is_fido function

[shimritd]

hi,

in the is_fido function we have: return (usage_page == 0xf1d0);

well, it worked perfect but suddenly i get 1 as the device usage_page and therefor this condition returns false. any idea what can be the reason? i updated windows yesterday, this is the only reason i can think of...

thanks, Shimrit

[martelletto]

On 03/10/2019 22:48, shimritd wrote:

hi,

in the is_fido function we have: return (usage_page == 0xf1d0);

well, it worked perfect but suddenly i get 1 as the device usage_page and therefor this condition returns false. any idea what can be the reason? i updated windows yesterday, this is the only reason i can think of...

thanks, Shimrit

Hi Shimrit,

I am currently on vacation, and can take a closer look once I am back. In the meantime: did you upgrade to Windows 1903? Do you observe a difference in behaviour if you run the application in administrator mode?

-p.

[shimritd]

Yes, it's 1903...

I'll try to check it running as admin. Thanks

בתאריך 4 באוק׳ 2019 12:29,‏ pedro martelletto notifications@github.com כתב: On 03/10/2019 22:48, shimritd wrote:

hi,

in the is_fido function we have: return (usage_page == 0xf1d0);

well, it worked perfect but suddenly i get 1 as the device usage_page and therefor this condition returns false. any idea what can be the reason? i updated windows yesterday, this is the only reason i can think of...

thanks, Shimrit

Hi Shimrit,

I am currently on vacation, and can take a closer look once I am back. In the meantime: did you upgrade to Windows 1903? Do you observe a difference in behaviour if you run the application in administrator mode?

-p.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/Yubico/libfido2/issues/61?email_source=notifications&email_token=ADF6K3KCVLKO3T7RFQWPRCLQM4LG5A5CNFSM4I5ICAZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEALHMPA#issuecomment-538342972, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ADF6K3P5SWIOG56LAJNBANDQM4LG5ANCNFSM4I5ICAZA.

[prusnak]

@shimritd any news?

[shimritd]

Hi,

This is what I got when I printed all devices in manifest (I commented the is_fido function):

\?\hid#vid_1050&pid_0407&mi_01#7&157bc0b2&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}: vendor=0x1050, product=0x0407 (Yubico YubiKey OTP+FIDO+CCID) \?\hid#vid_1050&pid_0407&mi_00#7&28abdcf0&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}\kbd: vendor=0x1050, product=0x0407 (Yubico YubiKey OTP+FIDO+CCID)

See the \kbd at the end of the path in the second line. Why there are two lines if there is only one yubikey connected?

I re-install the hid device from device manager and now it is ok…

From: Pavol Rusnak notifications@github.com Sent: Tuesday, October 22, 2019 6:44 PM To: Yubico/libfido2 libfido2@noreply.github.com Cc: Shimrit Tzur-David Shimritd@doubleoctopus.com; Mention mention@noreply.github.com Subject: Re: [Yubico/libfido2] is_fido function (#61)

@shimritdhttps://github.com/shimritd any news?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Yubico/libfido2/issues/61?email_source=notifications&email_token=ADF6K3I3JI27C5PAABG7EZLQP4NS5A5CNFSM4I5ICAZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEB6G6MQ#issuecomment-545025842, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADF6K3KOSWXVSZIATWULK43QP4NS5ANCNFSM4I5ICAZA.

[shimritd]

We have another problem with a customer that bought Yubikey with the new firmware (5.2.4). They fail on fido_dev_is_fido2. Could it be that the attr.flags of the device was changed?

We will buy Yubikeys with the same firmware to check it but can you say if you know that problem?

Shimrit

From: Pavol Rusnak notifications@github.com Sent: Tuesday, October 22, 2019 6:44 PM To: Yubico/libfido2 libfido2@noreply.github.com Cc: Shimrit Tzur-David Shimritd@doubleoctopus.com; Mention mention@noreply.github.com Subject: Re: [Yubico/libfido2] is_fido function (#61)

@shimritdhttps://github.com/shimritd any news?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Yubico/libfido2/issues/61?email_source=notifications&email_token=ADF6K3I3JI27C5PAABG7EZLQP4NS5A5CNFSM4I5ICAZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEB6G6MQ#issuecomment-545025842, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADF6K3KOSWXVSZIATWULK43QP4NS5ANCNFSM4I5ICAZA.

[martelletto]

On 23/10/2019 11:50, shimritd wrote:

We have another problem with a customer that bought Yubikey with the new firmware (5.2.4). They fail on fido_dev_is_fido2. Could it be that the attr.flags of the device was changed?

