NFC Support

[audunmg]

I just discovered I can use PIV and openPGP on the built-in nfc reader on my laptop in CCID mode.

The only thing I miss is using the yubioath-desktop on the nfc reader as well.

It would be so cool if it would work :)

[dagheyman]

Fully agreed that we want to support this, it's on the roadmap. No ETA yet though.

[rmenessec]

Would love to see this as well!

[graealex]

+1 for this request. As far as I see, the Yubikey Authenticator application is already talking to the Yubikey over CCID when connected over USB, and reviewing the code, the only change required should be in open_devices in ccid_driver.py to also include generic NFC readers. Right? It's probably not necessary to include slot-based OATH. Slot-based seems like it uses a different transport.

[dagheyman]

While this is still on the roadmap for the GUI (next major version probably), the latest release of the command line tool ykman includes a flag to specify the smart card reader. To try it out with an external NFC reader:

$ ykman --reader [READERNAME] oath code

[audunmg]

Thanks, it works perfectly!

[matthewmb]

+1, my laptop can read the yubikey with NFC, and it would be awesome if authenticator recognised it

[dagheyman]

Experimental support for this is available in version 5.0.0, by specifying an external smart card reader under settings.

[matthewmb]

Version 5.0.0 is working for me, using the custom CCID settings. However, I had to disable NFC OTP interface on the yubikey to get it to work (using the yubikey manager).

With NFC OTP enabled, windows 10 jumps in with a 'tap to receive content from another device', which then opens up a browser to https://demo.yubico.com/yk/ and the OTP. It seems like Yubico Authenticator never receives the information in this situation.

I use NFC OTP with Lastpass on mobile, so I can't disable this. Any ideas?

[dagheyman]

@matthewmb Interesting, will have to investigate this scenario a bit. What reader/laptop are you using?

[graealex]

That's really clumsy. The authenticator should be able to find an OATH-TOTP app on any qualifying smart card on any connected reader, including the builtin virtual USB card reader when plugging the key directly into the computer. It should also not immediately remove the still-valid codes after removal of the device from the NFC reader.

Besides, why has the 5.0 release become unintelligible bloatware? The text is barely readable. These are still desktop apps, no need to get too fancy.

[matthewmb]

@dagheyman my laptop is a Dell Latitude 7490, the built in NFC reader is Broadcom. The most detailed information I could find is here..

Other relevant info: Yubikey 5 NFC, default configuration. Windows 10 Pro, 1803.