love-code-yeyixiao
commented
1 month ago Please make sure this option "RestrictDevices" is disabled and this "OpenDevCMApi" is enabled.
Open Atreju007 opened 1 month ago
love-code-yeyixiao
commented
1 month ago Please make sure this option "RestrictDevices" is disabled and this "OpenDevCMApi" is enabled.
Atreju007
commented
1 month ago Despite setting the two options, it does not work. The error message is identical to the previous one. This is the relevant part of Sandboxie.ini:
[Fido2_Passkey]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E458B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#02f6f6,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoRecover=y
RestrictDevices=n
OpenDevCMApi=y
offhub
commented
1 month ago Add the following setting to your configuration and try it again.
OpenIpcPath=firefox.exe,\RPC Control\keysvcOR
OpenIpcPath=\RPC Control\keysvcSandboxie Plus > Right click on the box > Sandbox Options Resoruce Access > IPC > Add IPC Path : \RPC Control\keysvc OK
offhub
commented
1 month ago There is already a template for Yubikey Authentication.
Template=YubikeySandboxie Plus > Right click on the box > Sandbox Options App Templates > Templates > Select: Yubikey Authentication OK
Atreju007
commented
1 month ago Thanks for the hint. The option Template=Yubikey was all it took to make it usable in a sandboxed Firefox.
Does the option Template=Yubikey work for all FIDO2-compliant security keys? If so, it would be useful for other laymen when the template name could be revised to point out the compatibility.
This is the part of Sandboxie.ini which worked in the end:
[Fido2_Passkey]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E458B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#02f6f6,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=LingerPrograms
Template=AutoRecoverIgnore
Template=Yubikey
ConfigLevel=10
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoRecover=y
Describe what you noticed and did
How often did you encounter it so far?
Always
Expected behavior
It is expected that the registration and application of FIDO2 passkeys hardware token should be possible when Firefox is running in a sandbox.
Affected program
Firefox 128.0 (64-bit)
Download link
https://download.mozilla.org/?product=firefox-latest-ssl&os=win64&lang=en-US
Where is the program located?
Not relevant to my request.
Did the program or any related process close unexpectedly?
No, not at all.
Crash dump
No response
What version of Sandboxie are you running now?
Sandboxie-Plus v1.14.3
Is it a new installation of Sandboxie?
I recently did a new clean installation.
Is it a regression from previous versions?
No response
In which sandbox type you have this problem?
In a standard isolation sandbox (yellow sandbox icon).
Can you reproduce this problem on a new empty sandbox?
I can confirm it also on a new empty sandbox.
What is your Windows edition and version?
Windows 10 Pro 22H2 19045.4529
In which Windows account you have this problem?
A local account (Administrator).
Please mention any installed security software
Microsoft Defender
Did you previously enable some security policy settings outside Sandboxie?
No.
Trace log
No response
Sandboxie.ini configuration