We will buy Yubikeys with the same firmware to check it but can you say if you know that problem?

Shimrit

Hi Shimrit,

We are not aware of any problem concerning 5.2.4 and fido_dev_is_fido2(). I quickly tested it on a 5.2.4 device and it works as expected. Could the customer have disabled FIDO2 using YubiKey Manager?

-p.

[shimritd]

No, we had a remote session with them, and we asked them to open YubiKey Manager, FIDO2 was set. And I still have problems with the is_fido() function, it cannot identify my key. I tried to uninstall the device from device manager, it solved the problem but now it happened again. Any clue?

From: pedro martelletto notifications@github.com Sent: Wednesday, October 23, 2019 2:20 PM To: Yubico/libfido2 libfido2@noreply.github.com Cc: Shimrit Tzur-David Shimritd@doubleoctopus.com; Mention mention@noreply.github.com Subject: Re: [Yubico/libfido2] is_fido function (#61)

On 23/10/2019 11:50, shimritd wrote:

We have another problem with a customer that bought Yubikey with the new firmware (5.2.4). They fail on fido_dev_is_fido2. Could it be that the attr.flags of the device was changed?

We will buy Yubikeys with the same firmware to check it but can you say if you know that problem?

Shimrit

Hi Shimrit,

We are not aware of any problem concerning 5.2.4 and fido_dev_is_fido2(). I quickly tested it on a 5.2.4 device and it works as expected. Could the customer have disabled FIDO2 using YubiKey Manager?

-p.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Yubico/libfido2/issues/61?email_source=notifications&email_token=ADF6K3KGAAELLWV7UJD4MSDQQAXPNA5CNFSM4I5ICAZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECBBJSI#issuecomment-545395913, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADF6K3OEKCHNPJHWMQIDEXLQQAXPNANCNFSM4I5ICAZA.

[shimritd]

I forget to say that I cannot reset the key with the YubiKey Manager on my PC, I’m getting an error. The Yubikey can be reset on another PC.

From: pedro martelletto notifications@github.com Sent: Wednesday, October 23, 2019 2:20 PM To: Yubico/libfido2 libfido2@noreply.github.com Cc: Shimrit Tzur-David Shimritd@doubleoctopus.com; Mention mention@noreply.github.com Subject: Re: [Yubico/libfido2] is_fido function (#61)

On 23/10/2019 11:50, shimritd wrote:

We have another problem with a customer that bought Yubikey with the new firmware (5.2.4). They fail on fido_dev_is_fido2. Could it be that the attr.flags of the device was changed?

We will buy Yubikeys with the same firmware to check it but can you say if you know that problem?

Shimrit

Hi Shimrit,

We are not aware of any problem concerning 5.2.4 and fido_dev_is_fido2(). I quickly tested it on a 5.2.4 device and it works as expected. Could the customer have disabled FIDO2 using YubiKey Manager?

-p.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Yubico/libfido2/issues/61?email_source=notifications&email_token=ADF6K3KGAAELLWV7UJD4MSDQQAXPNA5CNFSM4I5ICAZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECBBJSI#issuecomment-545395913, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADF6K3OEKCHNPJHWMQIDEXLQQAXPNANCNFSM4I5ICAZA.

[martelletto]

Hi Shimrit,

This is what I observe on a Windows 1903 (build 19008.1) VM running libfido2 HEAD against a YubiKey 5.2.4:

• If I execute 'fido2-token -L' without administrator privileges, the application is unable to see the key, let alone communicate with it. This is a known problem in Windows 1903, as it restricts access to FIDO HID devices to applications using its native FIDO API or applications running in administrator mode (see issue #34);
• If I execute 'fido2-token L' with administrator privileges, the application sees one YubiKey;
• If I execute 'fido2-token -I ' with administrator privileges, the application correctly identifies the YubiKey as a FIDO2 device.

Regarding the issues described:

• Did you modify is_fido() or comment out its invocation? If so, it is possible the library is detecting the OTP interface (keyboard) as FIDO, which would explain the two devices listed for a single key (and the \kbd suffix on the second one);
• Could the failure to reset be caused by the 5-second rule (see issue #15)?

Thank you,

-p.

[shimritd]

Thanks a lot! We solved the problem. We updated Yubikey Manager and we run as admin and it works.

BUT, we bought the new keys with firmware 5.2.4 as our customer has. It doesn’t work for us either… Even if we execute only info.exe from libfido2-master lib, we get an error on parse_reply_element where we get into the default case… Any reason you can think of?

Thanks!

