SoftU2F-Win
SoftU2F
SoftU2F-Win | SoftU2F | |
---|---|---|
1 | 3 | |
64 | 2,144 | |
- | - | |
3.3 | 0.6 | |
4 months ago | over 3 years ago | |
C | Swift | |
The Unlicense | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
SoftU2F-Win
-
On-device WebAuthn and what makes it hard to do well
It's been a few years, but the main references I remember using:
1. Windows: https://github.com/frankmorgner/vsmartcard/tree/master/virtu..., which is a fix-up of the older https://www.codeproject.com/Articles/134010/An-UMDF-Driver-f..., and https://github.com/Watfaq/SoftU2F-Win/tree/master/SoftU2FDri.... Note that neither of these actually implement CTAP2.
2. Linux: There's plenty to refer to on HID gadgets, but https://blog.hansenpartnership.com/webauthn-in-linux-with-a-... and the code at https://git.kernel.org/pub/scm/linux/kernel/git/jejb/fido2-c... were my entrypoint.
3. Mac: I ended up not implementing a Mac version, but GitHub themselves used to support a CTAP1/U2F software authenticator, now archived at https://github.com/github/SoftU2F. I was going to work from that.
For the service I looked at different software "devices" interfacing with these kinds of drivers (or just the browser directly in Firefox's case).
1. Generic NIST SP 800-73 PIV: https://github.com/CCob/PIVert. Very limited scope, pentest tool with no extraneous features. It uses the BixVReader driver.
SoftU2F
-
On-device WebAuthn and what makes it hard to do well
It's been a few years, but the main references I remember using:
1. Windows: https://github.com/frankmorgner/vsmartcard/tree/master/virtu..., which is a fix-up of the older https://www.codeproject.com/Articles/134010/An-UMDF-Driver-f..., and https://github.com/Watfaq/SoftU2F-Win/tree/master/SoftU2FDri.... Note that neither of these actually implement CTAP2.
2. Linux: There's plenty to refer to on HID gadgets, but https://blog.hansenpartnership.com/webauthn-in-linux-with-a-... and the code at https://git.kernel.org/pub/scm/linux/kernel/git/jejb/fido2-c... were my entrypoint.
3. Mac: I ended up not implementing a Mac version, but GitHub themselves used to support a CTAP1/U2F software authenticator, now archived at https://github.com/github/SoftU2F. I was going to work from that.
For the service I looked at different software "devices" interfacing with these kinds of drivers (or just the browser directly in Firefox's case).
1. Generic NIST SP 800-73 PIV: https://github.com/CCob/PIVert. Very limited scope, pentest tool with no extraneous features. It uses the BixVReader driver.
-
FIDO Alliance
Most open source tools I've seen that implement FIDO use a shared Attestation cert[0].
[0]: https://github.com/github/SoftU2F/blob/master/SelfSignedCert...
- Why Cloudflare’s CAPTCHA replacement with FIDO2/WebAuthn is a bad idea
What are some alternatives?
virtual-fido - A Virtual FIDO2 USB Device
webauthn - Web Authentication: An API for accessing Public Key Credentials
tpm-fido - A WebAuthn/U2F token protected by a TPM (Go/Linux)
softfido - A software FIDO2/U2F authenticator
vsmartcard - umbrella project for emulation of smart card readers or smart cards
BlueRSA - RSA public/private key encryption, private key signing and public key verification in Swift using the Swift Package Manager. Works on iOS, macOS, and Linux (work in progress).
openssh-sk-winhello - A helper for OpenSSH to interact with FIDO2 and U2F security keys through native Windows Hello API
SwiftShield - đź”’ Swift Obfuscator that protects iOS apps against reverse engineering attacks.
PIVert