Page 1 of 1

Smart Card Fido U2F Applet

Posted: Tue Dec 13, 2016 1:18 am
by JavaCardOS
U2F is an open authentication standard that enables internet users to securely access any number of online services, with one single device, instantly and with no drivers or client software needed.

Fido U2F is a javacard applet which is a FIDO compliance program running in java smartcard platform.This code implements the FIDO U2F specifications being developed at, and it was based on U2FToken and ledger-u2f-javacard.

    1. You can also view this applet from GitHub or SourceForge.
    2. This Applet has been successfully compiled in JCIDE, and it has been tested with JC30M48CR.

Re: Smart Card Fido U2F Applet

Posted: Tue Dec 13, 2016 1:48 am
by Bob2002
The Mission of the FIDO (Fast IDentity Online) Alliance is to change the nature of online authentication by:

  • Developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users.
  • Operating industry programs to help ensure successful worldwide adoption of the Specifications.
  • Submitting mature technical Specification(s) to recognized standards development organization(s) for formal standardization.

Re: Smart Card Fido U2F Applet

Posted: Wed Feb 15, 2017 12:53 am
by tieuhaoluong
Hi all,
What's different from U2F Version 1.0 & 1.1?

Re: Smart Card Fido U2F Applet

Posted: Wed Feb 15, 2017 6:12 am
tieuhaoluong wrote:Hi all,
What's different from U2F Version 1.0 & 1.1?

From the name of specification, v1.1 is a Draft version.
For more technique details, you have to read the specifications and find out differents.

Re: Smart Card Fido U2F Applet

Posted: Sat Oct 20, 2018 8:09 am
by tay00000
I know that this is a rather old topic so probably I might be missing something.

I am recently deciding to test out U2F applet by @Javacardos and also the cards bought from @Javacardos.

Applet installed on card with no problems.

When I insert card into card reader and visited Yubico's U2F demo page (, I noticed that nothing is going through to the card and the reader as I am not registering any sort of commands being passed to the card.

Am I right that using card and reader by default on a web browser is not going to work until I do something like mentioned in an old post via
( ... &hilit=u2f) ?

Re: Smart Card Fido U2F Applet

Posted: Tue Oct 23, 2018 10:49 am
by tay00000
Probably some side knowledge in case people are wondering. I was reading something regarding how Windows handles USB drivers and it doesn't allow HID, CCID and mass storage access via the default Windows driver and thus Zadig must be used to swap out for a USB driver that allows WebUSB.

So no go for WebUSB and no one has come up with a working WebUSB with CCID for production grade solution yet.

Now what about the FIDO route ? Apparently it only supports HID tokens for contact insertion and NFC has to be done over a phone with NFC capability and a FIDO capable application like Google Auth installed and of course an NFC device with FIDO applet too. That is too much a hassle. Similarly, the BLE route is the least chosen due to it being not easy to obtain tokens with BLE. Similarly a phone with BLE and with a phone app and a BLE token must be used. So for desktop access ... no luck unless the hardware is capable of HID with FIDO settings for HID as well in it's HID descriptors.

Re: Smart Card Fido U2F Applet

Posted: Thu Jun 20, 2019 1:47 am
by moozoo
On the GitHub for this it says
"FidoU2F Javacard Applet for JCIDE users (tested with JC30M48CR) "

However to initialize the applet with a attestation Certificate you need to do a send that is 281 bytes long.
According to ... .php?t=924
"APDU buffer size: 261 bytes" which is too small
The send just hangs PyADPUtool

So I'm guessing "tested with JC30M48CR" wasn't very thorough?....

Windows 10 1903 recognizes the card with the applet via NFC But spits and error. Presumably because the attestation Certificate isn't set.
Also under Windows 10 1903 you need to run JCOSPanel as administrator because Windows will block any attempt to select the fido applet via its AID

I'm a javacard newbie. I want a full javacard fido2 applet so I'm looking at doing that myself and learn javacard along the way.