The exclusive promotional activities on JCOP J3H145 card and Feitian R301 Smartcard Reader are in full swing. Please check this page for details.

Smart Card Fido U2F Applet

Collect and collate various open source JavaCard applets.
All applets are under the open source licenses.

Moderator: Ellisun

User avatar
JavaCardOS
Posts: 269
Joined: Thu Apr 30, 2015 12:00 pm
Points :2349
Contact:

Smart Card Fido U2F Applet

Post by JavaCardOS » Tue Dec 13, 2016 1:18 am

U2F is an open authentication standard that enables internet users to securely access any number of online services, with one single device, instantly and with no drivers or client software needed.

Fido U2F is a javacard applet which is a FIDO compliance program running in java smartcard platform.This code implements the FIDO U2F specifications being developed at http://fidoalliance.org/, and it was based on U2FToken and ledger-u2f-javacard.

Note:
    1. You can also view this applet from GitHub or SourceForge.
    2. This Applet has been successfully compiled in JCIDE, and it has been tested with JC30M48CR.
You do not have the required permissions to view the files attached to this post. Please login first.

Bob2002
Posts: 36
Joined: Wed Jul 29, 2015 10:50 pm
Points :1216
Contact:

Re: Smart Card Fido U2F Applet

Post by Bob2002 » Tue Dec 13, 2016 1:48 am

The Mission of the FIDO (Fast IDentity Online) Alliance is to change the nature of online authentication by:

  • Developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users.
  • Operating industry programs to help ensure successful worldwide adoption of the Specifications.
  • Submitting mature technical Specification(s) to recognized standards development organization(s) for formal standardization.

tieuhaoluong
Posts: 14
Joined: Mon Sep 19, 2016 12:28 am
Points :328
Contact:

Re: Smart Card Fido U2F Applet

Post by tieuhaoluong » Wed Feb 15, 2017 12:53 am

Hi all,
What's different from U2F Version 1.0 & 1.1?

User avatar
UNKNwYSHSA
Posts: 630
Joined: Thu May 21, 2015 4:05 am
Points :3035
Contact:

Re: Smart Card Fido U2F Applet

Post by UNKNwYSHSA » Wed Feb 15, 2017 6:12 am

tieuhaoluong wrote:Hi all,
What's different from U2F Version 1.0 & 1.1?


From the name of specification, v1.1 is a Draft version.
For more technique details, you have to read the specifications and find out differents.
sense and simplicity

tay00000
Posts: 141
Joined: Tue Sep 27, 2016 10:58 am
Points :1880
Contact:

Re: Smart Card Fido U2F Applet

Post by tay00000 » Sat Oct 20, 2018 8:09 am

I know that this is a rather old topic so probably I might be missing something.

I am recently deciding to test out U2F applet by @Javacardos and also the cards bought from @Javacardos.

Applet installed on card with no problems.

When I insert card into card reader and visited Yubico's U2F demo page (https://demo.yubico.com/u2f?tab=register), I noticed that nothing is going through to the card and the reader as I am not registering any sort of commands being passed to the card.

Am I right that using card and reader by default on a web browser is not going to work until I do something like mentioned in an old post via
(https://javacardos.com/javacardforum/vi ... &hilit=u2f) ?

tay00000
Posts: 141
Joined: Tue Sep 27, 2016 10:58 am
Points :1880
Contact:

Re: Smart Card Fido U2F Applet

Post by tay00000 » Tue Oct 23, 2018 10:49 am

Probably some side knowledge in case people are wondering. I was reading something regarding how Windows handles USB drivers and it doesn't allow HID, CCID and mass storage access via the default Windows driver and thus Zadig must be used to swap out for a USB driver that allows WebUSB.

So no go for WebUSB and no one has come up with a working WebUSB with CCID for production grade solution yet.

Now what about the FIDO route ? Apparently it only supports HID tokens for contact insertion and NFC has to be done over a phone with NFC capability and a FIDO capable application like Google Auth installed and of course an NFC device with FIDO applet too. That is too much a hassle. Similarly, the BLE route is the least chosen due to it being not easy to obtain tokens with BLE. Similarly a phone with BLE and with a phone app and a BLE token must be used. So for desktop access ... no luck unless the hardware is capable of HID with FIDO settings for HID as well in it's HID descriptors.

moozoo
Posts: 1
Joined: Fri Jun 07, 2019 7:44 am
Points :12
Contact:

Re: Smart Card Fido U2F Applet

Post by moozoo » Thu Jun 20, 2019 1:47 am

On the GitHub for this it says
"FidoU2F Javacard Applet for JCIDE users (tested with JC30M48CR) "

However to initialize the applet with a attestation Certificate you need to do a send that is 281 bytes long.
According to https://javacardos.com/javacardforum/vi ... .php?t=924
"APDU buffer size: 261 bytes" which is too small
The send just hangs PyADPUtool

So I'm guessing "tested with JC30M48CR" wasn't very thorough?....

Windows 10 1903 recognizes the card with the applet via NFC But spits and error. Presumably because the attestation Certificate isn't set.
Also under Windows 10 1903 you need to run JCOSPanel as administrator because Windows will block any attempt to select the fido applet via its AID

I'm a javacard newbie. I want a full javacard fido2 applet so I'm looking at doing that myself and learn javacard along the way.

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 2 guests

JavaCard OS : Disclaimer