UpperNickel
commented
5 years ago I really want to see a FIDO2 support as well. Sadly it doesn't seem like anyone is working on it at this time :(
Closed jonathancross closed 1 year ago
UpperNickel
commented
5 years ago I really want to see a FIDO2 support as well. Sadly it doesn't seem like anyone is working on it at this time :(
My1
commented
4 years ago just as a quick update, apparently a public test version is coming in the "the coming weeks"
https://www.reddit.com/r/ledgerwallet/comments/gr6zxs/weird_things_in_u2f_applet/fryovyy
btchip
commented
4 years ago Yes, the app is currently undergoing an internal security review. It'll be available for testers as soon as this is done
My1
commented
4 years ago I honestly cant even wait, this will probably make the ledger into one of the best FIDO devices I have seen so far
mjuarez
commented
3 years ago Any chance of an update on progress? Super excited to try this out
keyneom
commented
3 years ago Are there ways to contribute here to help move things along or any sense of what is left to be completed? Any results from the security review?
jrbecart
commented
3 years ago It will never happen, it's been over 2 years already. it's the sad truth...
NHodgesVFX
commented
3 years ago Hopefully it does happen Microsoft accounts can now be password less with heavy preference on thier app but you can use other devices as well.
jonathancross
commented
3 years ago Yes, the app is currently undergoing an internal security review. It'll be available for testers as soon as this is done
@btchip Any updates on this? It's been more than a year. 😕
Qwertylex
commented
2 years ago bump
miguelrochefort
commented
2 years ago Will it work on iOS with Bluetooth?
allanbowe
commented
2 years ago I just tried a WebAuthn authentication using the Fido u2f app in ledger (on cloudflare) and - it works
Perhaps this issue can be closed?
jonathancross
commented
2 years ago @allanbowe Nice... thanks for the feedback. Did you compile from source code here? What version number did the app report?
@btchip Can you please confirm latest app code is here on GitHub? It has not changed since https://github.com/LedgerHQ/app-u2f/commit/561adacce62082875e89f241acbcb59a3c14639e Jan 21, 2020. You suggested FIDO2 was "Still on my backlog" on reddit 6 months after that, so I'm a bit confused.
allanbowe
commented
2 years ago @jonathancross, no, I just used the one from the ledger marketplace. I haven't tried using it from two ledgers at the same time, I'm hoping that will still work..
jonathancross
commented
2 years ago @allanbowe Please check the app version number so we can see if it matches code here.
My1
commented
2 years ago I think there may be a misunderstanding.WebAuthn (the browser component) is fundamentally compatible to the hardware side of U2F provided the site does not ask for FIDO2 specific elements. like User Verification for passwordless login or local storage of the credential data for usernameless login.
The FIDO U2F app provides a second factor based on the U2F Hardware protocols but not the extra things that FIDO2 opened up
Asoftyn
commented
1 year ago Is there any updates on this?
momenbasel
commented
1 year ago any updates to this? apple security keys requires FIDO2
My1
commented
1 year ago wait you can FINALLY secure your apple account with a standardized 2FA option? that's something I havent heard of.
momenbasel
commented
1 year ago wait you can FINALLY secure your apple account with a standardized 2FA option? that's something I havent heard of.
IOS 16.3 is expected to be released from beta testing next month. However, if you are interested in trying it now, you can enroll in their beta program. they require 2 keys for your AppleID. I got myself one Yubikey and thought would be cool to use ledger as the second key. but apparently, this will never happen.
My1
commented
1 year ago well with an ipad mini that wont be possible, lol (latest ios being 9.3.1 iirc) my problem is that I have an apple account for music and stuff and have no proper way of 2FAing it. hoping that I can run FIDO on it via the website and all
xchapron-ledger
commented
1 year ago A new Security Key application which support both U2F and FIDO2 has been published for NanoSp and Nanox.
My1
commented
1 year ago no Nano S?
xchapron-ledger
commented
1 year ago Nano S OS doesn't expose AES-SIV algo, which is needed by our implementation. It might come in a future OS, or be implemented on the app side, but for now as far as I know it is not planned.
allanbowe
commented
1 year ago The key cannot be re-initialised on a new device, right?
xchapron-ledger
commented
1 year ago The key cannot be re-initialised on a new device, right?
Good question, that depends on what you means by "the key". Please read the blog post, there is a dedicated section for limitation where this is tacked.
My1
commented
1 year ago Nano S OS doesn't expose AES-SIV algo, which is needed by our implementation. It might come in a future OS, or be implemented on the app side, but for now as far as I know it is not planned.
I would personally love so because the promise of FIDO2 was one of the reasons I even have a ledger.
aryasenna
commented
1 year ago @xchapron-ledger why doesn't the new WebAuthn app provide (encrypted) export/import of resident keys like OpenPGP app?
xchapron-ledger
commented
1 year ago @aryasenna You can raise an issue in the appropriate repository about this. This could be interesting. I think the FIDO2.1 spec allows it somehow. However, this won't be user friendly and therefore might only be used by very few users so I'm not sure I would be able to work on this but feel free to open a PR.
My1
commented
1 year ago if the important data (aside from the seed) is in the ceredentialid anyway, that could be used easily by using credMgmt to export all the credentialIDs and stuff to make that work no problem
xchapron-ledger
commented
1 year ago if the important data (aside from the seed) is in the ceredentialid anyway, that could be used easily by using credMgmt to export all the credentialIDs and stuff to make that work no problem
Data in credentialID is ciphered and therefore not usable without the seed. Anyway, I'm not sure how this could help doing what @aryasenna what proposing? As I supposed she was asking for a way to backup and then restore resident keys.
My1
commented
1 year ago which is why I said (aside from the seed), and that's kinda the point.
the point is if seed plus cred-id is enough to restore a credential, exporting the credential IDs and later importing the same credential IDs into a new ledger with the same seed should kinda work.
iirc trezor uses a similar solution on the T
xchapron-ledger
commented
1 year ago the point is if seed plus cred-id is enough to restore a credential, exporting the credential IDs and later importing the same credential IDs into a new ledger with the same seed should kinda work.
This is not the case. rk credentials id are lightweight ones as data should be stored in the authenticator, so no reason to send it back to the server. But I do agree, we could create an API to backup and restore these credentials.
My1
commented
1 year ago I see. I have seen authenticators making normal credential ids for resident keys too, so that deleting the resident key doesnt invalidate the key and it works if used in a non-resident manner (eg in a recovery flow) And also obviously make recovery easier as the cred id has everything
aryasenna
commented
1 year ago @aryasenna However, this won't be user friendly and therefore might only be used by very few users so I'm not sure I would be able to work on this but feel free to open a PR.
IMO We are way past "user-friendly" at the point of getting BTC hardware wallet and using it for WebAuthn 😂. Here be nerds. Nothing wrong with that Ledger is a cutting edge tech.
I will open issue, too bad we have to rely for community contribution, will be difficult since it's very niche, but I understand your point of view.
Per https://www.ledger.com/fido-u2f/