Is Challenge Response (HMACSHA1) now possible via USB-C on iPads?

[strongbox-mark]

Hi, we develop a password manager which can use a YubiKey to protect a users passwords. This is done via HMACSHA1 Challenge Response and currently works over Lightning and NFC. Unfortunately, as you are probably aware, CR doesn't or wasn't supported on iPads due to iOS USB-C limitations.

We've had a good few users now come to us in the past few days asking us if this limitation has been removed or changed... This seems to have been inspired by a recent update to the Yubico Authenticator app who's changelog looks like this:

We can't find any indication of a change here in the SDK, so we thought we'd ask here if anything has changed, if USB-C based Challenge Response in now possible on iOS 16?

Thanks!

[jensutbult]

We use TKSmartCard in the SDK and the iOS Authenticator app to communicate with the YubiKey over USB-C. This only support CCID so you'll only be able to connect to the PIV, OATH and management application on the YubiKey. Unfortunately the functionality you're referring to uses a different USB interface, so it will not work. The TKSmartCard support in the SDK will be released in a few days but it's already merged into the main branch if you want to experiment.

[metawops]

So what does this mean for us end users of the Strongbox app on iPads with USB-C interface? I understand that it's still not possible despite the apparently good news from YubiCo, right? But do I understand it right that this is now just a software issue "on top of" iPadOS 16 and no longer an iPadOS or Apple topic? So this will come in the future? 😳