This code implements the FIDO U2F specifications being developed at http://fidoalliance.org/. This code is intended as a reference and resource for developers who are interested in exploring U2F. The code consists of the following components:
This code can verify U2F registrations and signatures. A web application built to accept U2F 2nd factor is built on top of a code base such as this. The code base includes a trivial web application so the user can experiment with registration and signatures (also see the sample web app below).
This is a Java implementation of a U2F device. It generates registration and signature statements and is meant for testing against your server implementation. A physical U2F device will generate similar statements.
This is a sample application built on the Google App Engine web platform which demonstrates a possible UX for user interaction with U2F in a web page. The sample application is deployed and available live at https://u2fdemo.appspot.com/. The underlying U2F capability is provided by the Java U2F implementation. A developer can take the core ideas from here and integrate U2F into a web application on their own favorite web app platform.
u2f-ref-code is a self contained java project that includes a basic web server
and includes packages for all crypto, utilities, etc. It does not need to run
in a container or application server like Tomcat. To run the demo server, run
the main class in com.google.u2f.tools.httpserver.U2fHttpServer
To compile and run the server in Eclipse, import the Maven project into your
workspace. You may need to fix the classpath if your version of JDK is
different (this has been tested with Java 1.7). The simple demo web server is
in com.google.u2f.tools.httpserver.U2fHttpServer.java
and runs on port
To run directly with Maven, run mvn compile exec:java
from the u2f-ref-code
directory.
The u2f-gae-demo project is a sample application built on the Google App Engine web platform which demonstrates a possible UX for user interaction with U2F in a web page.
To start the development server with Maven, run mvn appengine:devserver
. This
will run the server locally at http://localhost:8888/
.
As above, if importing the Maven project into Eclipse you might have to adjust
JDK versions, App Engine SDK version, etc. Once everything compiles, you can run
the App Engine server locally and point Google Chrome at http://localhost:8888/
.
The built-in support for U2F in Google Chrome only works on HTTPS sites. To test
the app on http://localhost:8888
, which uses HTTP, you need to do the following:
Quit all instances of Google Chrome.
Restart Google Chrome with the --show-component-extension-options
command-line flag.
Navigate to chrome://extensions
and enable Developer Mode
by clicking a
checkbox in the top right corner.
Find the CryptoTokenExtension
extension.
Click on "background page". This will open a Developer Tools window, including a Console.
In the console, type:
HTTP_ORIGINS_ALLOWED = true;
Then, point your browser at http://localhost:8888/
You can deploy this App Engine app to your own domain by changing the application
name in u2f-gae-demo/war/WEB-INF/appengine-web.xml
.