vsmartcard
virtual-fido
vsmartcard | virtual-fido | |
---|---|---|
2 | 15 | |
672 | 1,135 | |
- | 1.9% | |
6.0 | 6.2 | |
26 days ago | 12 days ago | |
C | C | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
vsmartcard
-
On-device WebAuthn and what makes it hard to do well
It's been a few years, but the main references I remember using:
1. Windows: https://github.com/frankmorgner/vsmartcard/tree/master/virtu..., which is a fix-up of the older https://www.codeproject.com/Articles/134010/An-UMDF-Driver-f..., and https://github.com/Watfaq/SoftU2F-Win/tree/master/SoftU2FDri.... Note that neither of these actually implement CTAP2.
2. Linux: There's plenty to refer to on HID gadgets, but https://blog.hansenpartnership.com/webauthn-in-linux-with-a-... and the code at https://git.kernel.org/pub/scm/linux/kernel/git/jejb/fido2-c... were my entrypoint.
3. Mac: I ended up not implementing a Mac version, but GitHub themselves used to support a CTAP1/U2F software authenticator, now archived at https://github.com/github/SoftU2F. I was going to work from that.
For the service I looked at different software "devices" interfacing with these kinds of drivers (or just the browser directly in Firefox's case).
1. Generic NIST SP 800-73 PIV: https://github.com/CCob/PIVert. Very limited scope, pentest tool with no extraneous features. It uses the BixVReader driver.
-
⟳ 5 apps added, 63 updated at f-droid.org
Smart Card Reader (version 2.3): Use your phone as contact-less smart card reader
virtual-fido
- Tailscale doesn't want your password
-
Passkeys now support external providers
> who the heck would carry a USB key with them??
Why not? I do this. It's no different from any other physical key like a door key, and I keep it on the same keychain too...
> The passkey is usable anywhere (signed up on my desktop, hopped over to my laptop and signed in there with the same passkey).
I don't see how this conflicts with physical tokens like Yubikeys? The tokens help you "remember" the key like how a physical door key helps you "remember" the bitting (which is the real authentication info).
Just like passkeys, U2F can also be done using a virtual U2F device if you so choose (https://github.com/bulwarkid/virtual-fido). And presumably you could create an off-device portable token to store passkeys...
The real problem at the end of the day is just consistent adoption. There's still a ton of 2FA services that don't accept U2F and only use SMS or email codes...
-
Google Introduces Passkey Authentication
If this is FIDO2, then it seems these projects might be useful on Linux...
https://github.com/bulwarkid/virtual-fido
https://bulwark.id/
-
Is there a linux equivalent to Windows Hello?
Suggested solution: https://github.com/bulwarkid/virtual-fido
- On-device WebAuthn and what makes it hard to do well
- GitHub - bulwarkid/virtual-fido: A Virtual FIDO2 USB Device
-
Mozilla claims Apple, Google and Microsoft force users to use default browsers
You can use an open source virtual FIDO device instead of Apple's implementation:
https://github.com/bulwarkid/virtual-fido/
-
Hacker News top posts: Sep 18, 2022
Show HN: A virtual Yubikey device for 2FA/WebAuthN\ (104 comments)
- Show HN: A virtual Yubikey device for 2FA/WebAuthN
What are some alternatives?
WSCT-Core - Public repository for WSCT Core project.
tpm-fido - A WebAuthn/U2F token protected by a TPM (Go/Linux)
libnfc - Platform independent Near Field Communication (NFC) library
pam-u2f - Pluggable Authentication Module (PAM) for U2F and FIDO2
Simple-Flashlight - A simple modern flashlight with SOS, stroboscope & bright display, has no ads.
PIVert
Xtra - Xtra is a Twitch player and browser for Android.
j40 - J40: Independent, self-contained JPEG XL decoder
Simple-Voice-Recorder - An easy way of recording any discussion or sounds without ads or internet access
SoftU2F - Software U2F authenticator for macOS
SoftU2F-Win - Software U2F authenticator for Windows