SoftU2F-Win is a software U2F authenticator for Windows. It emulates a hardware U2F HID device and performs cryptographic operations using the DPAPI. This tool works with Google Chrome. Running on other browsers hasn't been tested.
We take the security of this project seriously. Report any security vulnerabilities to open-source@watfaq.com
Please use it for production environment on your own risk
Download the latest driver and daemon release at Driver Release
Run the driver-install.ps1
in elevated powershell to install the driver. (Run Set-ExecutionPolicy RemoteSigned
if needed)
The app runs in the background. When a site loaded in a U2F-compatible browser attempts to register or authenticate with the software token, you'll see a notification asking you to accept or reject the request. You can experiment on Yubico's U2F demo site.
db.unprotected.sqlite
. You can find the databases under $HOME\AppData\Roaming\SoftU2FDaemon
This is a port of https://github.com/github/SoftU2F.
Instead of macOS Keychain, we store data using Windows DPAPI, which is designed by Microsoft Windows to store data data such as passwords, keys, and connection strings.
For more infomation of DPAPI: https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.protecteddata?view=netframework-4.8#remarks
A note from Github Team
Install:
Download and tutorials can be found at: https://docs.microsoft.com/en-us/windows-hardware/drivers/gettingstarted/writing-a-very-small-kmdf--driver
And you should be able to compile the driver in Visual Studio.
Daemon is just an NET Core project, no extra requirement other than developing a normal NET Core apps.
Every website using U2F has an app-ID. For example, the app-ID of Yubico's U2F demo page is https://demo.yubico.com
. When the low-level U2F authenticator receives a request to register/authenticate a website, it doesn't receive the friendly app-ID string. Instead, it receives a SHA256 digest of the app-ID. To be able to show a helpful alert message when a website is trying to register/authenticate, a list of app-ID digests is maintained in this repository. You can find the list here. If your company's app-ID is missing from this list, open a pull request to add it.
This project is Unlicensed yet.
Lots of credits to the original work of SoftU2F done by Github team.