From: pedro martelletto notifications@github.com Sent: Wednesday, October 23, 2019 4:55 PM To: Yubico/libfido2 libfido2@noreply.github.com Cc: Shimrit Tzur-David Shimritd@doubleoctopus.com; Mention mention@noreply.github.com Subject: Re: [Yubico/libfido2] is_fido function (#61)

Hi Shimrit,

This is what I observe on a Windows 1903 (build 19008.1) VM running libfido2 HEAD against a YubiKey 5.2.4:

• If I execute 'fido2-token -L' without administrator privileges, the application is unable to see the key, let alone communicate with it. This is a known problem in Windows 1903, as it restricts access to FIDO HID devices to applications using its native FIDO API or applications running in administrator mode (see issue #34https://github.com/Yubico/libfido2/issues/34);
• If I execute 'fido2-token L' with administrator privileges, the application sees one YubiKey;
• If I execute 'fido2-token -I ' with administrator privileges, the application correctly identifies the YubiKey as a FIDO2 device.

Regarding the issues described:

• Did you modify is_fido() or comment out its invocation? If so, it is possible the library is detecting the OTP interface (keyboard) as FIDO, which would explain the two devices listed for a single key (and the \kbd suffix on the second one);
• Could the failure to reset be caused by the 5-second rule (see issue #15https://github.com/Yubico/libfido2/issues/15)?

Thank you,

-p.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Yubico/libfido2/issues/61?email_source=notifications&email_token=ADF6K3P2UFTH7ELPRQLEKJDQQBJULA5CNFSM4I5ICAZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECBP6FY#issuecomment-545455895, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADF6K3I6NU6OOUJDSGC2NUDQQBJULANCNFSM4I5ICAZA.

[martelletto]

Are you running with commit 325ef43f, from June 10? The described behaviour suggests otherwise.

-p.

[shimritd]

We downloaded the latest version from https://github.com/Yubico/libfido2

I’m running your cred and assert examples, both pass with uv=false but fail with uv=true. This is true only with the new firmware: 5.2.4. I tried to set a pin both via the YubiKey Manager and also via setpin.exe, same behavior.

Can you please check?

Thanks, Shimrit

From: pedro martelletto notifications@github.com Sent: Friday, October 25, 2019 1:25 PM To: Yubico/libfido2 libfido2@noreply.github.com Cc: Shimrit Tzur-David Shimritd@doubleoctopus.com; Mention mention@noreply.github.com Subject: Re: [Yubico/libfido2] is_fido function (#61)

Are you running with commit 325ef43https://github.com/Yubico/libfido2/commit/325ef43f3ffd3d9636de9292136136d2a90447c7, from June 10? The described behaviour suggests otherwise.

-p.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Yubico/libfido2/issues/61?email_source=notifications&email_token=ADF6K3IE5ONGOJZSUKH5XQTQQLCRNA5CNFSM4I5ICAZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECH5QOA#issuecomment-546297912, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADF6K3NVF3DP6CLOFZGH7NDQQLCRNANCNFSM4I5ICAZA.

[shimritd]

Any news? I’m attaching here the output of info.exe on both keys. Both work properly with uv=false. Only the old one works with uv=true (or with ext!=0).

This one doesn’t work with uv=true:

proto: 0x02 major: 0x05 minor: 0x02 build: 0x04 caps: 0x05 (wink, cbor, msg) version strings: U2F_V2, FIDO_2_0, FIDO_2_1_PRE extension strings: credProtect, hmac-secret aaguid: 2fc0579f811347eab116bb5a8db9202a options: rk, up, noplat, clientPin, credentialMgmtPreview maxmsgsiz: 1200 pin protocols: 1 This is the error we get: fido_makecred: FIDO_ERR_UNSUPPORTED_OPTION (0x2b)

This one works in all cases:

proto: 0x02 major: 0x05 minor: 0x01 build: 0x02 caps: 0x05 (wink, cbor, msg) version strings: U2F_V2, FIDO_2_0 extension strings: hmac-secret aaguid: fa2b99dc9e3942578f924a30d23c4118 options: rk, up, noplat, clientPin maxmsgsiz: 1200 pin protocols: 1

We will be happy to get some help here… we have a customer which we send to buy the new Yubikey and the solution doesn’t work…

Thanks a lot!

