side discoverable credentials (previously known as resident keys) are used for usernameless flows where no Credential IDs are specified during authentication. These keys are generated randomly and require storage space. Server-side credentials (non-resident keys) are represented as Credential IDs. What type of key is created is requested during the registration process but both FIDO2 standards default to server-side credentials if not specified. U2F only supported server-side credentials.

            For external authenticators with limited storage space, server-side credentials are typically wrapped private keys encrypted by a single 'master' key stored in the authenticator. Since the entire state is stored outside of the authenticator this allows for practically infinite keys to be generated even with limited storage space. But it does mean that the Credential ID generated during registration must be stored on the server, and in order to generate an assertion it must be offered back to the authenticator later for authentication. In WebAuthn these Credential ID(s) are typically presented after the user is identified (e.g. via username and password) in the allowCredentials argument, CTAP2 calls this allowList.

            With the terminology now (hopefully) clarified, yes libfido2 supports both types of credentials according to the assert example:

            Asks for a FIDO2 assertion corresponding to [cred_id], which may be omitted for resident keys. The obtained assertion is verified using .

            Source https://stackoverflow.com/questions/70823001

            QUESTION

            How do I get my Yubikey to work with SSH in Windows 10?
            Asked 2021-May-23 at 07:03

            after buying a Yubikey 5 NFC for technical interest (firmware 5.2.7) and setting up FIDO2 authentication where possible, I ran into the problem that I could no longer connect to my GitLab server via SmartGit because the second factor is not requested and therefore I can't connect to the server.

            I then decided to deal with it on Windows 10 via Git Bash and SSH. Unfortunately, the documentation here assumes a lot of prior knowledge and I am an absolute beginner on the subject. In the meantime I managed to connect to the server with Git Bash and SSH using a locally generated SSH certificate.

            Now I would like to use the Yubikey instead of the certificate stored locally on the computer. Unfortunately, all instructions (e.g. this one https://docs.github.com/en/github/authenticating-to-github/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key-for-a-hardware-security-key) lead to the same error message for me:

            ...

            ANSWER

            Answered 2021-May-23 at 07:03

            So: it is true Security keys are now supported for SSH Git operations , as announced early this month (May 2021) on GitHub, but, as discussed here, there are still issues.

            Your error message looks like a bug in progress on Debian: "issue 980393: /usr/bin/ssh-keygen -t ecdsa-sk fails with "Key enrollment failed: invalid format"".
            And it is still being reported this month.

            If this fails also with -t ecdsa, try and using a plugin for OpenSSH to connect to FIDO/U2F security keys through native Windows Hello APIs might help.
            Type export SSH_SK_HELPER=/usr/lib/ssh/ssh-sk-helper.exe first, as seen in tavrez/openssh-sk-winhello issue 1.
            Check your OpenSSH version is at least 8.2. It is on my side with the latest Git for Windows:

            Source https://stackoverflow.com/questions/67639931

            QUESTION

            Cannot Generate U2F Public/Private Keypair for ssh : FIDO_ERR_RX
            Asked 2020-Jun-23 at 17:09

            I'm currently experiencing issues generating a U2F public/private key-pair in the terminal with the following command:

            ssh-keygen -t ecdsa-sk -vv

            Running this command provides the following error:

            ...

            ANSWER

            Answered 2020-Jun-23 at 17:09

            It appears that the issue causing this problem was an admin password placed on U2F functionality before I ever received the Yubikey from my work. You can't generate a U2F ecdsa-sk public/private keypair with an admin password in place.

            Source https://stackoverflow.com/questions/62329543

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install libfido2

            The current release of libfido2 is 1.10.0. Please consult Yubico’s release page for source and binary releases.

            Support

            libfido2 is known to work on Linux, macOS, Windows, OpenBSD, and FreeBSD. NFC support is available on Linux and Windows.
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/Yubico/libfido2.git

          • CLI

            gh repo clone Yubico/libfido2

          • sshUrl

            git@github.com:Yubico/libfido2.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular Authentication Libraries

            supabase

            by supabase

            iosched

            by google

            monica

            by monicahq

            authelia

            by authelia

            hydra

            by ory

            Try Top Libraries by Yubico

            yubikey-manager

            by YubicoPython

            yubico-pam

            by YubicoC

            yubioath-desktop

            by YubicoC++

            pam-u2f

            by YubicoC

            python-fido2

            by YubicoPython