Page 1 of 1

Feitian's K9 FIDO token

Posted: Thu Oct 20, 2016 11:31 pm
by tay00000
I would like to suggest JavaCardOS team to consider stocking up some Feitian's K9 FIDO token with FIDO, OTP and JavaCard features. The K9 FIDO token contains an NXP JCOP J3E081 JavaCard chip with 80KB of EEPROM and the tiny USB form factor with it's ISO14443 NFC interface makes it a very portable and powerful JavaCard USB token + FIDO + OTP form factor. It has the usual RSA2048, AES256, ECC256 algorithms expected of a nice NXP chip and the USB form factor makes it very portable and it even comes with a ring hole for you to attach to your keychain.

I have contact with Feitian guys and I have ordered a couple of these K9 token which I am using and I find it very pleasant and nice to use. I have loaded a bunch of large JavaCard CAP files (70+ KB) which I am quite happy with although I had to sacrifice by deleting the FIDO and OTP applets.

When you / JavaCardOS team decides to place an order with the Feitian guys, please tell them to set the GP ENC Key = 404142434445464748494A4B4C4D4E4F, GP MAC Key = 404142434445464748494A4B4C4D4E4F, GP DEK Key = 404142434445464748494A4B4C4D4E4F and specify to the Feitian guys that you WANT TO ENABLE JavaCard development. If you do not give them the above specifications, they will use their proprietary GP key and you WILL NOT be able to load your own JavaCard applet because that happened by accident to me once before where they (Feitian) forget to load the correct GP keys and sent me a small batch with their proprietary key and I couldn't load my CAP files to use the JavaCard platform (JC 3.0).

Also, for those intending to use the nice little K9 tokens, it comes with a FIDO touch button and please do not touch the button if you are running your own applet. The touch button will deselect your running applet and load the Feitian OTP applet and do OTP stuff. JavaCardOS team may want to ask Feitian to provide their FIDO token toolkit which will allow users and JavaCardOS team to manually enter into a console to enable or disable the OTP button via switching the OTP mode on/off.

Highly recommended stuff for advanced JavaCard applet developers or someone wanting a USB token that has much more performance capabilities than the eJavaToken and also physically more comfortable and lighter to carry around.

Highly recommended to put a stock inside the JavaCardOS store :) .


Re: Feitian's K9 FIDO token

Posted: Thu Oct 20, 2016 11:40 pm
by tay00000
Here is an image of my personal copy of K9.

Re: Feitian's K9 FIDO token

Posted: Fri Oct 21, 2016 6:22 am
by JavaCardOS
Thank you very much for your excellent suggestions and detailed prompt.
Our business department will do a fully research and talk over with FEITIAN ASAP.
Welcome all of your other valuable comments and suggestions which will be enormously helpful to our website. Much appreciated!

Re: Feitian's K9 FIDO token

Posted: Tue Nov 01, 2016 4:54 am
by tay00000
Additional note/Latest update. J3E081_M64 NXP chip used in K9 is CC EAL 5+ certified from my recent contacts with Feitian people but the entire K9 token itself as a complete solution has not been CC EAL or FIPS certified.

Re: Feitian's K9 FIDO token

Posted: Tue Jan 07, 2020 5:08 am
by xaduha
( Sorry for necroposting, if you know a better place to post this to please tell me )

I've recently received a dev version of K9, S/N starts with 190521S. Problem is that they send those now without any applets, so other than a blank reader/card 2-in-1 there isn't much use for it. Cards and readers I have already, I was mainly buying it for usb U2F functionality, I really didn't expect that it wouldn't work. Do I understand it correctly that even when not in CCID mode it supposed to communicate with a (proprietary?) applet that I don't have?

Re: Feitian's K9 FIDO token

Posted: Wed Jan 08, 2020 12:21 am
by tay00000
There is no known method of accessing the U2F capacitive touch button on the K9 because the access method to the touch button is proprietary to Feitian.

You only have Java card smart card CCID access. Entire FIDO function is proprietary only to Feitian including the HID and touch button access which these HID and touch button are tightly integrated with Feitian U2F applet and touch capable access. The removal of the applet from the K9 will render the HID and entire U2F component inaccessible.

Re: Feitian's K9 FIDO token

Posted: Wed Jan 08, 2020 1:57 am
by xaduha
That's a pity. I was at least hoping I could install open-source U2F applet to just use over NFC, I've had some success with it when using this with javacards, but I'm running into issues when trying to make it work with K9.

Applet itself installs without errors, but personalisation script doesn't ...

EDIT: nevermind, it finished fine when I used a contactless reader, not sure if it's normal or not though.