[cid:image008.png@01D58F3C.B8A7EBC0]https://doubleoctopus.com/?utm_source=email%20signature&utm_campaign=Aug%2019 Shimrit Tzur-David | CTO [cid:image009.png@01D58F3C.B8A7EBC0] shimritd@doubleoctopus.commailto:#%20%20shimritd@doubleoctopus.com [cid:image010.png@01D58F3C.B8A7EBC0] Direct demo scheduling https://doubleoctopus.com/start-free-demo-video/?utm_source=email%20signature&utm_campaign=Aug%2019 [cid:image011.png@01D58F3C.B8A7EBC0]https://twitter.com/double_octopus [cid:image012.png@01D58F3C.B8A7EBC0] https://www.linkedin.com/company/secret-double-octopus/ [cid:image013.png@01D58F3C.B8A7EBC0] https://www.facebook.com/SecretDoubleOctopus [cid:image014.png@01D58F3C.B8A7EBC0] https://vimeo.com/doubleoctopus

From: Shimrit Tzur-David Sent: Tuesday, October 29, 2019 1:27 PM To: Yubico/libfido2 reply@reply.github.com; Yubico/libfido2 libfido2@noreply.github.com Cc: Mention mention@noreply.github.com Subject: RE: [Yubico/libfido2] is_fido function (#61)

We downloaded the latest version from https://github.com/Yubico/libfido2

I’m running your cred and assert examples, both pass with uv=false but fail with uv=true. This is true only with the new firmware: 5.2.4. I tried to set a pin both via the YubiKey Manager and also via setpin.exe, same behavior.

Can you please check?

Thanks, Shimrit

From: pedro martelletto notifications@github.com<mailto:notifications@github.com> Sent: Friday, October 25, 2019 1:25 PM To: Yubico/libfido2 libfido2@noreply.github.com<mailto:libfido2@noreply.github.com> Cc: Shimrit Tzur-David Shimritd@doubleoctopus.com<mailto:Shimritd@doubleoctopus.com>; Mention mention@noreply.github.com<mailto:mention@noreply.github.com> Subject: Re: [Yubico/libfido2] is_fido function (#61)

Are you running with commit 325ef43https://github.com/Yubico/libfido2/commit/325ef43f3ffd3d9636de9292136136d2a90447c7, from June 10? The described behaviour suggests otherwise.

-p.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Yubico/libfido2/issues/61?email_source=notifications&email_token=ADF6K3IE5ONGOJZSUKH5XQTQQLCRNA5CNFSM4I5ICAZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECH5QOA#issuecomment-546297912, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADF6K3NVF3DP6CLOFZGH7NDQQLCRNANCNFSM4I5ICAZA.

[martelletto]

Hi Shimrit,

On 30/10/2019 15:12, shimritd wrote:

fido_makecred: FIDO_ERR_UNSUPPORTED_OPTION (0x2b)

It definitely looks like you are running an older version of libfido2. A couple of questions:

• What is the output of fido2-token -V?
• Are you building from git master HEAD, a specific tag, or downloading the provided binary libraries?

In the meantime, I will try to reproduce the problem with the latest available release of libfido2 (1.2.0) which, if I recall correctly, should not have this problem.

-p.

[martelletto]

Hi,

I was able to use fido2-cred.exe from https://developers.yubico.com/libfido2/Releases/libfido2-1.2.0-win64.zip to generate a credential on a key with firmware 5.2.4.

A third question: is your application calling fido_cred_set_options() and setting UV to true? If so, you may want to set UV to false, or use fido_assert_set_up() and fido_assert_set_uv() instead. I believe there is a difference in behaviour between 5.2.4 and previous versions that could be causing the problem you are observing.

-p.

[shimritd]

Hi,

I’m building it from git master HEAD.

Maybe we have a hint here…

I’m using your example directory where cred.c for example calls the functions in src/cred.c. So I’m running cred.exe that was built out of example/cred.c and not the files from the tools directory. That should also work?

From: pedro martelletto notifications@github.com Sent: Wednesday, October 30, 2019 4:36 PM To: Yubico/libfido2 libfido2@noreply.github.com Cc: Shimrit Tzur-David Shimritd@doubleoctopus.com; Mention mention@noreply.github.com Subject: Re: [Yubico/libfido2] is_fido function (#61)

Hi Shimrit,

On 30/10/2019 15:12, shimritd wrote:

fido_makecred: FIDO_ERR_UNSUPPORTED_OPTION (0x2b)

It definitely looks like you are running an older version of libfido2. A couple of questions:

• What is the output of fido2-token -V?
• Are you building from git master HEAD, a specific tag, or downloading the provided binary libraries?

In the meantime, I will try to reproduce the problem with the latest available release of libfido2 (1.2.0) which, if I recall correctly, should not have this problem.

