Open MichaelBuckley opened 11 months ago
jensutbult
commented
10 months ago We've investigated writing a USBDriverKit driver for the SDK. Unfortunately we've come to the conclusion that the user experience that comes along with installing the driver is pretty bad and it's not really worth the effort. With that being said if you implemented the driver and we got an api similar to the TKSmartCard one it should be a fairly small effort integrating it in the SDK.
MichaelBuckley
commented
10 months ago @jensutbult Thank you for responding.
It makes sense that you explored this option already, and yes, I'm aware how terrible the driver install experience is. However, for our product, users are already going through a lot to set up their Yubikeys. Generating SSH keys on a computer, copying the private key file over to the phone, and importing it into our app. Even with a bad driver install experience, our customers that are upgrading to iPhone 15 are losing funcionality, and my feeling is that they're willing to jump through the driver install to get it back.
Are you aware of any YubiKey-specific documentation that would help write the driver? I've written DriverKit drivers for HIG joysticks, but that's the extent of my experience. I don't know where to start writing drivers for the YubiKey specifically.
jensutbult
commented
10 months ago I think the easiest way forward is looking into how the YKFAccessoryConnection is implemented in the SDK.
jensutbult
commented
8 months ago Did you make any progress @MichaelBuckley? Anything I can assist you with?
MichaelBuckley
commented
8 months ago @jensutbult Sorry, not yet. Because of how much work it was going to take, the feature got delayed to a later release, so I've been working on other things.
But thank you for asking. I will let you know when I make progress.
Hello,
With the iPhone 15 using a USB-C port instead of a lightning port, our users can no longer authenticate using FIDO2 within our app, except when using an NFC YubiKey. However, this leaves YubiKey 5ci users unable to authenticate.
Because this is SSH authentication instead of web authentication, we cannot embed a WKWebView to provide authentication. We've tried many things in an attempt to get this to work, but ultimately, since FIDO2 isn't supported over the smart card interface, it appears to not be possible.
I suspect this would require writing a DriverKit driver for YubiKey 5ci devices. I would be happy to help in this effort, but while I have some experience writing DriverKit code, I don't know anything about the internals of the YubiKey, and I don't know where to find any documentation, if it exists.
https://developer.apple.com/documentation/driverkit