-p.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Yubico/libfido2/issues/61?email_source=notifications&email_token=ADF6K3P36SYZA2ABKSCMXPTQRGLUJA5CNFSM4I5ICAZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECUNOOY#issuecomment-547936059, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADF6K3MT4DP6RIW4PKNBY6TQRGLUJANCNFSM4I5ICAZA.

[martelletto]

Yes, that should also work. You will get FIDO_ERR_UNSUPPORTED_OPTION from examples/cred if you pass it -v on a YubiKey, as the YubiKey does not support UV as understood by FIDO2.

[shimritd]

I'm confused... User verification is not supported by Yubikey? Doesn't uv flag mean pin code verification? And what about hmac-secret extension? Both works at the previous version of the key

בתאריך 30 באוק׳ 2019 18:29,‏ pedro martelletto notifications@github.com כתב:

Yes, that should also work. You will get FIDO_ERR_UNSUPPORTED_OPTION from examples/cred if you pass it -v on a YubiKey, as the YubiKey does not support UV as understood by FIDO2.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Yubico/libfido2/issues/61?email_source=notifications&email_token=ADF6K3L7AB5AGLOALNLSVV3QRGY7HA5CNFSM4I5ICAZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECU3XJA#issuecomment-547994532, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADF6K3IZCDR5QRSGP76FZZDQRGY7HANCNFSM4I5ICAZA.

[shimritd]

May we have a short phone call in about 2 hours?

בתאריך 30 באוק׳ 2019 19:23,‏ Shimrit Tzur-David Shimritd@doubleoctopus.com כתב: I'm confused... User verification is not supported by Yubikey? Doesn't uv flag mean pin code verification? And what about hmac-secret extension? Both works at the previous version of the key

בתאריך 30 באוק׳ 2019 18:29,‏ pedro martelletto notifications@github.com כתב:

Yes, that should also work. You will get FIDO_ERR_UNSUPPORTED_OPTION from examples/cred if you pass it -v on a YubiKey, as the YubiKey does not support UV as understood by FIDO2.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Yubico/libfido2/issues/61?email_source=notifications&email_token=ADF6K3L7AB5AGLOALNLSVV3QRGY7HA5CNFSM4I5ICAZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECU3XJA#issuecomment-547994532, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADF6K3IZCDR5QRSGP76FZZDQRGY7HANCNFSM4I5ICAZA.

[martelletto]

Hi,

UV means the device is "capable of verifying the user within itself"; ClientPIN means PIN code verification: https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorGetInfo

How are you trying to use hmac-secret?

Regarding a phone call, please contact Yubico's support at https://www.yubico.com/support/contact/.

-p.

[shimritd]

Ok, thank. We simply set -h in cred.exe. It fails when ext!=0...

בתאריך 30 באוק׳ 2019 20:05,‏ pedro martelletto notifications@github.com כתב:

Hi,

UV means the device is "capable of verifying the user within itself"; ClientPIN means PIN code verification: https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorGetInfo

How are you trying to use hmac-secret?

Regarding a phone call, please contact Yubico's support at https://www.yubico.com/support/contact/.

-p.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Yubico/libfido2/issues/61?email_source=notifications&email_token=ADF6K3LMWQ3PCMJPJ4743WDQRHEGXA5CNFSM4I5ICAZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECVHEHA#issuecomment-548041244, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADF6K3JTCJZNCYAFNUPOYDLQRHEGXANCNFSM4I5ICAZA.

[shimritd]

We register with ext=0, and authenticate with hmac-secret and it works, thanks!

From: pedro martelletto notifications@github.com Sent: Wednesday, October 30, 2019 8:06 PM To: Yubico/libfido2 libfido2@noreply.github.com Cc: Shimrit Tzur-David Shimritd@doubleoctopus.com; Mention mention@noreply.github.com Subject: Re: [Yubico/libfido2] is_fido function (#61)

Hi,

UV means the device is "capable of verifying the user within itself"; ClientPIN means PIN code verification: https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorGetInfo

How are you trying to use hmac-secret?

Regarding a phone call, please contact Yubico's support at https://www.yubico.com/support/contact/.

-p.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Yubico/libfido2/issues/61?email_source=notifications&email_token=ADF6K3LMWQ3PCMJPJ4743WDQRHEGXA5CNFSM4I5ICAZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECVHEHA#issuecomment-548041244, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADF6K3JTCJZNCYAFNUPOYDLQRHEGXANCNFSM4I5ICAZA.

[martelletto]

Hi,

Great to hear! I will close this issue, then. If anything else pops up, let me know.

-p.